The correct answer isC. An event can consist of something not happening. ISO 31000:2018 defines aneventas the occurrence or change of a particular set of circumstances. Importantly, ISO 31000 explicitly states that an eventmay also involve something that was expected but did not occur, making option C correct.
This clarification is critical in risk management because many risks arise not from active incidents, but from failures, omissions, or delays. Examples include a shipment not arriving on time, a regulatory approval not being granted, or a system not activating as planned. Such non-occurrences can have significant consequences and must be considered during risk identification and analysis.
Option A is incorrect because ISO 31000 explains that an eventcan be a risk source, a consequence, or both, depending on context. Option B is incorrect because an event may havesingle or multiple occurrences, and may occur repeatedly over time. Option D is also incorrect, as ISO 31000 clearly states that events can havemultiple causes and multiple consequences, reflecting the complex and interconnected nature of risk.
From a PECB ISO 31000 Lead Risk Manager perspective, correctly understanding the definition of an event ensures comprehensive risk identification and prevents organizations from overlooking risks associated with failures to act or unmet expectations. This understanding strengthens decision-making and aligns with ISO 31000’s structured and comprehensive approach to managing uncertainty.
