Risk Management Glossary
Risk Management Terms
Risk management involves identifying, assessing, and prioritizing risks to minimize their impact on an organization. Understanding the various terms associated with risk management can help individuals and organizations make informed decisions. The Risk Management Glossary* covers a comprehensive range of terms related to risk management practices and strategies.
To help you find terms quickly, the glossary is organized alphabetically. You can jump to a specific section by clicking on the corresponding letter group below:
Navigation Tip: For a seamless experience, click picture or image within corresponding letter group section — to return to the top of the Medicare Glossary overview page.
*See the Risk Management Glossary Terms of Use at the bottom of this page.
Glossary A–C
A
Acceptance
A risk response strategy where the risk is acknowledged, but no action is taken to mitigate it. This is usually applied to risks that have a low impact or are deemed unavoidable.
Accountable Risk Management
The assignment of specific risks to individual risk owners who are responsible for managing and mitigating those risks.
Actuary
A professional who assesses and manages financial risks by analyzing statistical data and probabilities. Actuaries often work in insurance and pension industries.
Adaptive Risk Management
An approach that adjusts risk management practices dynamically based on evolving conditions and feedback.
Adverse Selection
A situation in which an insurance company extends coverage to an applicant whose actual risk is substantially higher than the risk known to the insurer.
Aggregate Risk
The total amount of risk that an organization faces, considering all individual risks combined.
Aggregate Risk Limit
The maximum level of risk exposure that an organization is willing to accept across all types of risks.
Aggregated Exposure
The total exposure to risk that an organization faces from multiple sources or risk events.
Alternative Risk Transfer (ART)
Techniques other than traditional insurance used to finance and manage risk, such as captive insurance, self-insurance, and risk retention groups.
Asset
An asset is any valuable resource owned or controlled by an individual or organization, including both tangible and intangible items.
Asset Liability Management (ALM)
The practice of managing financial risks that arise from mismatches between the assets and liabilities.
Asymmetric Risk
A situation where the potential for loss is greater than the potential for gain, or vice versa, in a given investment or decision.
Audit Risk
The risk that an auditor may fail to detect significant errors or fraud in financial statements.
Avoidance
A risk management strategy that involves changing plans to completely sidestep a risk, often by not engaging in certain activities or projects that could introduce risk.
B
Baseline Risk Assessment
An initial evaluation of the risk landscape to establish a starting point for measuring and managing risks over time.
Basis Risk
The risk that arises when the hedge chosen does not perfectly offset the risk being hedged.
Behavioral Risk
Risks that arise from human behaviors and attitudes that can adversely impact an organization's operations and objectives.
Benchmarking
Comparing an organization’s risk management practices and performance metrics against industry standards or best practices to identify areas for improvement.
Benefit Corporation (B-Corp)
A corporation that balances purpose and profit by creating a positive impact on society and the environment, in addition to pursuing financial returns.
Black Swan Event
A highly improbable and unpredictable event that has a massive impact. These events are often outside the realm of regular expectations and can have severe consequences.
Bowtie Analysis
A risk evaluation method that visualizes the pathways from risk sources to outcomes, identifying controls to mitigate the risk.
Business Continuity Planning (BCP)
The process of creating strategies and procedures to ensure an organization can continue operating during and after disruptive events (e.g., natural disasters, cyberattacks).
Business Impact Analysis (BIA)
A process that determines the potential impact of a disruption to critical business operations. It helps in prioritizing recovery strategies.
Business Interruption Insurance
A type of insurance that covers the loss of income that a business suffers after a disaster while its facility is being rebuilt.
C
Capital Adequacy
The requirement for financial institutions to maintain sufficient capital to cover their risk exposure.
Capital Contribution
An act of providing financial resources to a business in exchange for equity or ownership interest. This can include an individual investing their own money into their own company.
Captive Insurance
An insurance company that is wholly owned and controlled by its insureds; its primary purpose is to insure the risks of its owners, and its insureds benefit from the captive insurer's underwriting profits.
