I have been hard at work researching the origin of “positive risk,” a concept that — as I’ve written about before — defies centuries of formal dictionary definitions. The concern is much more worrisome now as it seems the idea has crept into official European law, which relies on ISO 31000’s definitions of risk and related terms. By “positive risk,” I am talking about the relatively new interpretation of risk that reinvented established definitions of common words to say that risks are not solely negative but also positive. The idea of “opportunity” is then subsumed into this new definition of risk, as opposed to an understanding based on language from the past few thousand years, which says risk and opportunities are opposites.
I will have more on this shortly, but it appears the idea of “positive risk” was the creation of a single UK risk consultant who originally published it in some non-peer-reviewed papers. Those papers were eventually copied into the PMI’s Project Management Book of Knowledge (PMBOK) and later cribbed again by Standards Australia for its AS/NZS 4360 standard on risk. By the time Australia had it, the fact that this concept was cooked up with peer reviews, and was specific to project management, was lost to time. ISO then cribbed it for Guide 73 and ISO 31000, and suddenly, “positive risk” magically transformed into something fully vetted and applicable to all industries, even though no one had heard of it.
(I’m still digging into who, exactly, was the original author of “positive risk,” and haven’t nailed the timeline yet, so that is why I am not naming him here.)
Problematic Thesis Paper
I’ve since found other papers supporting the idea to be equally worrisome, but for this piece will focus on just one.
The paper Prepare Organizations to Accept Risk: A Feasible Risk Management Model was published for the 7th International Conference on Production Engineering and Management in 2017. That paper is credited to Dr. Ali Aghazadeh Ardebili and Elio Padoano, both of Italy’s University of Trieste at the time, and Fatemeh Harsej of the Islamic Azad University. It endorses the idea of positive risk and gives a number of examples of alleged third-party papers that support it. Specifically, Dr. Ardebili and his co-authors argue that the definition of risk changed over time to include positive aspects:
Morphologically the word Risk derived from one of the words “resicum” with Latin root, “rhizikon” with greek root or “risque” with French root within the meanings are in related with threats or avoiding threats. Also a literature review on the traditional concept of the risk clarifies that from the traditional point of view, risk was in liaison with a threat in an uncertain event. However, in the last decades risk implied an event that could produce two or more outcomes and could be defined as a possible loss or gain. Different perspectives are illustrated in (Tab. 1).
Here is where things go astray. The Table 1 referred to is titled “Literature review of the traditional and comprehensive viewpoint of Risk in Definitions,” that presents what it says are, literally, “definitions” which are then cited to various publications:
However, in checking the actual citations offered by Dr. Ardebili, I found them to be misleading at best, outright false at worst.
Dr. Ardebili claims that one definition for risk is “the chance of something happening that will have an impact on objectives. Activities involving risk can have positive as well as negative outcomes.” He attributes this to a paper written by James M. Lyneis of MIT along with two other co-authors. That paper, entitled “System Dynamics Applied to Project Management: A Survey, Assessment, and Directions for Future Research,” does not include the definition attributed to it at all by Dr. Ardebili. Nowhere in that paper — which you can read here — does it include anything coming close to what Dr. Ardebili wrote.
In fact, the Lyneis paper focuses solely on risk as a negative aspect and as “threats” (emphasis added):
Specification or scope changes, design difficulties, risks such as delays in getting staff from other projects, labor shortages, late designs or material deliveries from other programs or vendors, and other similar problems often impact a project. While decisions must ultimately be taken as actual conditions evolve, managers can more quickly and effectively handle change if they have determined in advance which risks pose the greatest threat to the project, what should be monitored to provide early warning of each risk, and the best responses to such potential changes.
And:
The direct impacts of possible changes in external conditions (specification or scope changes, design difficulties, risks such as labor shortages, late vendor design or material deliveries, etc.) are input to the model (alone and in combination) and simulation results compared to the baseline. Risks of high probability and/or those producing a significant overrun for the project warrant careful monitoring and/or mitigating actions.
And:
… the baseline simulation is compared to a simulation in which the direct impacts of the risks are included. Then, the model is used to determine changes in the program that minimize the consequences of that specific risk (for example, changes in schedule duration, interim milestones, phase overlap, additional staff, new processes or methods).
It is clear that Lyneis and his co-authors saw risk as negative: things to be “mitigated,” “minimized,” or treated as “threats.” This runs contrary to Dr. Ardebili, who claims the Lyenis paper says the opposite: “Activities involving risk can have positive as well as negative outcomes.”
The closest sentence in the Lyneis paper that could be considered to address some positive surrounding risk is this sentence:
In some cases, actions developed for specific risks may improve performance under normal circumstances and should be built into the project from the beginning (for example, integrated product design and ‘‘teaming’’).
