Enterprise Risk Management

Risk Types

Risk Management Strategies

ERM Metrics

ERM Tools & Other

100

New or unforeseen risks that have not yet been fully understood or contemplated.

What is an emerging risk?

100

Eliminate risk altogether by not engaging with it in the first place.

What is risk avoidance?

100

5x5 probability and impact rating scale

What is risk matrix?

100

Risk log to document all identified risks.

What is a risk register?

200

The amount of risk naturally present in a process, activity, or system before any controls or mitigation strategies are applied.

What is inherent risk?

200

Minimize the likelihood or impact of potential threats to reduce its severity or frequency.

What is risk reduction?

200

Risk is low, moderate, high or extreme.

What is risk assessment?

200

The amount and type of risk that an organization is willing to take in order to meet their strategic objectives.

What is risk appetite?

300

Risks arise due to failures in internal processes, systems, or human performance that can disrupt an organization's ability to function efficiently.

What is an operational risk?

300

Involves shifting the responsibility of risk to third party, often through contractual arrangements.

What is risk transfer?

300

Speed to onset is immediate to greater than 5 years.

What is velocity?

300

Acts in an advisory capacity and is comprised of appointed delegates from each business unit; is responsible for promoting key risks.

What is ERM Steering Committee?

400

Stems from decisions or external changes that threaten an organization's long-term objectives.

What is strategic risks?

400

Decision to tolerate a known risk without taking specific action to reduce or transfer it.

What is risk acceptance?

400

Threat to company is expected to increase, decrease, or remain uncertain.

What is risk outlook?

400

Understand the risks and are responsible for managing and the authority to oversee execution, monitoring and reporting of mitigation activities.

Who are risk owners?

500

Shareholder expectation, wildfire, geopolitical risk, and cybersecurity risks are examples of these risks.

What is enterprise risk?

500

Structured approach to identify, assess, manage, monitor, and report risks that could impact an organization's objectives.

What is enterprise risk management?

500

Predictive metrics that identify potential risks related to processes and events and considered early warning signs.

What is key risk indicator?

500

Consists of five categories: health, safety, and environment; operations; regulatory, legal, and compliance; finance; and strategic.

What is risk taxonomy?