Catastrophic Risk
A risk with severe consequences, often affecting a large population or causing significant financial losses. Examples include earthquakes, pandemics, and major market crashes.
Claim
A formal request for compensation made by an insured party to an insurance company for loss covered under an insurance policy.
Claims Management
The process of handling and processing insurance claims, including the assessment and settlement of claims.
Cognitive Bias
A systematic pattern of deviation from norm or rationality in judgment, which can affect risk perception and decision-making.
Collateral
Assets pledged by a borrower to secure a loan or other credit, which can be seized if the borrower defaults.
Compliance Audit
A review process to ensure that an organization is adhering to regulatory guidelines and internal policies.
Compliance Risk
The risk of legal or regulatory sanctions, financial loss, or damage to reputation that an organization faces when it fails to comply with laws, regulations, codes of conduct, or standards of practice.
Concentration Risk
The risk of loss due to heavy exposure to a single counter-party, sector, or geographic area.
Contingent Liability
A potential liability that may occur depending on the outcome of a future event.
Contingency Plan
A plan developed to respond to a risk if it occurs. This plan includes predefined actions to manage and mitigate the impact of the risk.
Control
Measures or actions implemented to reduce or eliminate risk by minimizing its impact or likelihood.
Control Environment
The set of standards, processes, and structures that provide the basis for carrying out internal control across the organization.
Cooperative (Co-op)
A business entity owned and operated by its members, who use its services or products. Members share profits and decision-making responsibilities.
Corrective Action Plan (CAP)
A structured plan developed to address and correct identified risks or compliance issues.
Correlation Risk
The risk that changes in one risk factor will cause changes in another, potentially amplifying the overall risk.
Corporation (C-Corp)
A legal entity separate from its owners, providing limited liability protection. It is taxed separately from its owners and can issue stock to raise capital.
Counterparty Risk
The risk that the other party in a financial transaction may default on their obligations.
Credit Risk
The risk of loss resulting from a borrower failing to repay a loan or meet contractual obligations.
Credit Spread Risk
The risk that the difference in yield between different types of bonds will change, affecting bond prices.
Crisis Management
The process by which an organization deals with a disruptive and unexpected event that threatens to harm the organization or its stakeholders.
Critical Infrastructure Risk
Risks associated with the failure or disruption of vital systems and assets essential for public safety and economic stability (e.g., power grids, water supply).
Critical Path Method (CPM)
A project management tool used to identify the sequence of tasks that determines the minimum project duration.
Cyber Risk
The risk of financial loss, disruption, or damage to the reputation of an organization from some sort of failure of its information technology systems.
Glossary D–F
D
Default Risk
The risk that a borrower will be unable to make the required payments on their debt obligations.
De-Risking
The process of reducing exposure to risk, often by divesting from certain activities or investments.
Derivative
A financial instrument whose value is derived from the value of an underlying asset, index, or rate.
Disaster Recovery Plan (DRP)
A documented process or set of procedures to recover and protect a business IT infrastructure in the event of a disaster.
Diversifiable Risk
Risks that can be reduced or eliminated through diversification.
Diversification
A risk management strategy that mixes a wide variety of investments within a portfolio to reduce exposure to any single asset or risk.
Due Diligence
Thorough research and investigation conducted before making business decisions. It helps identify risks and potential pitfalls.
Dynamic Risk Assessment
The ongoing process of identifying, analyzing, and evaluating risks in real-time or near real-time.
E
Early Warning Indicator
Metrics or signals that provide early indication of potential risk events, allowing for proactive management.
Economic Risk
The risk that economic conditions or factors (e.g., inflation, recession) will affect an organization's financial performance.
Emerging Risks
New or evolving risks that are not fully understood and may not yet be clearly defined or quantified.
Emerging Technology Risk
Risks associated with the adoption and implementation of new technologies that may not be fully understood or regulated.