But even this is nowhere near what Dr. Ardebili claims Lyneis wrote. This is, instead, about how the actions to mitigate risks can have a benefit, which makes sense: the successful management or removal of a risk is a benefit. That does not make risk itself a benefit.
In checking the other “definitions” provided in Dr. Ardebili’s Table 1, I found none of them were accurate. He attributes the definition “risk is a probable frequency and probable magnitude of future loss” to the 11th edition (2004) of Merriam Webster’s Collegiate Dictionary. That dictionary, however, defines risk as follows:
Even the text arguing that risk is negative appears incorrectly cited. The text “the study group views risk as the probability that a particular adverse event occurs during a stated period of time” is attributed to a 2011 publication titled Risk Management: The Open Group Guide, edited by Jim Hietala and Ian Dobson, which does not appear to include that quote at all. Instead, it originally appeared in “Risk Assessment: Report of a Royal Society Study Group,” published in 1983.
The definition “probability of undesirable events” which Dr. Ardebili attributes to the Royal Society’s paper does not appear in that publication at all; the publication is available, and searchable, on the Internet Archive here.
The definition “hazard, chance of bad consequences, loss, exposure to chance of injury or loss” attributed by Dr. Ardebili to the standard OHSAS 18001 appears nowhere in that standard.
And so on.
Footnote Problems Made Worse
In checking, it appears that part of the problem is, at least, due to the dumbest reason possible: at some point, Dr. Ardebili and his co-authors began to number the footnotes incorrectly. That is dumb, yes, and embarrassing. But it gets worse.
Keeping those incorrect footnotes in place, Dr. Ardebili then used the same paper for his official PhD thesis at the University of Trieste, titled “A method to support risk management and resource allocation in projects based on risk acceptance strategy.” The same incorrect citations appear, copied and pasted, from his 2017 paper into his 2020 PhD dissertation. Instead of footnote numbers, however, they are just presented by the authors’ name or publisher, but they still reference the wrong sources.
No one at the University of Trieste ever bothered to check. You would think that at some point over the years, Dr. Ardebili would have re-checked his work or that the University of Trieste might have read the paper before issuing a doctorate. But, no, this was just lazy academic writing compounded by poor university oversight.
(The “Supervisor” credited by Dr. Ardebili in his PhD thesis was Dr. Padoano, his co-writer for 2017 paper, so it’s concerning that neither of them noticed. A threat to impartiality is familiarity, as they say.)
But it’s still not the entire answer here. For example, the Lyneis paper in no way supports positive risk, so can’t be explained by merely saying one transposed the wrong footnote numbers.
Ardebili Explains
I reached out to Dr. Ardebili to ask him about this problem, and he casually dismissed the matter as an “interpretive summary” or as not suggesting his papers included actual quotes:
The article in question was written several years ago, and unfortunately, I can’t recall the specific reference article used at the time. However, upon reviewing the content, I noticed that the sentences in the table were not intended to be direct definitions. This is why they were not enclosed in quotation marks.
Instead, these statements represent a broader perspective. They were derived as an interpretative summary of the referenced article, based on our understanding and inference at the time. I understand that interpretations like these can be open to discussion, and I would be delighted to engage in a dialogue about this topic, as well as about RM in general.
When I pressed further and told him that his definition of risk from The Oxford Concise Dictionary of Politics did not match what was in that actual book, Dr. Ardebili waved that away as well, invoking a far less plausible excuse:
Regarding the Oxford Dictionary, I am not entirely sure if they regularly update it, but I do know that other institutions occasionally revise and update definitions. I can, however, assure you that at the time of my study, I encountered something related to this concept—either explicitly or, as I mentioned, through inference while reviewing the literature.
(I’m also concerned here that Dr. Ardebil is conflicting the standard Oxford Dictionary with the “Concise Dictionary of Politics” he actually quoted. Did he forget one of the key documents he cited in his PhD thesis already? But that is a nitpick.)
Unfortunately for Dr. Ardebili, the exact edition of the Oxford Concise Dictionary of Politics that he cited (11th edition) is still available online, and I included the screenshot of the definition above. To suggest that the definition changed because institutions occasionally “revise and update definitions” was disingenuous at best. I’m being polite.
Paraphrasing vs. Quoting
Now, in fairness, he did not use quotation marks. He was being truthful there. But that point raises new problems.
The table and surrounding text in both papers clearly call these “definitions,” which would lead any reader to assume they were taken verbatim, as definitions usually are. There is no caveat or disclaimer in either paper indicating this is just Dr. Ardebili riffing on themes he gleaned from entirely different text. In his defense, some of the definitions are close to how he paraphrased them, but others are either missing entirely or contradicted by the cited publications.
