Section II Flashcards
Risk prioritization
Ranking risks, formally or informally, from the highest to the lowest.
Acceptable risk level
A risk level derived from an organization’s legal and regulatory compliance responsibilities, its threat profile, and its business drivers and impacts.
Risk appetite
The amount of risk an organization’s willing to accept in pursuit of value.
Risk measurement
The evaluation of the magnitude of risk.
Control deficiency
A condition that warrants attention as a potential or real shortcoming that leaves the organization excessively at risk.
Risk tolerance
The acceptable level of variation relative to the achievement of objectives.
Adequate control
A level of control that is present if management has planned and organized in a manner that provides reasonable assurance that the organization’s risks have emanated effectively and that the organization’s goals and objectives will be achieved efficiently and economically.
Compliance
The conformity and adherence to policies, plans, procedures, laws, regulations, contracts, or other requirements.
Risk classification
The assignment of risk into categories such as financial risk, operational risk, strategic risk, or reputation risk.
Risk Assessment
The identification of risk, the measurement of risk, and the process of prioritizing risk or selecting alternatives based on risk.
AKA risk analysis
Risk management
A process to identify, assess, manage, and control potential events or situations to provide reasonable assurance regarding the achievement of an organization’s objectives.
Benchmarking
The comparison of an organization or project to similar internal or external organizations or projects
Pervasive risk
The type of risk found throughout the environment.
Absolute risk
The risk derived from the environment without the mitigating effects of internal control.
AKA inherent risk
Opportunity
As related to risk, an uncertain event with a positive consequence
Control processes
The policies, procedures, and activities that are part of a control framework, designed to ensure that risks are contained within the risk tolerances established by the risk management processes.
Inherent risk
The risk derived from the environment without the mitigating effects of internal controls.
AKA absolute risk
Control environment
The attitude and actions of the board and management regarding the significance of control within the organization; provides the discipline and structure for the achievement of the primary objectives of the system of internal control.
Inherent limitations
Limitations of risk management, control, and governance related to human judgement, resource limitation, and the need to balance the costs of controls in relation to expected benefits.
Risk response
The actions taken to manage risk.