Enterprise Risk Management (ERM)
A holistic approach to managing risks across an entire organization. ERM considers financial, operational, strategic, and compliance risks.
Enterprise Risk Management (ERM) Framework
A structured approach to managing risks across an organization, integrating risk management into its overall strategy and decision-making processes.
Environmental Risk
The risk of harm to the environment due to business activities, which can also impact the organization through regulatory fines or reputational damage.
Equity Impact
The effect that capital contributions have on the ownership structure and equity of a company. When a business owner or investor makes a capital contribution, it generally leads to an increase in their equity or ownership stake in the company.
Event Impact Analysis
Analyzing the potential impacts of different risk events to prioritize response strategies based on severity and likelihood.
Event Risk
The risk of loss due to an event that disrupts the normal course of business, such as natural disasters, political upheaval, or terrorist attacks.
Event Tree Analysis (ETA)
A graphical representation of possible outcomes following an initiating event, used to analyze the probabilities of different risks.
Exposure
The extent to which an organization is vulnerable to a risk event. This includes the potential impact and the probability of the event occurring.
Exposure Assessment
The process of measuring or estimating the intensity, frequency, and duration of exposures to an agent that may affect the health or well-being of individuals or the environment.
Exposure Draft
A document issued for public comment by a regulatory body proposing new regulations or amendments to existing ones, which could affect risk management practices.
Exposure Indicator
A metric used to measure the potential for a risk event to impact an organization.
F
Fiduciary Risk
The risk that an entity will fail to act in the best interest of its clients or stakeholders, leading to financial or reputational damage.
Financial Risk
The risk of financial loss due to market fluctuations, credit defaults, liquidity issues, or interest rate changes.
Force Majeure
A contractual clause that frees parties from liability or obligation when an extraordinary event or circumstance beyond their control occurs.
Frequency
The rate at which a risk event is likely to occur. This helps in assessing the likelihood of risks over a specific period.
Glossary G–I
G
Gap Analysis
A method for assessing the differences between the current state and desired future state in terms of risk management practices.
Governance
The framework and processes that guide decision-making, risk management, and accountability within an organization.
Gray Rhino
A highly probable, high impact yet neglected threat: not random surprises, but instead occur after a series of warnings and visible evidence.
H
Hazard
A potential source of harm or adverse effect on a person or organization. Hazards can lead to various types of risks, including financial, operational, or safety risks.
Hedge
A financial strategy used to reduce or eliminate the risk of adverse price movements in an asset.
Hedging
The practice of making an investment to reduce the risk of adverse price movements in an asset.
Horizon Risk
The risk that an organization's time horizon for achieving its objectives will be shortened, typically due to external pressures or events.
I
Impact
The effect or consequence of a risk event on an organization. Impact can be measured in terms of cost, time, scope, or quality.
Incident
An event that has the potential to disrupt normal operations or cause harm to an organization. Incidents can be minor or major.
Incident Response Plan
A documented, structured approach with instructions for responding to unplanned incidents.
Inherent Risk
The level of risk before any measures are taken to manage it. This is the raw risk that exists in the absence of controls or mitigation strategies.
Insurance
A risk transfer mechanism where an individual or organization pays premiums to an insurer in exchange for coverage against specific risks (e.g., property damage, liability).
Insurance Deductible
The amount that the insured must pay out-of-pocket before the insurance company pays a claim. This is a common feature in various types of insurance policies.
Insurance Premium
The amount of money that an individual or business must pay for an insurance policy.
Internal Audit
An independent, objective assurance and consulting activity designed to add value and improve an organization’s operations.
Glossary J–L
J
Joint Venture
A business arrangement where two or more parties collaborate to achieve a specific goal. Joint ventures involve shared risks and rewards.
K
Key Control
A primary control measure that is crucial for managing significant risks within an organization.
Key Control Indicator (KCI)
A metric that measures the effectiveness of a control in managing risk.
