Yes, the way I see it there are two principle ways to deal with risks or unwanted events. One is is to reduce the probability of an unwanted event, going after the source, which is what I call mitigative actions. Two is to reduce the impact of an unwanted event, going after the consequences, which is what I call contingent actions.

As to risk handling, I like to use the classic four: accept, transfer, reduce and avoid, where "risk bearing" as I see it would be equivalent to risk acceptance.

Not sure this helps, but those are my thoughts on the subject.

You mentioned "mitigative strategies aimed towards eliminating the source". Do mean that mitigative actions aims to reduce probability of risk? And contingent actions aim to deal with negative impact?

Juttner 2003, 206 divide SC risk management strategies to:

-avoidance (i see it mitigative action, because it relates to causes of risk)

-Control (contigent action, eg. buffers, excess capacity)

Co-operation (avoidance and control in collaboration)

-Flexibility ( i think this is contingent action)

Some other author use other terms SC risk handling:

-risk bearing (company tries to reduce impact of risk)

-risk avoidance (company tries to reduce probability of occurence)

-risk transfer (company tries to either use avoidance or bear risk in collaboration)

Looking forward your answer :)

Well this is a rather limited risk concept which doesn’t distinguish between what is predictable and what is not. What is not is the “real” risk:

As obvious example, take the stock the market. The VAR (value at risk) which supposedly forecast risk is a flaw because it does take into account only variations which are under control that are not real risk in the sense of John Maynard or Deming.

I agree that MY definition may be limited to and only related to the downside, not the upside and not looking at predictability. Predictability again, however, is always associated with some degree of uncertainty, isn’t it? Anyway, financial risk, which you are referring to, is inherently different from technical risk, and a risk definition probably only makes sense within the context of its usage. I don’t think there is one universally agreed upon definition of risk.