Risk Management Processes and Frameworks

These flashcards cover key concepts and terminologies related to risk management processes and frameworks, including the COSO Framework and ISO 31000.

Risk Management

The process of identifying, assessing, and prioritizing risks that could negatively impact an organization.

COSO Framework

A structured approach used to identify, assess, manage, and monitor risks that could impact an organization's ability to achieve its strategic objectives.

Risk Appetite

The kinds and levels of risk an organization is willing to assume to achieve its objectives.

Risk Identification

The first step in risk management which involves recognizing significant contexts within which risks should be managed.

Inherent Risk

The risk absent management actions to alter its severity.

Residual Risk

The risk that remains after risk responses are executed.

Risk Response

The means by which an organization elects to manage individual risks.

SWOT Analysis

A strategic planning technique used to identify Strengths, Weaknesses, Opportunities, and Threats related to competition or project planning.

ISO 31000

A globally recognized standard providing guidelines for effective risk management practices.

ERM

Enterprise Risk Management; integrates risk management with an organization’s overall strategy and performance.

Risk Monitoring

A continuous process of assessing the adequacy of risk responses and adapting to changing risks.

Risk Tolerance

The acceptable variations in performance related to achieving objectives.

Risk Capacity

The maximum amount of risk the organization can assume.

Risk Treatment

The process of selecting and implementing options for addressing risk.

Control Risk

The risk that controls fail to effectively manage controllable risk.

First Line Roles

Management functions that most directly relate to the delivery of products or services and are responsible for risk management.

Second Line Roles

Specialists who assist with risk management by providing expertise, support, and monitoring.

Third Line Roles

Internal audit roles that provide assurance and advice on the effectiveness of governance, risk management, and compliance.

Enterprise Risk Management (ERM) Definition

Culture, capabilities, and practices, integrated with strategy-setting and performance, that organizations rely on to manage risk in creating, preserving, and realizing value.

Value Creation and Protection

The fundamental purposes of effective risk management according to ISO 31000.