Key Performance Indicator (KPI)
Metrics used to evaluate the success of an organization in achieving key business objectives, including risk management goals.
Key Risk Indicator (KRI)
A measurable metric used to monitor and assess the likelihood and impact of specific risks within an organization.
L
Latent Risk
Risks that are present but not immediately evident, often due to lack of awareness or recognition.
Legal Compliance Risk
The risk of failing to comply with legal requirements, which could result in fines, penalties, or legal action.
Legal Risk
The risk of financial loss or damage due to legal actions or uncertainty in the application of laws and regulations.
Likelihood
The probability that a risk event will occur. Likelihood is a key component in risk assessment and is often rated as high, medium, or low.
Likelihood of Occurrence
The probability that a specific risk event will occur within a given time frame.
Limited Liability Company (LLC)
A flexible business structure that combines the limited liability protection of a corporation with the tax benefits and operational flexibility of a partnership.
Limited Liability Partnership (LLP)
A partnership where all partners have limited liability, protecting them from personal responsibility for certain business debts and obligations, while still allowing them to participate in management.
Limited Partnership (LP)
A partnership consisting of one or more general partners with unlimited liability and one or more limited partners with liability limited to their investment. Limited partners typically do not participate in day-to-day operations.
Liquidity Risk
The risk that an organization will not be able to meet its short-term financial obligations due to an inability to liquidate assets.
Loss
The negative impact or damage resulting from a risk event. Losses can be financial, reputational, or operational.
Loss Control
Strategies and practices aimed at minimizing potential losses. This includes safety protocols, risk assessments, and preventive measures.
Glossary M–O
M
Market Risk
The risk of losses due to changes in market prices, such as stock prices, interest rates, or currency exchange rates.
Maturity Risk
The risk associated with the time until a financial obligation or asset matures, affecting its price and interest rate sensitivity.
Mitigation
Actions taken to reduce the severity, seriousness, or likelihood of a risk. Mitigation strategies aim to minimize the adverse effects of risks.
Model Risk
The risk of inaccuracy or failure due to reliance on financial models that may have incorrect assumptions or flawed data.
Monitoring
The continuous process of tracking identified risks, assessing the effectiveness of risk responses, and identifying new risks.
Monte Carlo Simulation
A mathematical technique that allows for the modeling of complex situations by running simulations multiple times to calculate the probability of different outcomes.
Moral Hazard
The situation where one party is willing to take risks because they do not have to bear the full consequences of the risk.
Moral Risk
Similar to moral hazard, it refers to the risk that an entity has an incentive to take on undue risks because the cost of any potential problems will be borne, at least in part, by others.
N
Natural Hazard
Risks associated with natural events, such as earthquakes, floods, and hurricanes.
Non-Financial Risk
Risks that do not directly relate to financial losses but impact an organization’s reputation, operations, or compliance (e.g., cybersecurity, regulatory compliance).
Nonprofit Corporation
A corporation organized for purposes other than generating profit, such as charitable, educational, or religious purposes. Profits are reinvested into the organization’s mission.
O
Operational Contingency Planning
Preparing alternative strategies and actions to keep operations running during unexpected disruptions.
Operational Continuity
Ensuring that critical business functions will be available to customers, suppliers, regulators, and other entities that must have access to those functions.
Operational Resilience
The ability of an organization to continue to deliver critical operations and services despite disruptions or adverse events.
Operational Risk
The risk of loss resulting from inadequate or failed internal processes, people, systems, or external events. Operational risk is common in all organizations and industries.
Over-the-Counter (OTC)
Financial transactions conducted directly between two parties without going through an exchange.
Glossary P–S
P
Pandemic Risk
The risk of widespread health crises that impact large populations and have significant economic and operational repercussions.
Partnership
A business entity where two or more individuals share ownership, profits, and liabilities. There are various types, including general partnerships and limited partnerships.
Performance Risk
The risk that an organization or project will not meet its performance objectives.
