- Residual Risk
-
The remaining risk after management has taken action to alter the risk's likelihood or impact.
- Risk
-
In common usage, the chance that an event will have a downside.
For RiskOnBoard, we use the term specifically to represent the mathematical product of the likelihood of an event multiplied by the impact of the event. If we bet $1 on the flip of a coin, the mathematical risk is $0.50 - (50% * $1). We use the terms likelihood and impact to refer to the components of risk.
See also Security Risk Methodology
- Risk Acceptance
-
No action is taken to affect risk likelihood or impact.
- Risk Attitude
-
Organization’s approach to assess and eventually pursue, retain, take or turn away from risk.
- Risk Avoidance
-
Avoiding the activities giving rise to risk.
- Risk Context
-
See 'Establishing the Risk Context'.
- Risk Management Framework
-
Set of components that provide the foundations and organizational arrangements for designing, implementing, monitoring, reviewing and continually improving risk management throughout the organization.
- Risk Management Policy
-
Statement of the overall intentions and direction of an organization related to risk management.
- Risk Mitigation
-
The act of lessening the impact of a risk. Specific risks can be understood in terms of their likelihood or their impact. Mitigation may reduce either of these dimensions.
Mitigation may or may not reduce a risk to zero.
- Risk Owner
-
Person or entity with the accountability and authority to manage a risk.
- Risk Portfolio
-
A single filterable, analyzable compilation of all (or all the major) risks facing an enterprise. One of the core processes involved in ERM - Enterprise Risk Management.
Not to be confused with Portfolio Risk.
- Risk Profile
-
Description of any set of risks.
NOTE The set of risks can contain those that relate to the whole organization, part of the organization, or as otherwise defined. - Risk Sharing
-
Reducing risk likelihood or impact by transferring or otherwise sharing a portion of the risk.
- Risk Tolerance
-
A subtle and advanced yet critical concept in Enterprise Risk Management.
Risk tolerance explicitly documents an organization's desire to tolerate certain risks. For example, the risk of death in coal mining companies is typically non-zero; the risk of fraud in companies is certainly non-zero. The extent of measures to mitigate these risks will be a function of the enterprises risk tolerance. A mining company with high tolerance for deaths will take few steps, one with low tolerance many precautions.
See also risk mitigation.