M_o_R Glossary

Question 1

A risk response that means that the organisation takes the chance that the risk will occur, with full impact on objectives if it does.

Answer 1

Accept

Question 2

A public sector role. Has personal responsibility for:

• the proprietary and regularity of the finances for which he or she is answerable;
• for keeping of proper accounts;
• for prudent and economical administration;
• for avoidance of waste and extravagance; and
• for the efficient and effective use of resources.

This brings with it a responsibility for governance issues, and includes custodianship of risk management and its adoption throughout the organisation.

Answer 2

Accounting officer

Question 3

A body of independent directors who are responsible for:

• monitoring the integrity of the financial statement of the company;
• the effectiveness of the company’s internal audit function;
• the external auditor’s independence and objectivity; and
• the effectiveness of the audit process.

Answer 3

Audit committee

Question 4

A risk response that seeks to eliminate a threat by making the situation certain.

Answer 4

Avoid

Question 5

The measurable improvement resulting from an outcome perceived as an advantage by one or more stakeholders.

Answer 5

Benefits.

Question 6

The justification for an organisational activity (strategic, programme, project or operational) which typically contains costs, benefits, risks and timescales against which continuing viability is tested.

Answer 6

Business case

Question 7

The role responsible for benefits management, from identification through to realisation and ensuring the implementation and embedding of the new capabilities delivered by the projects. Typically allocated to more than one individual.

Answer 7

Business change manager

Alternate title: Change agent

Question 8

A holistic management process that identifies potential impacts that threaten an organisation and provides a framework for building resilience with the capability for an effective response that safeguards the interests of its key stakeholders, reputation, brand and value-creating activities. The management of recovery or continuity in the event of a disaster. Also the management of the overall process through training, rehearsals and reviews, to ensure the business continuity plan stays current and up to date.

Answer 8

Business continuity management

Question 9

A plan for the fast and efficient resumption of essential business operations by directing recovery actions of specified recovery teams.

Answer 9

Business continuity plan

Question 10

Failure to achieve business objectives / benefits.

Answer 10

Business risk

Question 11

A plan of the communications activities during the organisational activity (strategic, programme, project or operational) that will be established and maintained. Typically contains when, what, how and with whom information flows.

Answer 11

Communications plan

Question 12

The process of identifying and planning appropriate responses to be taken when a risk actually occurs.

Answer 12

Contingency planning

Question 13

Plan intended for us, only if required, e.g. if a risk response is not successful.

Often called fallback plans.

Answer 13

Contingent / contingency plan

Question 14

The ongoing activity of maintaining a sound system of internal control by which the directors and officers of an organisation ensure that effective management systems, including financial monitoring and control systems, have been put in place to protect assets, earnings capacity and the reputation of the organisation.

Answer 14

Corporate governance

Question 15

A series of processes that focus on recovery processes, principally in response to physical disasters. This activity forms part of business continuity planning, not the totality.

Answer 15

Disaster recovery planning

Question 16

Outcomes perceived as negative by one or more stakeholders. These are actual consequences of an activity whereas, by definition, a risk has some uncertainty about whether it will materialise.

Answer 16

Dis-benefit

Question 17

A leading indicator for an organisational objective measured ultimately by a key performance indicator (KPI).

Answer 17

Early warning indicator (EWI)

Question 18

A risk response for an opportunity that seeks to increase the probability and / or impact to make it more certain.

Answer 18

Enhance

Question 19

This is calculated by multiplying the estimated average impact by the estimated probability percentage.

Answer 19

Expected value

Also known as expected monetary value where the estiated average impact is a cost

Question 20

A risk response for an opportunity that seeks to make the uncertain situation certain.

Answer 20

Exploit

Question 21

Plan intended for us, only if required, e.g. if a risk response is not successful.

Often called contingent plans.

Answer 21

Fallback plan

Question 22

Independent assurance reviews that occur at key decision points within the lifecycle of a programme or project.

Answer 22

Gateway reviews

Question 23

The systematic examination of potential threats, opportunities, and likely future developments which are at the margins of current thinking and planning.

Answer 23

Horizon scanning

Question 24

The result of a particular threat or opportunity actually occurring.

Answer 24

Impact

Question 25

The exposure arising from a specific risk before any action has been taken to manage it.

Answer 25

Inherent risk

Question 26

A relevant event that has happened, was not planned and requires management action. It could be a problem, benefit, query, concern, change request, or risk that has occurred.