Peril
A specific risk or cause of loss covered by an insurance policy, such as fire, theft, or flood.
Political Risk
The risk of financial loss or adverse effects on business due to political changes or instability in a country.
Portfolio Management
The process of making investment decisions to balance risk and return in a portfolio of assets.
Portfolio Risk
The combined risk of a portfolio of investments or projects, considering the interactions between individual risks.
Precautionary Principle
A strategy to cope with possible risks where scientific understanding is yet incomplete, suggesting that action should be taken to avoid or diminish that risk.
Proactive Risk Management
Identifying and mitigating risks before they materialize into issues.
Probability
The statistical chance of a risk event happening. Probability helps quantify the likelihood and can be expressed as a percentage or a ratio.
Professional Corporation (PC)
A type of corporation specifically for professionals (e.g., doctors, lawyers) that offers limited liability protection while meeting regulatory requirements for their profession.
Protective Measures
Actions taken to safeguard assets, people, or information from potential risks.
Q
Qualitative Risk Assessment
A method of evaluating risks based on non-numerical data. This involves subjective judgment to assess the impact and likelihood of risks.
Quantitative Risk Assessment
Using numerical data and statistical models to assess risks. It involves calculating probabilities, expected values, and potential losses.
R
Reinsurance
Insurance purchased by an insurance company from another insurance company to mitigate risk.
Reputation Risk
The risk of damage to an organization's reputation, which can result in loss of customers, revenue, or market value.
Reputational Damage
Harm to a company's reputation resulting in the loss of customers, reduction in revenue, or loss of market value.
Reputational Risk Management
Strategies and actions taken to protect and enhance the reputation of an organization.
Residual Risk
The risk that remains after mitigation efforts have been implemented. This is the risk left over after controls and actions are in place.
Resilience
An organization’s ability to adapt, recover, and thrive in the face of adversity or disruptions.
Risk
The possibility of an event or condition that could have a negative impact on an organization's objectives. Risk involves uncertainty and potential adverse outcomes.
Risk Adjustment
Modifying risk assessments to account for factors such as changes in the environment, new information, or control measures.
Risk Aggregation
The process of combining multiple risks to understand the total exposure of an organization. This helps in understanding the cumulative impact of various risks.
Risk Analysis
The process of understanding the nature, sources, and causes of identified risks. It involves evaluating the potential impact and likelihood of risks.
Risk Appetite
The amount and type of risk that an organization is willing to take in order to meet its objectives. This defines the acceptable level of risk for the organization.
Risk Assessment
The process of identifying, analyzing, and evaluating risks. This includes determining the likelihood and impact of each risk to prioritize management efforts.
Risk-Based Pricing
Setting the price of a financial product based on the risk profile of the customer or transaction.
Risk Capacity
The maximum amount of risk an organization can bear without jeopardizing its survival or critical operations.
Risk Capacity Assessment
Evaluating the maximum level of risk that an organization can absorb without significant negative impact.
Risk Clustering
The identification and analysis of related risks that can occur together or in sequence.
Risk Communication
The process of sharing information about risk between decision-makers and stakeholders. Effective communication ensures that everyone understands the risks and the actions taken to manage them.
Risk Culture
The values, beliefs, and attitudes towards risk within an organization. A strong risk culture supports effective risk management practices.
Risk Dashboard
A visual tool that provides an overview of key risk metrics and indicators, often in real-time.
Risk Driver
An underlying factor that influences the likelihood and impact of a risk.
Risk Escalation
The process of raising the awareness of higher-level management about risks that require their attention or action.
Risk Financing
Strategies that organizations use to fund their risk management efforts, including insurance, reserves, and other financial instruments.
Risk Heat Map
A visual tool used in risk assessment that shows the severity of risks in terms of likelihood and impact, often using color coding to represent different levels of risk.
Risk Identification
The process of finding, recognizing, and describing risks that could affect the achievement of an organization’s objectives.
