Key Risk Terms Explained

Key terms frequently used in Risk Management are described in the table below:

Risk Management

Coordinated activities to direct and control an organisation with regard to risk

Risk Management FrameworkSet of components that provides the foundations an organisational arrangements for designing, implementing, monitoring, reviewing and continually improving risk management

Risk Management Policy

Statement of the overall intentions and direction of an organisation related to risk management
Risk Management PlanScheme within the risk management framework outlining the approach, management components and resources to be applied to the management of risk
Risk OwnerPerson or Entity with the accountability and authority to manage a risk
Risk Management ProcessSystematic application of management policies, procedures and practices to the activities of communicating, consulting establishing the context and identifying, analysing, evaluating treating , monitoring and reviewing risk
Establishing the ContextDefining the external and internal parameters to be taken into account when managing risk, and setting the scope and risk criteria for the risk management policy
Communication and ConsultationContinual and iterative processes that an organisation conducts to provide share or obtain information and to engage in dialogue with stakeholders regarding the management of risk
Risk AssessmentOverall process of risk identification, risk analysis and risk evaluation
Risk IdentificationProcess of finding, recognising and describing risks
Risk AnalysisProcess to comprehend the nature of risk and determine level of risk
Risk EvaluationProcess of comparing the results of risk analysis with risk criteria
Risk CriteriaTerms of reference against which the significance of a risk is evaluated
Risk SourceElement which alone, or in combination, has the potential to give rise to a risk
ConsequenceOutcome of an event affecting objectives
LikelihoodChance of something happening
Level of RiskMagnitude of a risk or a combination of risks, expressed in terms of the combination of consequence and their likelihood. A Risk Matrix is commonly used to determine the level of risk.
Risk TreatmentProcess to modify risk through, avoiding, taking or increasing risk in order to pursue an opportunity, removing risk source, changing likelihood, changing consequence, sharing or retaining a risk
Residual RiskRisk remaining after risk treatment
MonitoringContinual checking, supervising, critically observing or determining the status in order to identify change from the performance level required or expected
Risk AppetiteThe amount and type of risk an organisation is prepared to accept in the pursuit of its organisational objectives
Risk ToleranceSpecific maximum risk that an organisation is willing to take regarding each relevant risk (sub-) category, often in quantitative terms
Risk LimitThreshold to monitor that actual risk exposure does not deviate too much from  the desired optimum; breaching risk limits will typically act as a trigger for corrective action at the process level