20 Risk Management Terms Explained

Robert keenan, chief information & risk officer


All organizations face risks that could harm to their reputation, potentially cost them money, or worse, their future. Therefore, risk management needs to be a central part of every business. Essentially, risk management keeps the current and potential risks forefront in owners/CEOs/Executives’ mind. A risk management plan enables you to strategize tactics to help avoid potential threats, diminish their impact, and advance your company’s resilience. This blog will take a deep dive into the most common terms used during the risk management process to help you better understand the subject. 


1. Enterprise Risk Management (ERM)/ Business Continuity plan (BCP)/ Contingency Planning (CP)

ERM is the process of detecting and procedurally addressing potential business risks. ERM’s objective is to develop an all-inclusive portfolio view of all the risks (both negative and positive) in a top-down list depending on the significance of the impact.

Contingency planning acts as a fallback plan for high exposure risk capable of grounding all the business operations. For example, what happens when the backup hard disk gets corrupted in a ransomware or malware attack on the corporate data? This process establishes policies, strategies, methods, and actions to be taken in the event of a risk. The objective is to lessen as much as possible impacts by outlining how to cope during interruption of service. A BCP plan highlights the specific procedure to be taken in the event of a contingency.

2. Disaster recovery planning

Designing how the business should continue operations or services in the event of a calamity (ex. Flood, tornado or power outage) that disorders the normal flow of the activities or services.

3. Compliance risk profile

A compilation of risks emanating from non-adherence to a set of compliance practices such as regulations, rules, laws, policies, or ethical standards in the industry.

4. Control Assessment

Identifying, reviewing, and analyzing the current and missing controls to ascertain whether they are enough or are working efficiently. This is essential because as the business environment and nature of operations change, its risk profile also changes.

5. Emergent/emerging risk

These are previously poorly estimated or understood risks, but they are projected to grow significantly due to internal or external changes. The differentiating factor is that emergent threats lack a track record essential in estimating the likelihoods and likely losses.

6. Incident

One or several occurrences, or even a non-occurrence. Also known as an event, it can also denote a change in settings or circumstances. You expect all incidents to have causes and repercussions. 

7. Inherent risk or impact

The risk springing from inherent probability. i.e., an inherent risk is that which can strike when no controls are in place or the current extenuating measures fail.

Note: A quantified measure in the monetary value of the risk if it crystalized and there were no mitigation measures in place to control the impact.

8. Key Risk Indicators (KRIs)

Part of critical indicators responsible for monitoring the potential issues in an organization. Specifically, KRIs refer to vital indicators that predict unfriendly incidents that poorly impact the company, achieved by tracking changes in risk exposure levels.

9. Mitigation

Necessary steps, controls, measures, procedures, or tools deployed to reduce the risk probability and/or reduce the impact of such possible threats.

10. Operation Risk

The risk stemming from the company’s business processes or failure/inadequacy in internal processes, systems, and other entities.

11. Reputation Risk

Current or future risks to the business coming from negative public reviews, sentiments, or perceptions.

12. Residual impact

The impact that occurs when a risk materializes even after applying all the necessary controls, monitoring, and guarantee processes.

13. Residual risk

A risk that remains after you have considered the existing control environment and applied the controls around it.

14. Risk analysis

Process of understanding the nature, source, and causes of a risk after its identification and then studying the impacts and existing controls.

15. Risk attitude

The general approach an organization takes in assessing and addressing risks. Corporate’s risk attitude is vital in telling risk tolerance levels and if the mitigating actions are implemented on time.

16. Risk evaluation

The method used in comparing risk analysis results to determine if a particular likelihood of risk is within acceptable levels.

17. Risk identification

Process of finding, recognizing, and describing risks to quantify possible areas that can affect achieving the set objectives. This process uses historical data, theoretical analysis, opinions, professional advice, and stakeholder input to identify the underlying risks fully.

18. Risk management

Complete set of activities and procedures that direct an organization’s operations and how it controls the various risks that can negatively impact its objectives. It includes risk management principles, frameworks, and processes.

19. Risk mitigation

Efforts taken to either reduce the likelihood or impact of a risk.

20. Vulnerability

The organization’s susceptibility to risk incidents depending on readiness, agility, and adaptability.


Contact us today to learn more about how you can implement an effective risk management plan in your business. You can also read more about our risk assessment offering here.





Robert Keenan is the Chief Information & Risk Officer at Lutz with over 20 years of compliance and operational risk experience. He focuses on risk management, compliance, and security for the firm, and will partner with the operations team to drive process improvement and operational efficiencies for Lutz.

  • Risk Management & Compliance
  • Operations
  • Association of Certified Fraud Examiners
  • Society of Compliance and Ethics Professionals
  • National Society of Compliance Professionals
  • Certified Fraud Examiner
  • Certified Compliance and Ethics Professional
  • BA in Finance, University of Oklahoma, Norman, OK
  • MPA, Drake University, Des Moines, IA
  • Association of Certified Fraud Examiners - Heartland Chapter, Board Member
  • Oklahoma University Price College of Business, Board Member


We tap into the vast knowledge and experience within our organization to provide you with monthly content on topics and ideas that drive and challenge your company every day.

About UsOur Team | Events | Careers | Locations

Toll-Free: 866.577.0780Privacy Policy | All Content © Lutz & Company, PC 2021