Risk Indicator
A measurable value that provides information about the level of risk exposure.
Risk Inventory
A comprehensive list of all the risks an organization faces, used for assessment and management.
Risk Landscape
The overall view of an organization's risk environment, including all internal and external risks.
Risk Limit
A threshold or cap on the amount of risk exposure that an organization or individual is willing to accept.
Risk Management
The systematic process of identifying, assessing, and controlling risks to minimize the adverse effects on an organization. This involves strategies, processes, and tools to manage risk effectively.
Risk Management Plan
A detailed document outlining the risk management process, including risk identification, assessment, response strategies, and monitoring activities.
Risk Management Policy
A formal statement outlining an organization’s approach to managing risk. This policy sets the framework for risk management activities and responsibilities.
Risk Mapping
Creating a visual representation of risks within an organization to identify where they are located and how they are interconnected.
Risk Maturity
The level of development and integration of risk management practices within an organization. Higher risk maturity indicates more effective and systematic risk management.
Risk Owner
The individual or entity responsible for managing a specific risk, including implementing mitigation strategies and monitoring the risk.
Risk Portfolio
The collection of all risks faced by an organization, considered together as a whole.
Risk Profile
A quantitative analysis of the types and levels of risk an organization faces, often used to inform strategic decisions.
Risk Profiling
The process of determining the risk characteristics and tolerance levels of an organization or individual.
Risk Register
A documented list of identified risks, including their assessment and proposed management actions. The risk register is a key tool in risk management planning and monitoring.
Risk Response
The actions taken to address identified risks. Risk response strategies include avoidance, mitigation, transfer, and acceptance.
Risk Sharing
Distributing risks among various parties to reduce the burden on any single party, often through mechanisms like insurance or partnerships.
Risk Tolerance
The degree of variability in outcomes that an organization is willing to withstand. Risk tolerance defines the acceptable level of risk in specific contexts.
Risk Transfer
A risk management strategy where the risk is shifted to another party, often through insurance or outsourcing. This helps to offload the potential impact of risks.
S
S Corporation (S-Corp)
A special type of corporation that avoids double taxation by passing income, losses, deductions, and credits through to shareholders, who report these on their personal tax returns.
Scenario Analysis
Evaluating risks by considering various hypothetical scenarios. It helps identify vulnerabilities and potential impacts.
Scenario-Based Risk Assessment
Evaluating risk based on specific hypothetical scenarios to understand potential impacts and responses.
Scenario Planning
Developing and analyzing potential future scenarios to understand how different factors might impact the organization.
Scenario Testing
A process of evaluating how different scenarios impact an organization’s risk profile.
Security Risk
Risks associated with threats to an organization’s information systems and data. Security risks include cyberattacks, data breaches, and unauthorized access.
Self-Insurance
Setting aside a pool of money to be used to remedy an unexpected loss, rather than purchasing insurance from a third party.
Sensitivity Analysis
Assessing how changes in one variable affect other variables in a risk model, to understand the robustness of the model.
Shadow Banking
Financial intermediaries involved in facilitating credit creation that are not subject to regulatory oversight, which can pose systemic risks.
Silo Risk Management
The practice of managing risk in isolation, where different departments or units within an organization handle their risks separately rather than in an integrated manner.
Sole Proprietorship
A business owned and operated by a single individual, who is personally liable for all business debts and obligations. It is the simplest form of business entity.
Solvency Risk
The risk that an organization will be unable to meet its long-term financial obligations.
Stakeholder
Any individual or group that has an interest or is affected by the risk management activities of an organization. Stakeholders can include employees, customers, suppliers, regulators, and investors.
Stakeholder Engagement
The process of involving individuals or groups affected by risk management activities in decision-making processes.
Strategic Risk
Risks that affect an organization's long-term goals and strategies. These risks can arise from changes in the market, competitive landscape, or regulatory environment.
