Page 642 - COSO Guidance
P. 642
Glossary
Risk inventory: All risks that could impact an entity.
Risk management practitioner: For the purposes of this guidance, includes those with a direct role in the
ERM, however, the guidance is applicable to anyone with responsibilities to manage risk (including operational
management, risk owners, line management).
Risk profile: A composite view of the risk assumed at a particular level of the entity, or aspect of the business
that positions management to consider the types, severity and interdependencies of risks and how they may
affect performance relative to the strategy and business objectives.
Severity: A measurement of considerations such as the likelihood and impact of events or the time it takes to
recover from events.
Speed of onset or velocity: The time it takes for a risk event to manifest itself or the time that elapses between
the occurrence of an event and the point at which the company first feels its effects.
Social and relationship capital: Networks together with shared norms, values and understandings that
f
facilitate cooperation within or among groups.
Stakeholders: Parties that have a genuine or vested interest in the entity.
Stakeholder engagement: The process used by an organization to engage relevant stakeholders for the
purpose of achieving agreed outcome.
Strategy: The organization’s plan to achieve its mission and vision and apply its core values.
g
Sustainability: A business approach that creates long-term shareholder value by embracing opportunities and
managing risks deriving from economic, environmental and social developments.
Sustainability practitioner: For the purposes of this guidance, sustainability practitioners primarily include
those with a direct role in a sustainability function; however, the guidance is relevant to anyone impacted by
ESG-related considerations.
SWOT analysis: Uses a two-by-two framework to define the strengths, weaknesses, opportunities and threats
a company is facing.
Target residual risk: The amount of risk that an entity prefers to assume in the pursuit of its strategy and
business objectives, knowing that management will implement, or has implemented, direct or focused actions
to alter the severity of the risk.
Tolerance: The boundaries of acceptable variation in performance related to achieving business objectives.
Uncertainty: The state of not knowing how or whether potential events may manifest.
Vision: The entity’s aspirations for its future state or what the organization aims to achieve over time.
. . . . . . . . . . . . . . . .
f This is the OECD definition of social capital which is used in the draft “Social & Human Capital Protocol” due for publication in 2019. This definition is similar to that used
by the <IR> Framework, which is defined as “the institutions and the relationships within and between communities, groups of stakeholders and other networks, and the
ability to share information to enhance individual and collective well-being.”
g RobecoSAM. “Corporate Sustainability.” Retrieved from sustainability-indices.com/sustainability-assessment/corporate-sustainability.jsp
Enterprise Risk Management | Applying enterprise risk management to environmental, social and governance-related risks • October 2018 95
