Glossary of Terms - Risk Management

TERM

DEFINITION

Activity


Part of an application where users can create, edit, and view data.

App

Pre-configured software.  

Application

Holds activities where users complete tasks (actions) and view information (views).

Assessment

An activity where users evaluate the organization's risks.

Control

A tool or policy that manages a risk. 

Corrective Action

An action that helps mitigate an issue. 

Dimension 

The category of data that appears on an assessment. Dimensions can be custom (similar to a select list) or based upon any relationships or references to the topic or sub-topic.

End users

The non-administrative users who work with Risk Management and its applications.

Field

A component on a form where a user can input data. Fields can include plain text, numeric, date and time formats, as well as select lists (dropdown menus), and attachments.

Issue

A topic that could impede your organization's ability to mitigate risks. 

Key Risk Indicator (KRI)

A means of tracking a risk's current levels and whether or not the risk is above or below the organization's tolerance levels.

Library

Contains your organization's risk categories, sub-categories, risks, and controls for use in assessments.

Loss Event

An event that causes the actual outcome of a business process to differ from the expected outcome in a negative way. These events can be due to inadequate or failed processes, people and systems, or due to external factors or circumstances.

Object

A record saved to an object type (the record category). For example, Risk is the object type, while Cyber Security is the object.

Object type

The category of the data collected (e.g. risk, control, issue). Once a record is saved to an object type, it becomes an object. 

Objective

A well-defined and realistic performance goal set by a company, which influences the direction and focus of the organization.

Process

A set of interdependent actions taken to achieve a result.

Risk

A potential loss or negative impact faced by the organization. 

Risk Category

A larger category in which the organization's risks have been organized.

States

The various stages of the assessment process (e.g. Creation, Define Scope of Assessment, Risk Assessment In Progress, Monitoring and Archived) for an assessment workflow. 

User Groups

A collection of users saved to a group (e.g. Risk Team members or Issue Owners). The user group they are assigned to will determine their rights within the app. 

Value

Data entered or selected in a field. For example, Name is the field, but the data entered in that field, John Doe, is the value.

Workflow

Controls the flow of data as well as defines what data is displayed, where it’s displayed, and to whom it’s displayed through applications, activities, search results, reports, and assignments. Each assessment type has a workflow.