Risk Management Terms Glossary: Risk Management Terms in 2024
B
Business Continuity
Business Continuity refers to the planning and preparation undertaken to ensure the continuous operation of critical business functions in the event of a disruption or disaster.
Business Continuity Planning
Business continuity planning involves developing strategies and procedures to ensure the ongoing operation of critical business functions in the event of a disruption.
Business Impact Analysis
Business impact analysis (BIA) is the process of assessing the potential financial and operational impacts of a disruption on an organization.
C
Compliance Risk
Compliance Risk is the risk of legal or regulatory sanctions, fines, or penalties resulting from non-compliance with laws and regulations.
Contingency Plan
A contingency plan is a course of action developed in advance to respond to potential risks or unexpected events.
Control
A Control is a measure or action taken to minimize, monitor, or manage risks.
Control Environment
The control environment refers to the overall attitude, awareness, and actions of management and employees regarding internal control.
Control Self-Assessment
Control Self-Assessment is a process where internal stakeholders assess the effectiveness of controls within the organization.
Credit Risk
Credit Risk is the risk of loss resulting from a borrower's failure to meet its financial obligations.
Crisis Management
Crisis Management involves the processes and procedures put in place to respond to and manage a crisis or emergency situation.
Cyber Risk
Cyber risk refers to the potential loss resulting from a breach or compromise of an organization's information systems or data.
D
Disaster Recovery
Disaster recovery is the process of restoring and recovering critical systems and data following a significant disruption.
E
Enterprise Risk Management
Enterprise risk management (ERM) is a holistic approach to managing risks across an entire organization.
Environmental Risk
Environmental Risk is the risk of loss resulting from environmental factors, such as natural disasters, climate change, and pollution.
F
Financial Risk
Financial Risk is the risk of loss resulting from financial instruments and markets.
I
Internal Control
Internal control refers to the processes, policies, and safeguards in place to ensure the reliability, accuracy, and integrity of financial and operational information.
K
Key Risk Indicator
A Key Risk Indicator is a metric or variable used to monitor and assess the likelihood of potential risk events.
L
Liquidity Risk
Liquidity Risk is the risk of not being able to meet financial obligations as they become due.
Loss Event
A loss event refers to an incident or occurrence that results in an actual loss or negative impact.
M
Market Risk
Market Risk is the risk of loss resulting from fluctuations in market prices, such as interest rates, exchange rates, and commodity prices.
Mitigation
Mitigation refers to the actions taken to reduce the impact or likelihood of a risk event.
O
Operational Resilience
Operational Resilience refers to an organization's ability to withstand and recover from disruptive events while maintaining the delivery of critical business functions.
Operational Risk
Operational Risk is the risk of loss resulting from inadequate or failed internal processes, people, and systems.
R
Reputation Risk
Reputation Risk is the risk of damage to an organization's reputation, brand, or image.
Reputational Risk
Reputational risk is the potential damage to an organization's reputation or brand value.
Residual Risk
Residual Risk is the risk that remains after risk mitigation actions have been implemented.
Risk
Risk refers to the potential for loss or harm resulting from uncertainties and events that may affect an organization's objectives.
Risk Acceptance
Risk Acceptance is the decision to accept the potential consequences and impact of a risk and not take any further action to mitigate or avoid it.
Risk Aggregation
Risk aggregation involves combining individual risks to provide a broader view of an organization's overall risk exposure.
Risk Analysis
Risk Analysis involves assessing the likelihood and impact of identified risks.
Risk Appetite
Risk Appetite is the amount of risk that an organization is willing to accept in pursuit of its objectives.
Risk Appetite Framework
A Risk Appetite Framework is a comprehensive set of policies, procedures, and guidelines that govern an organization's risk appetite and risk-taking.
Risk Appetite Statement
A Risk Appetite Statement is a formal document that articulates an organization's approach and boundaries for risk-taking.
Risk Assessment
Risk Assessment involves identifying, analyzing, and evaluating risks to determine their potential impact and likelihood of occurrence.
Risk Assessment Framework
A risk assessment framework is a structured approach or model used to guide and standardize the risk assessment process.
Risk Assessment Matrix
A Risk Assessment Matrix is a tool used to assess and prioritize risks based on their likelihood and impact.
Risk Assessment Methodology
A Risk Assessment Methodology is a systematic and structured approach to assessing and quantifying risks.
Risk Assessment Techniques
Risk Assessment Techniques are the methods and tools used to conduct risk assessments, such as checklists, interviews, workshops, and quantitative models.
Risk Assessment Tool
A risk assessment tool is a software or methodology used to identify, assess, and prioritize risks.
