Risk Management Glossary

Risk management is a vast topic that covers many different terms and phrases. We've collected the most important risk management terms here to help you get to grips with some of the terminology used in this area.

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

A

Absolute risk

A measure of the total incidence or likelihood of an event happening without any interventions or mitigations that could alter outcomes.

Acceptable risk

A level of risk deemed tolerable when considered alongside its benefits and the practicalities of proposed risk management options.

ALARP

As Low As Reasonably Practicable. A principle aimed to ensure risks are reduced to the lowest level possible while accounting for risk tolerance, proportionate risk management effort, and cost.

C

Compliance risk

The potential for financial loss, penalties, or legal repercussions stemming from failure to comply with laws, regulations, or prescribed practices from governments and regulatory bodies.

Controls

Measures implemented to mitigate any identified risks while ensuring that business processes remain aligned with stated objectives and compliant with regulations.

Corporate risk

Risks that could potentially affect the overall enterprise. This could include strategic, financial, reputation, and operational risks.

D

Decision Criteria

Guidelines or benchmarks used to make strategic choices, particularly in the context of risk assessment and mitigation.

E

ERM

Enterprise Risk Management. A comprehensive approach to identifying, assessing, managing, and monitoring all risks from the perspective of the full enterprise.

Event

An occurrence or change in a specific set of circumstances that will then affect the outcome and achievement of particular adjectives.

Environmental risk

Risks resulting from environmental factors that can impact operations, legal compliance, and public image.

Exposure

The extent to which an organisation is open to potential losses from specific risks.

F

Financial risk

The possibility of losing financial capital due to changes to the market, business operations, or legal obligations.

G

Governance

The framework of rules, relationship systems, and processes within and by which authority is exercised and controlled within corporations. Often outlined as part of a wider governance, risk, and compliance policy.

H

Horizon scanning

A strategic approach to identify potential threats, risks, and emerging issues that could affect the future growth and business outcomes of the organisation.

I

Impact

The effect, result, or outcome of an event or situation, often quantified using metrics including but not limited to cost, time, and quantity.

Inherent risk

The risk level or exposure without taking into account mitigating measures or controls.

O

Operational risk

The prospect of loss resulting from inadequate or failed procedures, systems, or policies within business operations.

P

PESTLE

Political, Economic, Social, Technological, Legal, Environmental. A framework of risk categories that identifies, evaluates, and addresses the external factors that affect most businesses.

Perceived risk

The subjective judgement about the severity and probability of a risk, influenced by personal experiences and biases.

Political risk

Any risk that could be tied to political decisions, events, or conditions that will affect a business's reputation, or a country's business environment and profitability.

Prevention

Actions taken to reduce the likelihood of an event occurring, or the actions taken to mitigate its effects.

Probability

The likelihood of a specific event happening within a pre-determined period.

R

Raw risk

A risk before any controls or mitigation measures have been applied.

Relative risk

A measure of risk, comparing the risk in one group to the risk in another.

Residual risk

The exposure or risk that remains after all attempts to identify and eliminate it has been applied.

Risk

The possibility of loss, injury, disadvantage, or destruction that could result in an undesirable outcome.

Risk appetite

The level of risk an organisation is willing to accept in pursuit of its objectives, guiding its strategic decisions and risk management practices.

Risk analysis

The process of identifying and analysing potential issues that could negatively impact key business initiatives or projects.

Risk assessment

The overall methodology or process used to identify risk elements and evaluate them.

Risk avoidance

The decision to avoid involvement in activities deemed too risky or that do not align with the organisation's risk appetite.

Risk concentration

The exposure to a single risk or group of similar risks that might aggregate to produce a loss.

Risk criteria

The standards, benchmarks, or parameters used within an organisation to assess and make decisions about risk.

Risk evaluation

The process of comparing estimated risks against given risk criteria to determine the significance of the risk.

Risk group

A set of risks categorised together because they have similar properties.

Risk identification

The process of finding, recognising, and describing risks.

Risk level

The magnitude of a risk or the number of risks in a particular category or group.

Risk management

Coordinated activities to direct and control an organisation with regard to risk.

Risk mitigation

Corrective actions taken to reduce the likelihood or impact of risks.

Risk owner

The individual or entity responsible for managing risk and ensuring that appropriate treatment measures are implemented.

Risk retention

The acceptance of the burden of loss, or benefit of gain, from a particular risk when the potential cost of managing it in other ways exceeds the benefits.

Risk scenario

A hypothetical situation that describes a specific sequence of events that leads to a risk event occurring.

Risk strategy

An organisation's approach to addressing and assessing risks. Can include risk management policies, objectives, and plans.

Risk tolerance

The predefined level of risk that an organisation is prepared to accept in pursuit of its objectives before action is deemed necessary to reduce the risk.

Risk transfer

The process of shifting the risk of a loss to another party through legislation, contract, insurance, or other means.

Risk treatment

The plan to implement strategies, activities, and actions to appropriately deal with a threat and manage it in a potentially profitable way.

S

Shared risk

Risks that are shared among multiple entities, such as across different departments within a company, or with external partners.

Strategic risk

Risks that affect the strategic objectives of an organisation.

T

Technology risk

The risks associated with the use of technology that can impact operations, confidentiality, or the integrity of data.

U

Unacceptable risk

A risk that is not acceptable to an organisation due to its potential impact on business operations or because it exceeds the organisation's risk tolerance.

V

Vulnerability

The susceptibility of an organisation to threats that could potentially cause harm or disrupt operations, impacting its ability to achieve objectives.