Welcome CGU Guest | Claremont Graduate University
Tutorials | | What's New

Viewing: Risk Management Terms

Current Status: Active PolicyStat ID: 3050594

Risk Management Terms

Risk- uncertainty about outcomes that can be either negative or positive.1

Risk portfolio- A list of risks identified and evaluated by an organization (also called Risk Register) that represent our portfolio of risks at a certain time.2

Risk profile- A set of characteristics common to all risks in a portfolio.3

A risk register provides a matrix to record the likelihood of a scenario and its associated risks along with their probability, consequences, and impacts for the organization.4

Risk map -A template depicting the likelihood and potential impact/consequences of risks. A basic risk map translates the risks identified in the risk register into a risk matrix. This matrix can be used to analyze the risks that are within or outside an organizations risk appetite. Risk management professionals can then use the risk map as basis to prioritize risk management and treatment for the risks that are outside the organization's risk appetite. 5

Likelihood-The possibility that a given event will occur.6

Impact-Result or effect of an event. There may be a range of possible impacts associated with an event. The impact of an event can be positive or negative relative to the entity's related objectives.7

Pure risk-A chance of loss or no loss, but no chance of gain.8

Speculative risk-A chance of loss, no loss, or gain.9

Inherent risk- Risk to an entity apart from any action to alter either the likelihood or impact of the risk. 10

Residual risk- Risk remaining after actions to alter the risk's likelihood or impact.11

Hazard risk- Risk from accidental loss, including the possibility of loss or no loss. Examples include property risk, legal risk, personnel risk, and consequential losses. Arises from property, liability, or personnel loss exposures.12

Financial risk- Arises from the effect of market forces on financial assets or liabilities. Most organizations face some financial risks. These are the three major types of financial risk: market, credit and price risk. Financial risk has two characteristics. First, it is an external risk with the potential to affect an organizations objectives. Second, the risk can be reduced trough a financial contract, such as a derivative. 13

Strategic risk- Arises from trends in the economy and society. Examples include economic environment, political environment, demographics, competition. (1.28) A strategic risk, such as a financial crisis or recession, can threaten an organization or provide an opportunity. Strategic risks are external to an organization. They are systemic risks and therefore are outside the control of any individual organization. They are also speculative risks, which have both positive and negative potential.14

Operational risk- Arises from people, processes, systems or controls. Examples include people risk, IT risks, management oversight, business processes. Operational risk is an integral part of each organization's functions. Successful organizations define, understand, and manage their operational risks.15

Risk treatment is the ongoing process of deciding on an option for modifying risk and whether the residual level of risk is acceptable, selecting a new risk treatment if the current one is not effective, and then repeating this assessment.16

Available risk treatment techniques include these:

  • Avoid the risk
  • Modify the likelihood and/or impact of the risk
  • Transfer the risk
  • Retain the risk
  • Exploit the risk17

Transfer- In the context of risk management, a risk financing technique by which the financial responsibility for losses and variability in cash flows is shifted to another party.18

Risk financing- A conscious act or decision not to act that generates the funds to offset the variability in cash flows that may occur as an outcome of risk.19

Risk control-A conscious act or decision not to act that reduces the frequency and/or severity of losses or makes losses more predictable.20

The term "SWOT" is an acronym for strengths, weaknesses, opportunities, and threats. This type of team approach is useful in analyzing a new project or product. The strengths and weaknesses are internal factors to be considered. The opportunities and threats are external factors.21

Risk assessment is a systematic process for identifying and evaluating events (i.e., possible risks and opportunities) that could affect the achievement of objectives, positively or negatively.22

Enterprise risk management is a process, affected by an entity's board of directors, management, and other personnel, applied in a strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.23

Risk reporting- An effective risk reporting system provides efficient information flow up and down the lines of authority, from the board of directors to the most entry-level employee. The board sets risk management policy, which must be communicated down. Then managers report on compliance with that policy through the risk monitoring and reporting system. These kinds of reports include risk response plans, financial reports, and incident reports. These reports allow the board to assess the overall risk management process within an organization.24


Definitions and descriptions are direct quotes.

1, 3, 4, 5, 8-21, 24. The Institutes, 2012.

2, 6, 7. https://business.maricopa.edu/risk-management/glossary-of-risk-management-terms

22. PricewaterhouseCoopers, A practical guide to risk assessment (2008), p. 5

23. Committee of Sponsoring Organizations of the Treadway Commission, "Enterprise Risk Management—Integrated Framework," September 2004, www.coso.org/documents/coso_erm_executivesummary.pdf  (accessed February 28, 2012).


Approval Signatures

Approver Date
Arturo Rodriguez: Assistant VP for Finance and Administration 12/2016
Older Version Approval Signatures
Approver Date
Arturo Rodriguez: Assistant VP for Finance and Administration 12/2016
Older Version Approval Signatures
Arturo Rodriguez: Assistant VP for Finance and Administration 03/2016