Risk Audit
A risk audit is a systematic review of an organization's risk-management processes and practices to ensure they are effective and compliant with industry standards.
Risk Aversion
Risk Aversion refers to a tendency to avoid or minimize risks.
Risk Avoidance
Risk avoidance involves taking actions to completely eliminate exposure to a particular risk.
Risk Avoidance Strategy
A risk avoidance strategy involves taking actions to eliminate or avoid exposure to a particular risk.
Risk Awareness
Risk awareness is the degree to which individuals within an organization understand and recognize the potential risks they face.
Risk Committee
A risk committee is a group of individuals within an organization responsible for overseeing and guiding the risk management process.
Risk Communication
Risk Communication is the exchange of information and insights related to risks among stakeholders.
Risk Control
Risk control refers to the implementation of specific measures to manage, reduce, or eliminate identified risks.
Risk Culture
Risk Culture refers to the set of shared values, beliefs, and behaviors within an organization that shape its approach to risk management.
Risk Culture Assessment
A risk culture assessment involves evaluating the existing risk culture within an organization to identify strengths and areas for improvement.
Risk Culture Survey
A risk culture survey is a structured questionnaire or assessment tool used to gather information about the existing risk culture within an organization.
Risk Culture Transformation
Risk culture transformation involves intentionally changing the values, attitudes, and behaviors within an organization to foster a more effective risk culture.
Risk Documentation
Risk documentation refers to the recording and documentation of risks, including their identification, assessment, and mitigation measures.
Risk Evaluation
Risk evaluation is the process of comparing the results of risk assessments against predetermined criteria to determine the significance of risks.
Risk Event
A Risk Event is an incident or occurrence that could have a positive or negative impact on an organization's objectives.
Risk Financing
Risk financing involves determining the most appropriate mechanisms and strategies to fund and manage potential losses.
Risk Framework
A Risk Framework is a structured approach that provides a common language and methodology for managing risks.
Risk Governance
Risk Governance refers to the framework, policies, and processes that guide risk management activities within an organization.
Risk Governance Framework
A risk governance framework provides a structured approach to the management and oversight of risks at an organizational level.
Risk Heat Map
A Risk Heat Map is a visual representation of risks, where the likelihood and impact of each risk are plotted on a matrix.
Risk Identification
Risk Identification is the process of identifying and documenting potential risks.
Risk Identification Techniques
Risk identification techniques are methods or tools used to systematically identify and document potential risks within an organization.
Risk Impact
Risk impact refers to the potential magnitude or severity of the consequences resulting from a specific risk event.
Risk Indicator
A risk indicator is a trigger or measurement that is used to assess the potential for an identified risk.
Risk Management
Risk Management is the process of identifying, assessing, and prioritizing risks, and taking actions to minimize, monitor, and control the impact and likelihood of negative events.
Risk Management Framework
A Risk Management Framework is a structured and systematic approach to managing risks, including the establishment of policies, processes, and controls.
Risk Management Plan
A Risk Management Plan is a document that outlines the risk management approach, activities, and responsibilities for a project or initiative.
Risk Management Policy
A risk management policy is a document that outlines an organization's approach to identifying, assessing, and managing risks.
Risk Map
A Risk Map is a visual representation of risks, where risks are plotted based on their likelihood and impact.
Risk Matrix
A risk matrix is a tool used to assess and prioritize risks based on their likelihood and impact.
Risk Maturity
Risk Maturity refers to the level of sophistication and effectiveness in an organization's risk management practices.
Risk Maturity Model
A Risk Maturity Model is a tool or framework used to assess and improve an organization's risk management practices and capabilities.
Risk Metrics
Risk metrics are quantitative measures used to assess and evaluate risks, such as loss potential, volatility, or correlation.
Risk Mitigation
Risk mitigation involves implementing measures to reduce or eliminate the likelihood or impact of identified risks.
Risk Modeling
Risk Modeling involves using statistical techniques and data analysis to predict and quantify risks.
Risk Monitoring
Risk Monitoring is the ongoing process of tracking and reviewing risks to ensure that risk management activities remain effective.
Risk Monitoring And Review
Risk monitoring and review involves regularly assessing and evaluating the effectiveness of risk-management processes and activities.
Risk Monitoring Framework
A Risk Monitoring Framework is a structured approach to monitoring risks, including the establishment of risk indicators, thresholds, and reporting mechanisms.
Risk Owner
A Risk Owner is the individual or entity responsible for managing and overseeing a specific risk.
Risk Ownership
Risk ownership refers to the assignment of responsibility for managing and overseeing a specific risk.