Answer 26

Issue

Question 27

A role or individual responsible for the management and control of all aspects of individual issues, including the implementation of the measures taken in respect of each issue.

Answer 27

Issue actionee

Question 28

A measure of performance that is used to help an organisation define and evaluate how successful it is in making progress towards its organisational objectives.

Answer 28

Key performance indicator (KPI)

Question 29

Systematic application of policies, procedures, methods, and practices to the tasks of identifying and assessing risks, and then planning and implementing risk responses. This provides a disciplined environment for proactive decision-making.

Answer 29

Management of risk

Question 30

A well-defined evolutionary plateau towards achieving a mature process (five levels are often cited: initial, repeatable, defined, managed, and optimising)

Answer 30

Maturity level

Question 31

Independent assurance reviews of major (High-risk) projects in the UK government. They are mandatory and occur at key decision points within the lifecycle of a project. See www.ogc.gov.uk for details.

Answer 31

OGC Gateway Reviews (TM)

Question 32

Failure to achieve business / organisational objectives due to human error, system failures and / or inadequate procedure and controls.

Answer 32

Operational risk

Question 33

An uncertain event that would have a favourable impact on objectives or benefits if it occurred.

Answer 33

Opportunity

Question 34

The result of change, normally affecting real-world behaviour or circumstances. Desired when a change is conceived. Achieved as a result of the activities undertaken to effect the change.

Answer 34

Outcome

Question 35

The tangible or intangible artefact produced, constructed or created as a result of a planned activity.

Answer 35

Output

Question 36

This is the evaluated likelihood of a particular threat or opportunity actually happening, including a consideration of the frequency with which this may arise.

Answer 36

Probability

Question 37

An input or output, whether tangible or intangible, that can be described in advance, created and tested.

Also known as an output or deliverable.

Answer 37

Product

Question 38

A temporary, flexible organisation structure created to coordinate, direct and oversee the implementation of a set of related projects and activities in order to deliver outcomes and benefits related to the organisation’s strategic objectives. A programme is likely to have a life span that spans several years.

Answer 38

Programme

Question 39

Risk concerned with transforming high-level strategy into new ways of working to deliver benefits to the organisation.

Answer 39

Programme risk

Question 40

A temporary organisation that is created for the purpose of delivering one or more business products according to a specified business case.

Answer 40

Project

Question 41

Risk concerned with the successful completion of a project. Typically these risks include personal, technical, cost, schedule, resource, operational support, quality and supplier issues.

Answer 41

Project risk

Question 42

The time factor of risk, i.e. the occurrence of risks will be due at particular times, and the severity of their impact will vary depending on when they occur.

Answer 42

Proximity (of risk)

Question 43

Assurance that products will be fit for purpose or meet requirements.

Answer 43

Quality assurance

Question 44

A risk response for a threat that seeks to reduce probability and / or impact.

Answer 44

Reduce

Question 45

The risk remaining after the risk response has been successfully applied.

Answer 45

Residual risk

Question 46

An uncertain event or set of events that, should it occur, will have an effect on the achievement of objectives.

Measured by a combination of the probability of a perceived threat or opportunity occurring and the magnitude of its impact on objectives.

Answer 46

Risk

Question 47

Some actions may not be within the remit of the risk owner to control explicitly; in the situation there should be a nominated owner of the action to address the risk. He or she will need to keep the risk owner apprised of the situation.

Answer 47

Risk actionee

Question 48

The amount of risk the organisation, or subset of it, is willing to accept.

Answer 48

Risk appetite

Question 49

The maximum amount of risk that an organisation, or subset of it, can bear, linked to factors such as its reputation, capital, assets and liability to raise additional funds.

Answer 49

Risk capacity

Question 50

A description of the source of the risk, i.e. the event or situation that gives rise to risk.

Answer 50

Risk cause

Question 51

A body of independent directors who are responsible for reviewing the company’s internal control and risk management systems.

Answer 51

Risk committee

Question 52

A description of the impact that the risk would have on the organisational activity should the risk materialise.

Answer 52

Risk effect

Question 53

The estimation of the probability and impact of an individual risk, taking into account predetermined standards, target risk levels, interdependencies and other relevant factors.

Answer 53

Risk estimation

Question 54

The process of understanding the net effect of the identified threats and opportunities on an activity when aggregated together.

Answer 54

Risk evaluation

Question 55

A description of the area of uncertainty in terms of the threat or the opportunity.

Answer 55

Risk event

Question 56

The extent of risk borne by the organisation at that time.