And herein lies the problem. Paraphrasing is allowed in scholarly and scientific works, but within strict ethical boundaries.
Dr. Ardebili’s use of paraphrasing is widely inconsistent. The quote he attributed to the Open Group Guide was not paraphrased at all, but copied-and-pasted verbatim… albeit sans quotation marks. Likewise, the definition “Thus ‘risk’ strictly refers to an unknown event drawn from a known set of possible outcomes,” which Dr. Ardebili wrongly attributes to Standards Australia, was actually copied verbatim from David Hillson’s publication, Effective Opportunity Management … but without quotation marks. So, it is clear that in some cases, Dr. Ardebili was copying-and-pasting and not paraphrasing at all, even if he got the footnotes wrong.
By using direct quotes in some places and paraphrasing in others, Dr. Ardebili cannot argue in good faith that he only paraphrased. A reader would be misled one way or the other.
Worse, many universities and research institutes view quoting without marks as full-on plagiarism. Here is Muhlenberg University’s view:
You want to include the source citation even if you are not using a direct quote. You want the reader to understand where you learned the information you are sharing. However, including a citation does not change the fact that inappropriate paraphrasing is plagiarism.
And the University of Virginia:
… copying a passage directly from a book, website, journal article, or any other source into a paper without using quotation marks and explicitly citing the source is considered plagiarism.
And MIT, with an example:
Why do we keep having the problem of plagiarism arise in the risk management profession? (See here, here and here, for starters.) It’s just ridiculous at this point.
Ethical Breach or Lazy Academics?
I’m no academic scholar or university dean. But, to me, it is a remarkable breach of ethical boundaries to wrongly quote or paraphrase third parties to support the author’s predetermined view, especially when the original author’s text contradicts that view. Whether this rises to plagiarism is up to the University of Trieste, I guess. (I’ve written to the University of Trieste to have them look into this.)
But none of this is explained away by any of Dr. Ardebili’s casual asides. It’s far more serious than he wants to believe.
The problem here is that every time one pulls on a thread related to “positive risk,” one uncovers some unethical shenanigans, lack of scholastic or professional rigor, or personal opining presented as peer-reviewed facts. This is because “positive risk” was invented out of thin air, never subjected to any healthy adversarial debate, and simply entered the lazy world of standards and risk management because folks in these fields would rather copy things than actually apply critical thinking. And, of course, those demanding rigor within these professions are blacklisted, shunned, banned, and disinvited from professional society.
When you combine that with private consultants who are answerable to no one — and who think they are so powerful they can rewrite the dictionary without any consensus whatsoever — it’s a recipe for disaster.
Where it was bad enough that “risk-based thinking” was just dreamed up overnight for ISO 9001, without any subject matter expert input, now “positive risk” is finding itself embedded into actual laws, such as the new European Union’s AI Act. All because it was hoovered up by the ISO committee responsible for ISO 31000, which failed to do any checking.
So these things matter, and will have real-world effects.
In subsequent exchanges with Dr. Ardebili, he was wholly unconcerned with the problems I reported here, and instead wanted to debate the idea of positive risk. He insisted it had been peer-reviewed by citing studies related to the “positive effect of disturbance” related to resilience, which appears specific to ecosystems. I think it’s a stretch to say that “disturbances” in ecological science can be conflated to reflect all types of “risk” in all industries everywhere, but I don’t have a PhD. My “Uncertainty Battery” model explains this anyway, as a “disturbance” is actually an uncertainty event, and if the result is positive, it is an opportunity; if the result is negative, it is a risk. That does not make risk positive. At least the Uncertainty Battery aligns with 300 years of English dictionaries.
He then also quoted the PMBOK, which only proved my point. Dr. Ardebili likely does not know where the PMBOK got its content on “positive risk” from in the first place, but because the PMBOK is treated as a serious work, everyone quotes it without questioning where PMI got its information. this is also a problem because one cannot take the work of the project management industry and apply it to every other industry, such as aerospace manufacturing, insurance adjusting, or pharmaceuticals. But we treat the PMBOK as the Third Testament of the Bible, and so it faces no external scrutiny at all.
But even if Dr. Ardebil is correct, this doesn’t explain away the problems with his research papers.
Christopher Paris is the founder and VP Operations of Oxebridge. He has over 30 years’ experience implementing ISO 9001 and AS9100 systems, and helps establish certification and accreditation bodies with the ISO 17000 series. He is a vocal advocate for the development and use of standards from the point of view of actual users. He is the writer and artist of THE AUDITOR comic strip, and is currently writing the DR. CUBA pulp novel series. Visit www.drcuba.world