A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
A
Action – A task that has been identified to be performed by a user to mitigate an incident or issue.
Assessment – The process of collecting information related to and analysing the potential impacts on the technical and business operations that an organization may encounter.
Assessment Template – A collection of pre-determined and leverageable set of questions that can be used within an assessment.
Attestation - A technique used to internally assess the effectiveness of risk management and control processes by a control owner.
Authority - A global standard, law or regulation for organizations that are legislated, regulated or choose to opt in to certain standards.
B
Breach - A type of issue or incident where failure to comply with or non-adherence to, internal policies, industry or organizational standards, including non-compliance with law, regulation, relevant industry code or any obligation that requires reporting.
C
Control - The creation of a process to manage inherent risk (including policies, reviews, training and approvals), which can be administrative, technical or legal in nature.
Control Set - A collection of controls that are associated with specific responsibilities that are implemented to comply with a standard, law or regulation or manage risk.
Corrective Action - A type of issue where a mitigating technique designed to respond to risks, issues or incidents in order to act to appropriately correct and close gaps identified within the organization.
D
Detective Control - A mitigating technique designed to recognize an occurrence or change in circumstances that may affect operations and alert management when this occurs.
I
Impact - The damage to both financial and non-financial aspects a risk event would cause if it materialized.
Incident - A circumstance or event that could lead to or has created a financial and/or non-financial impact, unintended exposure or outcome as a result of inadequate or failed internal processes, people, systems or from an external event.
Inherent Risk - The risk level or exposure that exists before any actions (e.g., implementing controls) are taken to mitigate the risk.
Issue - A problem identified in the organization which require investigation, remediation activities or preventative measure to be taken.
L
Likelihood - The probability or percentage that risk event will occur during the period being assessed.
M
Metric - A type of monitoring activity that allow users to define goals and set tolerances that can be tracked across an organization.
N
Near Miss - A type of issue or incident where circumstance or event where the standard control environment fails to detect or prevent an incident occurring, but impact is prevented, or no impact resulted.
P
Playbook - A list of required steps and actions to successfully respond to a scenario (e.g., Incident or Business Continuity).
Policy - A collection of principles, guidelines or frameworks that are adopted or designed by an organization to achieve long term goals.
Preventative Control - A mitigating technique designed to prevent an issue, error, fraud, or other event from occurring.
Project - A module that allows users to plan and organize work via structured lists of tasks.
Provision - A detailed breakdown of the clause and requirements outlined and defined by a standard, law or regulation (authority) including any applicable attributes.
Q
Question Based Assessment - A review conducted to assess operations within an organization that can be question based.
R
Register - An official list or record set up and used to manage sets of data for an organization such as Assets, Risks, Issues, Gifts and other related data sets.
Requirement Based Assessment - A review conducted to assess operations within an organization in the view of a control set.
Residual Risk - The remaining, potential risk after all control measures are applied to mitigate a risk.
Respondent - A subscriber that can be either an internal or external (third party) user that can receive notifications for a task or action to be performed in the platform.
Risk - Risk is a measure of the likelihood that unplanned events on an organization’s operations will occur and impact the achievement of strategy and business objectives.
Risk Appetite - A target level of loss exposure that the organization views as acceptable, given business objectives and resources.
Risk Libraries - A collection of pre-defined risks that can be considered relevant to an organisation, project or system through a risk review.
Risk Rating - Overall weighting of a risk which is based on a combination of the likelihood and impact of the risk to the organization.
Risk Review - A mechanism used on a frequent basis to re-evaluate the risk environment, risk events and their relative likelihood and impact.
Risk Tolerance - The degree of variance from the organization’s risk appetite that the organization is willing to tolerate.
T
Task - An actionable item assigned to a user that has been created in the platform.
Third-party - A supplier or a customer that an organization has an agreement with to provide a product directly to an organizations customers or to the organization itself.
Trust Portal - A portal for an organization to share self-assessments and policies with external stakeholders.