Back to Top
Enterprise Risk Management

Enterprise Risk Management Glossary

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

ARM
Associate in Risk Management

Control
A process effected by our Board, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to identified risks. Actions or activities that minimize the frequency or severity of conditions or events that threaten the objectives of the enterprise (see also mitigation).

Consequence
The affect upon the institution when a risk becomes a reality. An organization has no ability to directly manage a consequence, but can manage the cause-based events that lead to the consequence.

COSO
Committee of Sponsoring Organizations of the Treadway Commission

Cost of Risk
The financial impact of an organization from undertaking activities with an uncertain outcome. The cost of managing risks and incurring losses.

Enterprise Risk Management (ERM)
An integrated approach to assessing and addressing all risks that threaten achievement of the organization's strategic objectives. The purpose of ERM is to understand, prioritize, and develop action plans to maximize benefits and mitigate top risks. The ERM framework enables management, working without silos, to collaboratively identify, assess, and manage future risks and opportunities individually and across the organization. Also known as holistic, strategic, or integrated risk management.

ERM:

  • is central to an organization's strategic management
  • is focused on identifying and treating risks
  • adds maximum sustainable value to all activities
  • increases probability of success and minimizes probability of failure
  • is continuous; integrated with strategic planning and plan implementation
  • integrated with organizational culture and led by senior management
  • assigns responsibility throughout the organization; in each job description

Enterprise-Wide Risk Assessment
Evaluation of primary risks based upon impact, likelihood, and control effectiveness that uses input from Risk Owners from across the University. The result of this assessment is a presentation the Board of Trustees' Audit Committee.

Event
An incident or occurrence, from sources internal or external to an entity that affects achievement of objectives.

Focused Risk Assessment
The focused risk assessment (FRA) serves as a follow up to the enterprise-wide risk assessment. The Office of Enterprise Risk Management (ERM) will collaborate with University leadership and Risk Assessment Leaders to determine which specific risks require in-depth analysis. FRA's are conducted through interviews, independent research, and formal reports.

Framework
A framework is a real or conceptual structure intended to serve as a support or guide for the building of something that expands the structure into something useful.

  • Enterprise Risk Management Framework - The ERM Framework set by the Board of Regents and/or the Executive Leadership, defines essential components, suggests a common language, and provides clear direction and guidance for enterprise risk management
  • Essential ERM Framework Elements include:
    • Clear strategies and objectives
    • Risk identification
    • Risk assessment
    • Risk response
    • Risk communication & monitoring

IIA
Institute of Internal Auditors

IIA
Insurance Institute of America

Immediate Response Strategies
Determined by the risk score or impact x likelihood. The scale describes the five categories of risk and is used to assist risk owners with immediate response strategies.

Immediate Response Strategies

Impact
Result or effect of a risk. There may be a range of possible impacts associated with an event. The impact can be financial and/or reputational. We use a scale of 1 to 5. 

Impact - 2 scales: Enterprise Risks Impact and Unite Level Risks Impact

Inherent Risk
The risk to an entity in the absence of any actions management might take to alter either the risk's likelihood or impact.

Internal Environment
Encompasses the tone of an organization, and sets the basis for how risk is viewed and addressed by an entity, including risk management philosophy and risk appetite, integrity and ethical values, and the environment in which the organization operates.

Likelihood
The possibility that a given risk will occur. 

Likelihood scale (1-5) 

Mitigation
Actions which reduce a risk or its consequences

Metrics
Measuring the effectiveness and/or success of risk mitigation strategies.

Monitoring
The entirety of risk management is monitored and modifications made as necessary. Monitoring is accomplished through ongoing management activities separate evaluations, or both.

NACUBO
National Association of College and University Business Officers

Opportunity
The possibility that an event will occur and positively affect the achievement of objectives.

PRIMA
Public Risk Management Association

Probability
The likelihood that a risk will become a reality.

Process
A set of linked tasks that are controlled by a common set of policies and procedures, and generate a common set of risks.

Residual Risk
The remaining risk after management has taken action to alter the risk's likelihood or impact.

RIMS
Risk and Insurance Management Society

Risk
The chance of loss or gain; the possibility that an event will occur that affects the achievement of an organization's mission or objectives.

Risk Acceptance
The decision to accept the consequences, impact, and likelihood of a risk. No action is taken to affect risk likelihood or impact.

Risk Analysis
Identifying, describing and estimating risks, and developing a risk profile.

Risk Appetite
An organization's tolerance for risk; the amount of risk an organization is willing to accept in pursuit of its mission/vision.

Risk Assessment
The consideration of the extent to which potential events have an impact on achievement of objectives. Assessment is done from two perspectives; impact and likelihood. Includes positive and negative impacts of potential events. Risk are assessed on both an inherent and a residual basis (control effectiveness).

Risk Assessment Tools
Instruments designed to assist employees in assessing and evaluating risks when making decisions.

Risk Avoidance
Avoiding the activities giving rise to risk.

Risk Center
Divisions, departments, or other groups having clear boundaries and risk exposure. Clusters used to separate and organize related risks.

Risk Control
The technique of minimizing the frequency or severity of losses by any number of means such as training, safety and security measures, a regulation, policy, or procedure.

Risk Description
To display the identified risks in a structured format, for example, by using a table.

Risk Financing
The mechanisms for funding risk mitigation strategies and/or funding the financial consequences of risk (i.e., insurance).

Risk Identification
The qualitative determination of risks that are material; i.e., that potentially can impact the achievement of our objectives.

Risk Management Policy
An organization's written statement that sets out its approach to an appetite for risk and its approach to risk management.

Risk Mapping
The visual representation of risks (which have been identified through a risk assessment exercise) in a way that easily allows priority ranking them. This representation often takes the form of a two-dimensional grid with probability on one axis and impact on the other axis. The risks that fall in the high probability/high impact quadrant are given priority risk management attention.

Risk Mitigation
Actions which reduce a risk or its consequences (see Risk Strategies).

Risk Owner
A risk owner is the individual or unit who will take the lead in developing and executing a mitigation activity plan. Additionally, the risk owner is also responsible for communication progress to senior management.

Risk Portfolio
A list of risks identified and evaluated by an organization (also called Risk Register) that represent our portfolio of risks at a certain time.

Risk Prioritization
The ranking of material risks on an appropriate scale, such as frequency and/or severity (see also Risk Mapping)

Risk Profile or Risk Score
The use of a tool or system to rate and/or prioritize a series of risks. Risk Score = Impact x Likelihood.

Risk Reduction
Action is taken to reduce risk likelihood or impact, or both. Measures to reduce the frequency or severity of losses. May include engineering, fire protection, safety inspections, or claims management.

Risk Register
A listing of an organization's risks (also called Risk Portfolio).

Risk Response
Management selects risk responses-avoiding, accepting, reducing or sharing risk-developing a set of actions to align risks with the entity's risk tolerances and risk appetite.

Risk Reporting
Publishing information on risks to internal or external stakeholders.

Risk Sharing
Reducing risk likelihood or impact by transferring or otherwise sharing a portion of the risk.

Risk Strategies (see Risk Mitigation)
Possible responses to risk situations such as: Avoidance, Acceptance, Sharing, Reduction

Risk Tolerance
The acceptable variation relative to the achievement of an objective.

Risk Treatment
The process of selecting and implementing measures to modify the risk.

Silo
Describes divisions, departments or other groups and individuals in organizations that tend to act in isolation.

Traditional Risk Management
Original form of risk management focusing on insurable losses and/or specific functional areas of an organization.

URMIA
University Risk Management and Insurance Association

Last Updated: April 8, 2016

Give us feedback about this page Submit Feedback