You are here: Home » Risk Management » Risk Terminology

Risk Terminology

Risk : an expression of the probability that an event or action may adversely affect the organization.

Risk assessment : the identification and analysis of relevant risks associated with achieving the objectives of the organization.

Risk management : the systematic approach to assessing and acting on risk, to ensure that organizational objectives are achieved.

Internal (risk) controls : the process designed to mitigate risks and provide reasonable assurance regarding the achievement of objectives.

Inherent risk : the uncertainty or exposures that exist assuming no controls are in place.

Residual risk : the risk remaining after management takes action to reduce the impact and likelihood of an adverse event.

Operational risk : the risk that the entity will not meet its operational goals and objectives.

Financial risk : the risk that deficiencies in controls of expenditure, or funding problems, will adversely affect the entity's goals and objectives.

Reputational or image risk : the risk that an action or inaction by the entity will impair the organization's ability to reach its goals and objectives.

Physical or security risk : the risks associated with the safety and security of the organization's personnel and facilities.

Risk Map : the visual representation of risks for a given entity, which have been identified through a risk assessment exercise, in a way that easily allows priority-ranking them.

Risk Profile : A description of the characteristics of a risks, mapping the change in the likelihood and impact of the risk to which an organization has exposure.

Control (risk) self-assessment : A class of techniques used to assess risk and control strength and weaknesses against a Control Framework. The "self" assessment refers to the involvement of management and staff in the assessment process, often facilitated by internal auditors.