The word “risk” is derived from the French root “risqué” and is defined as “the possibility of emergence of an event that may lead to damage, a loss or a danger”. The possibility of being unsuccessful, the existence of the danger of losing, uncertainty or the possibility of a deviation from a planned or expected situation also express risky situations (Power, 2004). The level of the risk is inversely proportional with the estimation of which outcome will come true. The risk is defined as being zero in situations where the future is predicted in a very good manner (Parlakkaya, 1996; Fraser & Simkins, 2010). Having the sources that are needed to make predictions decreases the accuracy level of the estimations to be made. When an organisation is managing its existing risks, it may follow two methods that are completely different from each other (Daft, 1991). In the first one, the basic principle is managing the existing risks by dealing with them one by one; and in the second method, the whole of the risks are considered as a part of a spectrum, and all the risks are managed as a whole within a risk management program (Tchankova, 2002). When a risk is considered as a threat that negatively influences the ability of an organisation to reach its aims and to sustain its strategies in a successful manner, the resulting characteristics of it are as follows (Griffiths, 2005):
Risk is a varying threat.
The threat is related with an event.
When the event happens, the organisation cannot reach its targets.
When the event happens, this causes losses in the organisation.