Abbreviation Term in full Reference

4As Adopt, Accept, Adapt and Avoid Figure 21.2

4Es Explore, Exit, Exploit and Exist Figure 21.3

Explore, Exit or Expand, Exploit and

5Es Figure 21.4
Exist

Tolerate, Treat, Transfer and

4Ts Chapter 21
Terminate

Cost, Coverage, Capacity, Capabilities,

6Cs Chapter 24
Claims and Compliance

BCM Business Continuity Management Chapter 18

Chapter 18
BCP Business Continuity Plan

BIA Business Impact analysis Chapter 18

Directors and officers liability

D and O Table 24.1
insurance

DRP Disaster recovery plan Chapter 18

ERM Enterprise risk management Chapter 19

Financial Infrastructure Reputational

FIRM Table 14.2
and Market place

FMEA Failure Modes Effects Analysis Chapter 13

HAZOP Hazard And Operability Chapter 13

Preventive Corrective Directive and

PCDD Table 22.1
Detective

Political Economic Social Technological

PESTLE Table 14.3
Legal and Ethical

Strengths Weaknesses Opportunities

SWOT Chapter13
and Threats
 TCR Total Cost of Risk Chapter 20

Terms Definition Reference

The exposure maybe tolerable

Accept without any further action being Chapter 21
taken
Some risk will only be treatable or
Avoid containable to acceptable levels by Chapter 21
terminating the activity
Establish criteria to determine
Bench mark test whether a risk is significant to the Table 15.1
organization
Plan to ensure continuity of business
Business continuity plan operations in the event of a serious Chapter 18
incident
Analysis to assess the potential
damage, loss or disruption that would
Business impact analysis Chapter 18
be caused by the failure of critical
business process
Subsidiary owned by an organization
that provides insurance for the
Captive insurance company Figure 24.1
organization and sometimes for
customers of the organizations
Range of specific impact or effect
Consequences Chapter 15
when risk materializes
Actions to reduce the likelihood or
magnitude of a risk. Hazard control
Control Chapter 22
can be preventive corrective directive
or detective. (PCDD)
Illustration on a risk matrix of the
Control vector change in risk likelihood an level of Figure 20.5
risk achieve by an individual control
Type of control designed to limit the
scope for loss and reduce any
Corrective control Table 22.1
undesirable outcomes that have been
realize
When a hazard risk materializes
despite the effort put into loss
Cost containment Chapter 16
prevention and the efforts that have
been put into damage limitation.
Existing level of risk taking into
account the controls in place,
Current risk sometimes referred to as net risk or Figure 15.3
managed risk, but most frequently as
residual risk
 In relation to fire hazard is well
Damage limitation Chapter 16
establish
Type of control designed to identify
that a hazard risk has materialize so
Detective control Table 22.1
that actions can be taken to avoid
further or greater losses
Type of control based on giving
directions to people to behave to a
Directive control Table 22.1
certain way or follow a establish
procedure
Plan for use in the event of a serious
loss such as IT failure fire or
Disaster recovery plan (DRP) Chapter 18
earthquake to assist the recovery of
the organization
Some risk will only be treatable or
Eliminate containable to acceptable levels by Chapter 21
terminating the activity
Integrated and coordinate approach
Enterprise risk management (ERM) to all the risks faced by the Table 19.3
organization
Overall important size and nature of
Impact consequences of a risk materializing at Chapter 15
the net level of risk
Level of risk before any control of
activities are applied sometimes
Inherent risk Figure 15.3
referred to as gross level or absolute
level of the risk
Risk response for risks outside risk
appetite that the organization wishes
Insurance to transfer or share by means of Chapter 24
insurance contracts or (perhaps) joint
venture
Combination of the likelihood and
impact the risk, as establish during the
Level of risk risk rating stage of the risk assessment Chapter 13
and can be determined at either gross
(inherent) or net (residual) level
Evaluation or judgement regarding
the chances of risk materializing
Likelihood Chapter 15
sometimes established as a
probability or frequency
Range of activities to reduce the
potential impact of hazard risks on the
Loss Control organization including loss prevention Chapter 16
damage limitation and cost
containment
Range of activities to reduce the
potential impact of hazard risks on the
Loss Prevention organization including loss prevention Chapter 16
damage limitation and cost
containment
 Overall important size and nature of
Net risk consequences of a risk materializing at Chapter 15
the net level of risk
Set of principles that should govern
Nolan principles Table 25.2
the behavior of people in public life
Activities of the organization designed
to deliver products and services to
Operations Chapter 21
customers or clients- operations
should be efficient
Type of control that is designed to
Preventive control eliminate the possibility of an Table 22.1
undesirable risk materializing
Risk response for risk that can be
(further) treated by introduction of
Reduce Table 21.1
cost effective (corrective) controls,
also referred to as control/reduce
Existing level of risk taking into
account the controls in place,
Residual risk sometimes referred to as net risk or Figure 15.3
managed risk, but most frequently as
residual risk
Risk response that is appropriate
when the level risk is within the risk
Retain Table 21.1
appetite, also referred to as accept or
retain
Defined in Guide 73 as amount and
type of risk that an organization is
Risk appetite Figure 20.2
willing to pursue or retain- definitions
of risk appetite can vary considerably
Means by which significant risks are
evaluated and prioritized by
Risk Assessment undertaking the three stages of Risk Chapter 13
recognition, Risk rating and Risk
ranking
Maximum level of risk to which the
organization should be exposed,
Risk Capacity Figure 20.2
having regard to financial and other
resources
Basis for ranking or evaluation of the
Risk criteria significance of a risk-will define the Chapter 20
risk appetite of an organization
Level of risk to which the organization
is actually exposed, either with regard
Risk exposure to an individualist or cumulative Figure 20.2
exposure to the risks faced by the
organization
Stage in the risk assessment process
that analyses the livelihood and
Risk Ranking Chapter 13
impact of risk- refer to in Guide 73 as
the level of risk
Stage in risk assessment process that
Risk Rating Chapter 13
evaluates the risk with reference to
 the risk appetite or established risk or
criteria, to have a select appropriate
risk response
First stage in risk management
process, which involves the
Risk recognition Chapter 13
identification of all the risk faced by
the organization
Implementation of actions to respond
risk, including (for hazard risk)
Risk response Table 21.1
decisions whether to tolerate, treat,
transfer and terminate (4Ts)
Size of event when a risk materializes,
sometimes referred to as severity of
Severity Chapter 15
the event and representing the gross
(or inherent) level of the risk
The ultimate level of risk that are
desired by the organization when
Target risk Figure 15.3
planned additional control have been
implemented
Risk response that is appropriate
when the level of risk is not
Terminate acceptable to the organization or Table 21.1
outside risk appetite, also referred to
as avoid or eliminate
Risk response that is appropriate
when the level risk is within the risk
Tolerate Table 21.1
appetite, also referred to as accept or
retain
Risk response for risk that can be
(further) treated by introduction of
Treat Table 21.1
cost effective (corrective) controls,
also referred to as control/reduce
Risk response for risks outside risk
appetite that the organization wishes
Transfer to transfer or share by means of Table 21.1
insurance contracts or (perhaps) joint
venture
Additional benefits available to the
organization by taking risk-see table
Upside of risk Table 17.1
17.1 for a range or interpretation of
upside of risk