SWOT Chapter13 and Threats TCR Total Cost of Risk Chapter 20
Terms Definition Reference
The exposure maybe tolerable
Accept without any further action being Chapter 21 taken Some risk will only be treatable or Avoid containable to acceptable levels by Chapter 21 terminating the activity Establish criteria to determine Bench mark test whether a risk is significant to the Table 15.1 organization Plan to ensure continuity of business Business continuity plan operations in the event of a serious Chapter 18 incident Analysis to assess the potential damage, loss or disruption that would Business impact analysis Chapter 18 be caused by the failure of critical business process Subsidiary owned by an organization that provides insurance for the Captive insurance company Figure 24.1 organization and sometimes for customers of the organizations Range of specific impact or effect Consequences Chapter 15 when risk materializes Actions to reduce the likelihood or magnitude of a risk. Hazard control Control Chapter 22 can be preventive corrective directive or detective. (PCDD) Illustration on a risk matrix of the Control vector change in risk likelihood an level of Figure 20.5 risk achieve by an individual control Type of control designed to limit the scope for loss and reduce any Corrective control Table 22.1 undesirable outcomes that have been realize When a hazard risk materializes despite the effort put into loss Cost containment Chapter 16 prevention and the efforts that have been put into damage limitation. Existing level of risk taking into account the controls in place, Current risk sometimes referred to as net risk or Figure 15.3 managed risk, but most frequently as residual risk In relation to fire hazard is well Damage limitation Chapter 16 establish Type of control designed to identify that a hazard risk has materialize so Detective control Table 22.1 that actions can be taken to avoid further or greater losses Type of control based on giving directions to people to behave to a Directive control Table 22.1 certain way or follow a establish procedure Plan for use in the event of a serious loss such as IT failure fire or Disaster recovery plan (DRP) Chapter 18 earthquake to assist the recovery of the organization Some risk will only be treatable or Eliminate containable to acceptable levels by Chapter 21 terminating the activity Integrated and coordinate approach Enterprise risk management (ERM) to all the risks faced by the Table 19.3 organization Overall important size and nature of Impact consequences of a risk materializing at Chapter 15 the net level of risk Level of risk before any control of activities are applied sometimes Inherent risk Figure 15.3 referred to as gross level or absolute level of the risk Risk response for risks outside risk appetite that the organization wishes Insurance to transfer or share by means of Chapter 24 insurance contracts or (perhaps) joint venture Combination of the likelihood and impact the risk, as establish during the Level of risk risk rating stage of the risk assessment Chapter 13 and can be determined at either gross (inherent) or net (residual) level Evaluation or judgement regarding the chances of risk materializing Likelihood Chapter 15 sometimes established as a probability or frequency Range of activities to reduce the potential impact of hazard risks on the Loss Control organization including loss prevention Chapter 16 damage limitation and cost containment Range of activities to reduce the potential impact of hazard risks on the Loss Prevention organization including loss prevention Chapter 16 damage limitation and cost containment Overall important size and nature of Net risk consequences of a risk materializing at Chapter 15 the net level of risk Set of principles that should govern Nolan principles Table 25.2 the behavior of people in public life Activities of the organization designed to deliver products and services to Operations Chapter 21 customers or clients- operations should be efficient Type of control that is designed to Preventive control eliminate the possibility of an Table 22.1 undesirable risk materializing Risk response for risk that can be (further) treated by introduction of Reduce Table 21.1 cost effective (corrective) controls, also referred to as control/reduce Existing level of risk taking into account the controls in place, Residual risk sometimes referred to as net risk or Figure 15.3 managed risk, but most frequently as residual risk Risk response that is appropriate when the level risk is within the risk Retain Table 21.1 appetite, also referred to as accept or retain Defined in Guide 73 as amount and type of risk that an organization is Risk appetite Figure 20.2 willing to pursue or retain- definitions of risk appetite can vary considerably Means by which significant risks are evaluated and prioritized by Risk Assessment undertaking the three stages of Risk Chapter 13 recognition, Risk rating and Risk ranking Maximum level of risk to which the organization should be exposed, Risk Capacity Figure 20.2 having regard to financial and other resources Basis for ranking or evaluation of the Risk criteria significance of a risk-will define the Chapter 20 risk appetite of an organization Level of risk to which the organization is actually exposed, either with regard Risk exposure to an individualist or cumulative Figure 20.2 exposure to the risks faced by the organization Stage in the risk assessment process that analyses the livelihood and Risk Ranking Chapter 13 impact of risk- refer to in Guide 73 as the level of risk Stage in risk assessment process that Risk Rating Chapter 13 evaluates the risk with reference to the risk appetite or established risk or criteria, to have a select appropriate risk response First stage in risk management process, which involves the Risk recognition Chapter 13 identification of all the risk faced by the organization Implementation of actions to respond risk, including (for hazard risk) Risk response Table 21.1 decisions whether to tolerate, treat, transfer and terminate (4Ts) Size of event when a risk materializes, sometimes referred to as severity of Severity Chapter 15 the event and representing the gross (or inherent) level of the risk The ultimate level of risk that are desired by the organization when Target risk Figure 15.3 planned additional control have been implemented Risk response that is appropriate when the level of risk is not Terminate acceptable to the organization or Table 21.1 outside risk appetite, also referred to as avoid or eliminate Risk response that is appropriate when the level risk is within the risk Tolerate Table 21.1 appetite, also referred to as accept or retain Risk response for risk that can be (further) treated by introduction of Treat Table 21.1 cost effective (corrective) controls, also referred to as control/reduce Risk response for risks outside risk appetite that the organization wishes Transfer to transfer or share by means of Table 21.1 insurance contracts or (perhaps) joint venture Additional benefits available to the organization by taking risk-see table Upside of risk Table 17.1 17.1 for a range or interpretation of upside of risk