Stress Testing
A risk management technique used to evaluate how certain stress conditions, such as extreme market movements or economic scenarios, will affect an organization.
Subrogation
The legal right held by insurers to pursue a third party that caused an insurance loss to the insured.
Systemic Risk
The risk of collapse of an entire financial system or entire market, due to the failure of a single entity or group of entities, which can result in a cascading failure.
Systemic Risk Management
The practice of managing risks that have the potential to trigger widespread instability within a system or industry.
Glossary T–Z
T
Tactical Risk Management
Short-term risk management strategies focused on immediate issues and responses.
Tail Risk
The risk of an asset or portfolio of assets moving more than three standard deviations from its current price, representing extreme loss events.
Tangible Risk
Risks associated with physical assets, such as property damage or theft.
Third-Party Audit
An independent review conducted by an external party to evaluate an organization’s risk management practices.
Third-Party Risk
Risks associated with external vendors, suppliers, or partners. Organizations must manage third-party risks to protect their own operations.
Threat
Any circumstance or event with the potential to cause harm to an organization. Threats can be internal or external and can affect various aspects of the organization.
Total Cost of Risk (TCOR)
The sum of all costs associated with managing risk, including prevention, detection, and recovery costs.
Transitional Risk
Risks associated with the transition to a new regulatory environment, business model, or operational process.
Trigger Event
An occurrence that initiates the implementation of a risk management action or plan.
U
Umbrella Policy
An insurance policy that provides additional coverage beyond the limits of the primary policies.
Uncertainty
The lack of predictability or certainty regarding future events. Risk management aims to address and mitigate uncertainty.
Underwriting
The process by which insurers evaluate the risk of insuring a home, car, driver, or individual's health or life, and determine the premium to charge for taking that risk.
Underwriting Risk
The risk that the premiums collected by an insurer will be insufficient to cover claims made against policies.
Uninsurable Risk
A risk that is not covered by insurance, often because it is deemed too high or unpredictable to be economically viable for insurers.
V
Value-at-Risk (VaR)
A statistical technique used to measure the risk of loss on a specific portfolio of financial assets. It estimates how much a set of investments might lose, given normal market conditions, over a set time period such as a day.
Vendor Risk Management
The process of identifying, assessing, and mitigating risks associated with third-party vendors and service providers.
Venture Risk
The risk associated with new business ventures, including startup risks and the uncertainty of entering new markets.
Volatility
The degree of variation or fluctuation in financial markets or asset prices. High volatility indicates greater risk.
Vulnerability
The weaknesses or gaps in an organization that can be exploited by threats or increase the likelihood of risk events. Vulnerabilities make an organization more susceptible to risks.
W
War Risk
The risk of loss or damage due to acts of war, including invasion, insurrection, and rebellion.
Waterfall Risk
The risk that arises from sequential project phases, where delays or issues in earlier phases impact subsequent phases.
Wealth Transfer
The process of transferring assets from one individual or entity to another.
Weighted Risk
The process of assigning different weights to various risks based on their importance or potential impact.
Whistleblower
An individual who reports unethical or illegal activities within an organization.
Worst-Case Scenario
The most severe possible outcome that can be projected to occur in a given situation based on known facts and assumptions.
Y
Yield Curve Risk
The risk of changes in the yield curve, affecting the valuation of interest-rate-sensitive assets.
Z
Zero-Based Risk Assessment
A method of risk assessment that starts from a "zero base," considering all risks from scratch without relying on past assessments.
Zero-Day Attack
A cyber attack that occurs on the same day a weakness is discovered in software, before a fix becomes available.
Zero-Day Vulnerability
A software vulnerability that is unknown to the software developer and has not been patched, leaving systems at risk of exploitation.
Risk Management Glossary Updates and Guidance
The Risk Management Glossary is intended for informational purposes only. The terms included in this glossary may be updated periodically to reflect the latest changes and additions. For the most current and personalized advice, always seek professional guidance.
Click Button | Inquiries & Questions