Answer 56

Risk exposure

Question 57

Determination of what could pose a risk; a process to describe and list sources of risk (threats and opportunities).

Answer 57

Risk identification

Question 58

A record of all identified risks relating to an initiative, including their status and history.

Answer 58

Risk log
(also called a risk register)

Question 59

Systematic application of principles, approach and processes to the tasks of identifying and assessing risks, and then planning and implementing risk responses.

Answer 59

Risk management

Question 60

A high-level statement showing how risk management will be handled throughout the organisation.

Answer 60

Risk management policy

Question 61

Describes the series of steps (from identify through to implement) and their respective associated activities, necessary to implement risk management.

Answer 61

Risk management process guide

Question 62

Describes:

• The goals of applying risk management to the activity;
• The process that will be adopted;
• The roles and responsibilities;
• The risk thresholds;
• The timing of risk management interventions
• The deliverables;
• The tools and techniques that will be used; and
• The reporting requirements.

It may also describe how the process will be coordinated with other management activities.

Answer 62

Risk management strategy

Question 63

A role or individual responsible for the implementation of risk management for each activity at each of the organisational levels.

Answer 63

Risk manager

Question 64

A role or individual responsible for the management and control of all aspects of individual risks, including the implementation of the measures taken in respect of each risk.

Answer 64

Risk owner

Question 65

The way in which a stakeholder views a risk, based on a set of values or concerns.

Answer 65

Risk perception

Question 66

A standard set of high-level criteria against which the intrinsic characteristics and degree of difficulty of a proposed project are assessed. Used in the UK public sector to assess the criticality of projects and so determine the level of OGC Gateway Review required.

Answer 66

Risk potential assessment

Question 67

Describes the type of risk faced by an organisation and its exposure to those risks.

Answer 67

Risk profile

Question 68

A record of all identified risks relating to an initiative, including their status and history.

Answer 68

Risk register
(also called a risk log)

Question 69

Actions that may be taken to bring the situation to a level where the exposure to risk is acceptable to the organisation. These responses fall into one of a number of risk response options.

Answer 69

Risk response

Question 70

The threshold levels of risk exposure that, with appropriate approvals, can be exceeded, but which when exceeded will trigger some form of response (e.g. reporting the situation to senior management for action).

Answer 70

Risk tolerance

Question 71

A line drawn on the summary risk profile. Risks that appear above this line cannot be accepted (lived with) without referring them to a higher authority. For a project, the project manager would refer these risks to the senior responsible owner.

Answer 71

Risk tolerance line

Question 72

The single individual with overall responsibility for ensuring that a project or programme meets its objectives and delivers the projected benefits.

Answer 72

Senior responsible owner

Question 73

The degree to which the risk could affect the situation.

Answer 73

Severity of risk

Question 74

A risk response. Modern procurement methods commonly entail a form of risk-sharing through the application of a pain / gain formula:

• both parties share the gain (within pre-agreed limits) if the cost is less than the cost plan; and
• both parties share the pain (again within pre-agreed limits) if the cost plan is exceeded.

Answer 74

Share

Question 75

The main driving force behind a programme or project.

Answer 75

Sponsor

Question 76

The main driving force behind a programme providing investment decisions and top-level endorsement of the rationale and objectives of the programme.

Answer 76

Sponsoring group

Question 77

Any individual, group or organisation that can affect, be affected by, or perceive itself to be affected by, an initiative (programme, project, activity or risk).

Answer 77

Stakeholder

Question 78

A diagrammatic representation of the stakeholders relevant to an organisational activity and their respective interests.

Answer 78

Stakeholder map

Question 79

A narrative statement by the board of directors of a company, disclosing that there is an ongoing process for the identification and management of significant risks faced by the company.

Answer 79

Statement of internal control

Question 80

Risk concerned with where the organisation wants to go, how it plans to get there, and how it can ensure survivial.

Answer 80

Strategic risk

Question 81

A simple mechanism to increase the visibility of risks. It is a graphical representation of information normally found on an existing risk register.

Answer 81

Summary risk profile

Question 82

An uncertain event that could have a negative impact on objectives or benefits.

Answer 82

Threat

Question 83

A risk response whereby a third party takes on responsibility for an aspect of the risk.

Answer 83

Transfer

Question 84

The set of information relevant to the creation of one or more products. It will contain a description of the work, the product description(s), details of any constraints on production, and confirmation of the agreement between the project manager who is to implement the work package that the work can be done within the constraints.

Answer 84

Work package