The records‐risk nexus: exploring the relationship between records and risk

Date13 July 2010
Published date13 July 2010
AuthorVictoria L. Lemieux
The records-risk nexus:
exploring the relationship
between records and risk
Victoria L. Lemieux
School of Library, Archival and Information Studies,
University of British Columbia, Vancouver, Canada
Purpose – This paper seeks to explore the nexus between records and risks. It briefly traces different
conceptualizations and the historical evolution of risk and risk management and analyzes discourse on
risk and the use of risk management in the field of records management and allied disciplines such as
archives and information science.
Design/methodology/approach The methodological approach involves searching for and
extracting for analysis references to “risk” in articles from well-known journals and subjecting the
248 references to a visual analysis.
Findings – The visual analysis reveals 15 distinct, and in some cases conceptually related topics or
categories of articles on risk. These are analysed further to create a typology of seven distinct topics of
discourse defining the records-risk nexus in the sampled literature.
Originality/value – This paper contributes an analysis of the literature on records and risk that
defines the nexus between the two subjects, presents a typology of discourse on the records-risk nexus,
and demonstrates the use of an innovative methodology (visual analysis) for analysis of large sets of
bibliographic data.
Keywords Risk management,Records management
Paper type Literature review
1. Introduction
A total of Twenty years ago when the Records Management Journal (RMJ) came into
existence the words risk and risk management would have been relatively unfamiliar
to most records managers, though they were terms already in use in other fields such
as management science. In the span of two decades, however, the terms risk and
records have become so firmly intertwined that in an expert witness seminar held at
the University of Northumbria in 2006 to “explore the essence of records management”
the central question asked of all participants was “Is records management the
management of risk?” Indeed, so ubiquitous has the use of the word risk in the records
management literature become, it may seem as if records management has become
synonymous with risk management. In this anniversary edition of the RMJ, it is then
fitting to reflect on the evolution of the relationship between records and risk – the
records-risk nexus. To that end, this paper proposes to:
.briefly trace different conceptualizations and the historical evolution of risk and
risk management; and
The current issue and full text archive of this journal is available at
The author would like to acknowledge and thank his Research Assistant, Thomas Dang, for his
assistance with visual analysis of the journal citations used in this paper.
The records-risk
Received 16 April 2010
Revised 21 April 2010
Accepted 21 April 2010
Records Management Journal
Vol. 20 No. 2, 2010
pp. 199-216
qEmerald Group Publishing Limited
DOI 10.1108/09565691011064331
.analyze discourse on risk and the use of risk management in the field of records
management and allied disciplines such as archives and information science.
2. Concepts and historical evolution of risk and risk management
Before discussing the records-risk nexus, a brief discussion of the various meanings
assigned to the terms risk and risk management and an exploration of the historical
evolution of these concepts will set the discussion in context.
There is no one single accepted definition of the term risk. The Oxford English
Dictionary defines risk as “the possibility that something unpleasant will happen” and
traces the origins of the term back to the seventeenth century Italian words risco,
riscare, and richiare (Hay-Gibson, 2009). Bernstein (1996) traces the emergence of the
term to the sixteenth century, as do Covello and Mumpower (1985). A number of
etymologies of the word risk link its emergence with pre-modern Portuguese and
Spanish maritime ventures (Giddens, 2008; Althaus, 2005; Hay-Gibson, 2009). Indeed,
Giddens suggests that one root of the term risk originates from a Portuguese word
meaning “to dare” (Althaus, 2005; Hay-Gibson, 2009).
Like the definition of a record, risk is defined differently in different contexts and from
different epistemological perspectives. Indeed, Hay-Gibson (2009), who defines risk as,
“[...] a chance of an event’s occurrence in terms of its likelihood, usually with a negative
connotation,” observes that risk is a “trans-disciplinary” subject. Each field of practice
with which the subject of risk intersects has its own interpretation of the meaning of
the term. The IT risk framework defines risk as any event that impacts the business, an
event being something that occurs with uncertain frequency and magnitude and that
creates challenges in meeting strategic goals and objectives (ISACA, 2010). Within the
field of industrial engineering, engineering risk is described as any effect of deficiencies
or flaws in design or engineering of a project on its cash flow (,
2010). The ARMA guideline on evaluating and mitigating records and information risks
relies on a definition from ISO/IEC Guide 73 as follows: “Risk is defined as the
combination of a probability of an event and its consequences” (ARMA, 2010). Finally,
ISO/IEC (2009) – Risk Management – Principles and Guidelines defines risk as “the effect
of uncertainty on [organizational] objectives,” noting that an effect is a deviation from
the expected – either positive or negative (ISO/IEC, 2009).
Although the above definitions convey objectivity in the notion of risk, in the
psychology and behavioural economy literature, risk has been framed as incorporating
perceptions of a combination of factors including: numeric probability, context, and
nature of the potential outcome (Austin, 2010; Patt and Schrag, 2003). Discussing risk
in the context of genetic counselling, Austin notes that genetic counsellors actually
measure the relationship between their clients’ subjective perception of numeric
probability and the objective numeric probability for a given outcome (Austin, 2010).
In other words, individuals’ perception of the level of risk and the actual objective
probability of a risk event occurring are often not aligned.
Though definitions vary, it is possible to extract some common ideas associated
with the notion of risk. Risk is often characterized by a trigger event linked to certain
consequences (ISO/IEC, 2009). Indeed, references to risk frequently associate it with the
combination of probability and the consequences of an event’s occurrence (ISO/IEC,
2009). From the field of IT security, it is possible to extrapolate the additional concept
of a threat combined with a vulnerability that triggers a risk event (Harris, 2010).

To continue reading

Request your trial

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT