Page 38 - Risk Management Bulletin April-June 2022
P. 38
RMAI BULLETIN APRIL - JUNE 2022
Glossary
Risk identifiction Risk management framework
Risk identification is a process that is used to find, According to ISO 31000, a risk management
recognize, and describe the risks that could affect the framework is a set of components that support and
achievement of objectives. sustain risk management throughout an organization.
There are two types of components: foundations and
Risk Analysis arrangements. Foundations include your risk
Risk analysis is a process that is used to understand the management policy, objectives, mandate, and
nature, sources, and causes of the risks that you have commitment. And arrangements include the plans,
identified and to estimate the level of risk. It is also relationships, accountabilities, resources, processes,
used to study impacts and consequences and to and activities you use to manage your organization's
examine the controls that exist. risk.
Risk Evaluation Risk management plan
Risk evaluation is a process that is used to compare risk An organization's risk management plan describes how
analysis results with risk criteria in order to determine it intends to manage risk. It describes the management
whether or not a specified level of risk is acceptable components, the approach, and the resources that are
or tolerable.
used to manage risk. Typical management components
include procedures, practices, responsibilities, and
Risk attitude activities (including their sequence and timing).
An organization's risk attitude defines its general
approach to risk. An organization's risk attitude (and
Risk management policy
its risk criteria) influence how risks are assessed and
A policy statement defines a general commitment,
addressed. An organization's attitude towards risk direction, or intention. A risk management policy
affects whether or not risks are taken, tolerated, statement expresses an organization's commitment to
retained, shared, reduced, or avoided, and whether or
risk management and clarifies its general direction or
not treatments are implemented or postponed.
intention.
Risk identification
Risk identification is a process that involves finding, Risk management process
recognizing, and describing the risks that could According to ISO 31000, a risk management process
influence the achievement of objectives. It is used to systematically applies management policies,
identify possible sources of risk in addition to the procedures, and practices to a set of activities intended
events and circumstances that could influence the to establish the context, communicate and consult with
achievement of objectives. stakeholders, and identify, analyze, evaluate, treat,
monitor, record, report, and review risk.
Risk management
Risk management refers to a coordinated set of Risk owner
activities and methods that is used to direct an A risk owner is a person or entity that has been given
organization and to control the many risks that can the authority to manage a particular risk and is
affect its ability to achieve objectives. accountable for doing so.
36
