Risk-based performance Glossary

Types of Internal Controls

Andrew Smart — Fri, 04 Dec 2009 22:22:08 +0000

Detective: Designed to detect errors or irregularities that may have occurred.

Corrective: Designed to correct errors or irregularities that have been detected.

Preventive: Designed to keep errors or irregularities from occurring in the first place.

Key Control Indicator (KCI)

Andrew Smart — Sat, 10 Jan 2009 12:23:26 +0000

An indicator which is used by organizations to help define its controls environment and monitor levels of control relative to desired tolerances.

KCIs are used to answer the question:”Are our organization’s internal controls effective? Are we ‘in control’?”

Source : www.riskbasedperformance.com

Key Risk Indicator (KRI)

Andrew Smart — Sat, 10 Jan 2009 12:19:40 +0000

An indicator which is used by organizations to help define its risk profile and monitor changes in that profile.

KRIs are used to answer the question: “How is our risk profile changing and is it within our desired tolerance levels?”

Source : www.riskbasedperformance.com

Key Performance Indicator (KPI)

Andrew Smart — Sat, 10 Jan 2009 12:16:15 +0000

An indicator which enables an organization to define its performance targets based on its goals and objectives and to monitor its progress towards achieving these targets.

KPIs are used to answer the question: “Are we achieving our desired levels of performance?”

Source : www.riskbasedperformance.com

Uncertainty

Andrew Smart — Sun, 07 Dec 2008 09:49:32 +0000

Inability to know in advance the exact likelihood or impact of future events.

Source : COSO Integrated Risk Management Framework

Strategic risk

Andrew Smart — Sun, 07 Dec 2008 09:48:30 +0000

Risk concerned with where the organization wants to go, how it plans to get there, and how it can ensure survival.

Source : BS31100:2008

Strategic

Andrew Smart — Sun, 07 Dec 2008 09:46:46 +0000

Used with “objectives”: having to do with high-level goals that are aligned with and support the entity’s mission (or vision).

Source : COSO Integrated Risk Management Framework

Stakeholder

Andrew Smart — Sun, 07 Dec 2008 09:43:40 +0000

Parties that are affected by the entity, such as shareholders, the communities in which the entity operates, employees, customers, and suppliers.

Source : COSO Integrated Risk Management Framework

Person or group concerned with, affected by, or perceiving themselves to be affected by an organisation.

Note: A decision maker is also a stakeholder

Source : BS31100:2008

Risk treatment

Andrew Smart — Sun, 07 Dec 2008 09:41:23 +0000

Process of developing, selecting and implementing controls.

Note 1: Risk treatment can involve: avoiding the risk by deciding not to start or continue with the activity that gives rise to the risk; seeking an opportunity by deciding to start or continue with an activity likely to create or enhance the risk; removing the source of the risk; changing the nature and magnitude of likelihood; changing the consequences; sharing the risk with another party or parties; and retaining the risk by choice.
Note 2: Risk treatments that deal with negative consequences are sometimes referred to as risk mitigation, risk elimination, risk prevention, risk reduction, risk repression and risk correction.

Source : BS31100:2008 [ISO Guide 73]

Risk transfer

Andrew Smart — Sun, 07 Dec 2008 09:39:52 +0000

Sharing with another party the burden of loss or benefit of gain for a risk.

Note: This might be achieved through legislation, contract, insurance or other means.

Source : BS31100:2008