Risk : an expression of the probability that an event or action may adversely affect the organization.
Risk assessment : the identification and analysis of relevant risks associated with achieving the objectives of the organization.
Risk management : the systematic approach to assessing and acting on risk, to ensure that organizational objectives are achieved.
Internal (risk) controls : the process designed to mitigate risks and provide reasonable assurance regarding the achievement of objectives.
Inherent risk : the uncertainty or exposures that exist assuming no controls are in place.
Residual risk : the risk remaining after management takes action to reduce the impact and likelihood of an adverse event.
Operational risk : the risk that the entity will not meet its operational goals and objectives.
Financial risk : the risk that deficiencies in controls of expenditure, or funding problems, will adversely affect the entity's goals and objectives.
Reputational or image risk : the risk that an action or inaction by the entity will impair the organization's ability to reach its goals and objectives.
Physical or security risk : the risks associated with the safety and security of the organization's personnel and facilities.
Risk Map : the visual representation of risks for a given entity, which have been identified through a risk assessment exercise, in a way that easily allows priority-ranking them.
Risk Profile : A description of the characteristics of a risks, mapping the change in the likelihood and impact of the risk to which an organization has exposure.
Control (risk) self-assessment : A class of techniques used to assess risk and control strength and weaknesses against a Control Framework. The "self" assessment refers to the involvement of management and staff in the assessment process, often facilitated by internal auditors.