Risk Management Flashcards
Annualized loss expectancy (ALE)
Expected monetary loss for an asset due to a risk over a one-year period; calculated by multiplying single loss expectancy by annualized rate of occurrence.
Conflict of interest
Situation in which a person or organization may benefit from undue influence due to involvement in outside activities, relationships, or investments that conflict with or have an impact on the employment relationship or its outcomes.
Contingency plan
Protocol that an organization implements when an identified risk event occurs.
Duty of care
Principle that organizations should take all steps that are reasonably possible to ensure the health, safety, and well-being of employees and protect them from foreseeable injury.
Hazard
Potential for harm, often associated with a condition or activity that, if left uncontrolled, can result in injury or illness.
Key risk indicators (KRIs)
Metrics that provide an early signal of increasing risk exposures for an enterprise.
Moral hazard
Situation in which one party engages in risky behavior knowing that it is protected against the risk because another party will incur any resulting loss.
Principal-agent problem
Situation in which an agent (for example, an employee) makes decisions for a principal (for example, an employer) potentially on the basis of personal incentives that may not be aligned with the principal’s incentives.
Residual risk
Amount of uncertainty that remains after all risk management efforts have been exhausted.
Risk
Uncertainty that has an effect on an objective, where outcomes may include opportunities, losses, and threats.
Risk appetite
A high-level characterization of the amount of uncertainty (acceptable risk) an organization is willing to pursue or to accept to attain its risk management goals.
Risk control
Action taken to manage a risk.
Risk management
System for identifying, evaluating, and controlling actual and potential risks to an organization.
Risk position
Organization’s desired gain or acceptable loss in value.
Risk scorecard
Tool used to gather individual assessments of various characteristics of risk (for example, frequency of occurrence; degree of impact, loss, or gain for the organization; degree of efficacy of current controls).
