One of the most common failings in the risk management process is for the risk identification step to identify things which are not risks. Clearly if this early stage of the risk process fails,subsequent steps will be doomed and risk management cannot be effective. It is therefore essential to ensure that risk identification identifies risks.
很明顯，風險管理的目標就是對風險進行管理。但是在風險管理過程中，當進行風險識別時，最常見的一個錯誤就是把不是風險的事物誤認為是風險。很顯然，如果風險
管理過程的這一早先步驟失敗了，接下來的步驟就會注定要失敗，風險管理也就不可能產生效果。因此，確保風險識別這一步驟能夠識別出真正的風險是至關重要的。

Many people when they try to identify risks get confused between risk and uncertainty. Risk is not the same as uncertainty, so how are the two related? The key is to realise that risk can only be defined in relation to objectives. The simplest definition of risk is “uncertainty that matters”, and it matters because it can affect one or more objectives. Risk cannot exist in a vacuum, and we need to define what is “at risk”, i.e. what objectives would be affected if the risk occurred.
許多人在進行識別風險時，往往會把風險（risk）和不確定性（uncertainty）相混淆。事實上，風險與不確定性並不相同，那麼它們之間的聯繫何在呢？關鍵是要認識到，風險的定義只能與目標相聯繫。風險的最簡單的定義是 "起作用的不確定性"，它之所以起作用，是因為它能夠影響一個或多個目標。風險並不是存在於真空中，因此我們需要定義什麼 "處於風險之中" （at risk），也就是說，如果風險發生的話，什麼目標將會受到影響。

A more complete definition of risk would therefore be “an uncertainty that if it occurs could affect one or more objectives”. This recognises the fact that there are other uncertainties that are irrelevant in terms of objectives, and these should be excluded from the risk process. For example if we are conducting an IT project in India, the uncertainty about whether it might be raining in London is irrelevant – who cares? But if our project involves redeveloping the Queen’s gardens at Buckingham Palace, the possibility of rain in London is not just an uncertainty – it matters. In one case the rain is merely an irrelevant uncertainty, but in the other it is a risk.
因此，風險的一個更加完整的定義是"能夠影響一個或多個目標的不確定性"。這個定義使我們認識到，有些不確定性與目標並不相關，它們應該被排除在風險管理過程
之外。例如，如果我們在印度實施一個IT 項目，那麼倫敦是否會下雨這個不確定性就是不相關的--誰會關心它呢？但是，如果我們的項目是重新規劃英國白金漢宮
（Buckingham Palace）的女王花園，那麼倫敦下雨的概率就不再僅僅是一個不確定性了--它起作用了。在前一種情況下，下雨僅僅是一個不相關的不確定性，而在後一種情
況下，下雨就是一個風險。

Linking risk with objectives makes it clear that every facet of life is risky. Everything we do aims to achieve objectives of some sort, including personal objectives (for example to be happy and healthy), project objectives (including delivering on time and within budget), and corporate business objectives (such as to increase profit and market share). Wherever objectives are defined, there will be risks to their successful achievement.
把風險與目標聯繫起來，可以使我們很清楚地看到，生活中風險無處不在。我們所做的一切事情都是為了達到一定的目標，包括個人目標（例如快樂和健康），項目目標
（包括準時並在預算內交付成果），公司商業目標（例如增加利潤和市場份額）。一旦確定了目標，在成功達到目標的過程中，就會有風險隨之而來。

The link also helps us to identify risks at different levels, based on the hierarchy of objectives that exists in an organisation. For example strategic risks are uncertainties that could affect strategic objectives, technical risks might affect technical objectives, reputation risks would affect reputation, and so on.
風險與目標之間的這種聯繫也可以幫助我們識別不同級別的風險，它們是基於組織中存在的不同層次的目標。例如，戰略風險是指那些能夠影響戰略目標的不確定性，技
術風險可能影響技術目標，而聲譽風險則會影響聲譽。

One other question arises from the concept of risk as “uncertainty that could affect objectives” – what sort of effect might occur? In addition to those uncertainties which if they occur would make it more difficult to achieve objectives (also known as threats), there are also uncertain events which if they occur would help us achieve our objectives (i.e. opportunities). When identifying risks, we need to look for uncertainties with upside as well as those with downside.
從風險的概念"能夠影響目標的不確定性"來看，我們可以提出另外一個問題--會發生什麼樣的影響？有些不確定性的發生會使得我們達到目標更加困難（即威脅），而有些不確定性事件的發生則會幫助我們達到目標（即機會）。當我們進行風險識別時，不僅要看到不確定性的負面影響，也需要看到不確定性的正面影響。

Effective risk management requires identification of real risks, which are “uncertainties which if they occur will have a positive or negative effect on one or more objectives”. Linking risks with objectives will ensure that the risk identification process focuses on those uncertainties that matter, rather than being distracted and diverted by irrelevant uncertainties.
有效的風險管理要求識別出真正的風險，即"能夠對一個或多個目標產生正面或負面影響的不確定性"。把風險和目標相聯繫，就可以確保風險識別過程關注於那些起作
用的不確定性，而不會被不相關的不確定性分散精力。