The globally accepted standard in terms of Risk Management.
What is ISO 31000?
100
A document that captures all data on how the organization manages their risks.
What is the Risk Management Plan?
100
uncertainty of an event occurring that could have an impact on the achievement of an organization's objectives.
What is Risk?
100
A risk treatment where we Implement policies and procedures to lower the risk to an acceptable level.
What is Reduce?
100
The tool that measures the risks' uncertainty in occurrence.
What is Likelihood Criteria?
200
Coordinated activities to direct and control an organization with regard to risk
What is Enterprise Risk Management?
200
The part of the Plan where we Identify sources of risk, areas of impacts, events and their causes and potential consequences.
What is Risk Assessment?
200
Process of identifying, classifying and describing risks
What is Risk Identification?
200
A type of Risk strategy where we Eliminate risk by preventing exposure to future possible events from occurring.
What is Avoid?
200
is the amount of risk an entity is willing to accept in pursuit of value (based from ISO 31000)
What is Risk Appetite?
300
Involve the redesign of existing controls, introduction of new controls or monitoring of existing controls.
What is Risk Treatment?
300
The level of risk after taking into consideration the existing and current risk treatments.
What is Residual Risk?
300
A type of Risk Identification technique where there is a collection and sharing of ideas at workshops to discuss the events that could impact the objectives, core processes or key dependencies.
What is Workshops & Brainstorming?
300
A type of a risk transfer strategy where we transfer the risk Through a cost effective contract, with an independent, financially capable party under a well-defined strategy.
What is Insure?
300
is the acceptable level of variation relative to the achievement of objective (COSO)
What is Risk Tolerance?
400
Defines the scope for the risk management process and sets the criteria against which the risks will be assessed.
What is Establishing Context?
400
A type of risk classification where risks are losses resulting from inadequate or failed internal processes, people and systems or from external events.
What is Operational Risks?
400
A type of Risk Identification technique where we us physical inspections of premises and activities and audits of compliance with established systems and procedures.
What is Inspections & Audits?
400
A type of reduce strategy where we Respond to well defined contingencies by documenting an effective plan and empowering appropriate personnel to make decisions, periodically test and if necessary execute the plan.
What is Respond?
400
A tool that lets you measure the different effects of a risk in an organization.
What is Impact Criteria?
500
Is a dialogue between an organization and its stakeholders. This dialogue is both continual and iterative. It is a two-way process that involves both sharing and receiving information about the management of risk.
What is Communication & Consultation?
500
The portion of the plan where we put measures that are focused on performance targets. It helps determine the effectiveness of the implemented risk actions that mitigate the risks.
What is Key Performance Indicator (KPI)?
500
It is an example of How NOT to State a Risk.
What is Circular references or identifying impacts or ineffective controls?
500
The last resort of Risk Treatment after applying all other treatments.
What is Accept?
500
The criteria that measures the likelihood of risks that are cyclical in nature. This is usually used when the risk can be supported by historical data.