Page 641 - COSO Guidance
P. 641

Glossary




            Impact: The result or effect of a risk. There may be a range of possible impacts associated with a risk. The
            impact of a risk may be positive or negative relative to the entity’s strategy or business objectives.

            Information: Processed, organized and structured data concerning a particular fact or circumstance.
            Inherent risk: The risk to an entity in the absence of any direct or focused actions by management to alter
            its severity.
            Integrated thinking: The active consideration by an organization of the relationships between its various
            operating and functional units and the capitals that the organization uses or affects. Integrated thinking leads to
            integrated decision-making and actions that consider the creation of value over the short, medium and long term.
            Intellectual capital: Accounts for the intangibles associated with brand and reputation, in addition to patents,
            copyrights, organizational systems and related procedures.
            Internal control: A process, effected by an entity’s board of directors, management and other personnel,
            designed to provide reasonable assurance regarding the achievement of objectives relating to operations,
            reporting and compliance. (For more discussion, see Internal Control—Integrated Framework.)
            Internal environment: Anything inside of the entity that influences the ability to achieve strategy and
            business objectives.
            Internal stakeholders: Parties working within the entity such as employees, management and the board.
            Likelihood: The possibility that a given event will occur.
            Megatrends: Large, transformative global forces that define the future by having far-reaching impact on
            business, economies, industries, societies and individuals.
            Materiality assessment (or ESG materiality assessment): The process of identifying, refining and assessing
            potential environmental, social and governance issues that could affect your business and/or your stakeholders,
            and condensing them into a short-list of topics that inform company strategy, targets, and reporting.
            Mission: The entity’s core purpose, which establishes what it wants to accomplish and why it exists.
            Natural capital: The stock of renewable and non-renewable natural resources (e.g., plants, animals, air, water,
            soils, minerals) that combine to yield a flow of benefits to people.
                                                                  e
            Non-financial: According to the EU Non-Financial Reporting Directive on non-financial risks, includes
            environmental matters, social and employee aspects, respect for human rights, anti-corruption and bribery
            issues and diversity on boards of directors.
            Operating structure: The way the entity organizes and carries out its day-to-day operations.
            Opportunity: An action or potential action that creates or alters goals or approaches for creating, preserving
            and realizing value.
            Organization: The term used to collectively describe the board of directors, management and other personnel
            of an entity.
            Organizational sustainability: The ability of an entity to withstand the impact of large-scale events.
            Performance management: The measurement of efforts to achieve or exceed the strategy and
            business objectives.

            Persistence: How long a risk impacts an entity.
            Portfolio view: A composite view of risk the entity faces, which positions management and the board to
            consider the types, severity and interdependencies of risks and how they may affect the entity’s performance
            relative to its strategy and business objectives.
            Recovery: The capacity of an entity to return to tolerance.
            Risk: The possibility that events will occur and affect the achievement of strategy and business objectives.
            NOTE: “Risks” (plural) refers to one or more potential events that may affect the achievement of objectives.
            “Risk” (singular) refers to all potential events collectively that may affect the achievement of objectives.
            Risk appetite: The types and amount of risk, on a broad level, an organization is willing to accept in pursuit of value.
            Risk capacity: The maximum amount of risk that an entity is able to absorb in the pursuit of strategy and
            business objectives.



            . . . . . . . . . . . . . . . .
            e   This definition was obtained from the Natural Capital Coalition's “Natural Capital Protocol.” This definition is similar to that used by the <IR> Framework, which is defined
              as “all renewable and nonrenewable environmental resources and processes that provide goods or services that support the past, current or future prosperity of
              an organization.”
        94                             Enterprise Risk Management | Applying enterprise risk management to environmental, social and governance-related risks  •  October 2018
   636   637   638   639   640   641   642   643   644   645   646