Risk/Risk Management Flashcards
The effect of uncertainty on objectives.
Risk
Coordinated activities to direct and control an organization with regard to risk.
Risk Management
Events that are to be expected and so involve little uncertainty.
Known Knowns
Uncertainties that we know exist but we don’t know much about their probability or impact.
Known Unknowns
Risks that we don’t know exist.
Unknown Unknowns
Come from within the organization and could include violations of ethics and failures in routine processes.
Internal & Preventable
Desirable uncertainty that an organization willingly accepts when it commits to a strategy.
Strategy
Sources of uncertainty are outside the organization and beyond its control. The would include changes in the economy or laws and regulations, disruptive technologies, and availability of trained employees.
External
Risks that affect the organization’s ability to achieve its objectives. (ERM Framework)
Strategy
Risks that affect the myriad ways in which the organization creates value. (ERM Framework)
Operations
Risks that affect the accuracy and timeliness of information about the organization’s financial performance and condition. (ERM Framework)
Financial Reporting
Risks associated with meeting the requirements of laws and regulations. (ERM Framework)
Compliance
An action taken to manage a risk.
Risk Control
The decision not to become involved in or action to withdraw from a risk situation.
Avoidance
The actions taken to lessen the probability, negative consequence, or both associated with a risk.
Reduction
Sharing with another party the burden of loss or benefit of gain for a risk. Can be done through insurance or other agreements. It can create new risks or modify existing risks. Relocation of the source of risk is not risk sharing. In some situations, legal, mandatory, or statutory rights can limit, prohibit, or mandate the sharing of certain risks.
Sharing
The acceptance of the burden of loss or benefit of gain for a risk.
Retention
The amount of uncertainty that remains after all risk management efforts have been exhausted.
Residual Risk
The reporting of an organization’s violations of policies and processes by employees, applies directly to risk management.
Whistleblowing
A protocol that an organization implements when an identified risk event occurs.
contingency plan