Risk Pooling
Risk Pooling is the practice of aggregating and sharing risks across a group of entities to reduce individual exposure.
Risk Probability
Risk Probability is the likelihood or chance that a risk event will occur.
Risk Profile
A Risk Profile is a summary or assessment of an organization's overall risk exposure and appetite.
Risk Quantification
Risk quantification involves assigning values or measures to the likelihood and impact of identified risks in order to prioritize and manage them effectively.
Risk Register
A Risk Register is a documented record of identified risks, their assessment, and planned responses.
Risk Register Management
Risk register management involves updating and maintaining the risk register to ensure it remains a current and accurate record of identified risks.
Risk Reporting
Risk Reporting involves the documentation and communication of risks and risk management activities to stakeholders.
Risk Response
A Risk Response is an action or plan to address a specific risk, such as transferring, avoiding, accepting, or mitigating the risk.
Risk Response Plan
A risk response plan outlines the specific actions and measures to be taken in response to identified risks.
Risk Return Trade-Off
The Risk-Return Trade-Off refers to the concept that higher levels of risk are usually associated with higher potential returns.
Risk Review
A risk review involves periodically assessing and reassessing identified risks to ensure their continued relevance and effectiveness of mitigation strategies.
Risk Scenario
A risk scenario is a description or narrative of a potential risk event, including its causes, consequences, and likelihood.
Risk Scenario Analysis
Risk scenario analysis involves identifying and analyzing potential scenarios based on different combinations of risks to assess their potential impact.
Risk Sharing
Risk sharing involves distributing the potential impact of a risk among multiple parties.
Risk Threshold
A risk threshold is the level at which a particular risk is considered unacceptable and requires immediate action.
Risk Tolerance
Risk Tolerance is the level of risk that an organization is willing to withstand.
Risk Tolerance Level
Risk tolerance level is the degree to which an organization is willing to accept risk.
Risk Transfer
Risk Transfer is the process of shifting the financial consequences of a risk to another party, such as through insurance or contracts.
Risk Transfer Agreement
A risk transfer agreement is a contractual arrangement that transfers specified risks from one party to another.
Risk Transfer Mechanism
A risk transfer mechanism refers to the specific methods or tools used to transfer risk to another party, such as contracts, insurance policies, or hedging strategies.
Risk Transfer Pricing
Risk Transfer Pricing is the practice of assigning costs to different business units or products based on their exposure to risk.
Risk Transfer Strategy
A risk transfer strategy involves transferring the potential financial impact of a risk to another party, such as through insurance or contractual arrangements.
Risk Treatment
Risk treatment involves selecting and implementing appropriate measures to address and mitigate identified risks.
Risk Treatment Plan
A risk treatment plan outlines the specific actions, strategies, and resources required to address identified risks.
Risk Universe
A Risk Universe is a comprehensive list or map of all the potential risks that an organization may face.
Risk Workshop
A risk workshop is a collaborative session involving key stakeholders to identify, assess, and prioritize risks.
Risk-Adjusted Performance
Risk-Adjusted Performance is a measure of investment performance that takes into account the level of risk assumed.
Risk-Adjusted Return
Risk-adjusted return is a measure of investment performance that takes into account the level of risk taken to achieve that return.
Risk-Adjusted Return On Capital (Raroc)
Risk-Adjusted Return on Capital (RAROC) is a measure of profitability that takes into account the level of risk a financial institution assumes.
Risk-Based Audit
A risk-based audit approach focuses on assessing and evaluating risks as a basis for determining the scope, nature, and timing of audit procedures.
Risk-Based Capital
Risk-Based Capital is a regulatory requirement for financial institutions to hold capital in proportion to the risks they undertake.
Risk-Based Compliance
Risk-based compliance involves aligning compliance efforts with the identified risks and focusing resources on areas of highest risk.
Risk-Based Decision Making
Risk-based decision making involves considering and incorporating risk factors into the decision-making process.
Risk-Based Pricing
Risk-Based Pricing is a strategy used by financial institutions to set prices and interest rates based on the perceived risk of a borrower.
S
Scenario Analysis
Scenario Analysis is a technique used to assess the impact of different possible future scenarios on an organization's objectives and risks.
Solvency Risk
Solvency risk refers to the risk of an organization being unable to meet its financial obligations.
Strategic Risk
Strategic Risk is the risk of loss resulting from an organization's strategic decisions and actions.
Stress Testing
Stress Testing is a technique used to assess an organization's resilience by subjecting it to extreme or adverse conditions.
T
Third-Party Risk
Third-party risk refers to the potential risks arising from the use of third-party vendors, suppliers, or service providers.