High Level Risk Definitions

Estimated reading: 3 minutes 350 views

“High Level Risk Definitions” serve as the guiding beacons that illuminate the path to comprehension of risk terminologies. These definitions transcend the intricacies, offering a bird’s-eye view that captures the essence of complex topics in a language accessible to all.

In essence, they are the compass guiding decision-makers through the intricate landscape of uncertainties. Crafted with precision, these definitions encapsulate diverse risk categories, fostering a shared language across teams. Through meticulous research, these high level risk definitions crystallize complex concepts into digestible insights, enriching the discourse on risk and empowering organizations to navigate challenges with informed resilience.

High-level risk definitions

Company Objectives	A short description of the organization’s objective is available in settings
Risk Name	Describe the risk briefly so that people will understand what risk you are assessing
Risk Category	Category (grouping) of risks
Risk Impact	Describe the potential impacts should the risk occur, ideally in business terms. Decide whether to use “worst case” or “anticipated” impacts and be consistent. Consistency is especially important as the risk register gets larger and more people get involved in the assessments
Owner	Who will be held accountable if the risk treatments are inadequate, incidents occur, and the organization is adversely impacted? It is in this person’s interest to assess and treat the risks adequately or face the consequences
Assessment Summary	A brief summary of how the risk was assessed, along with any relevant details that will help determine its impact and likelihood
Inherent Risk	The calculation of risk before any treatment actions have taken place. For example, the risk of financial loss is very high if account numbers and invoices are not verified prior to payment
Inherent Likelihood	The likelihood of a risk materializing
Inherent Business Impact	The impact the risk can have on your business, should it materialize
Inherent Risk Rating	This is the product of the probability and impact values, or, in other words, the untreated or inherent level of risk
Next Assessment Date	Risks need to be regularly reviewed and setting a next assessment date helps you remember when to come back and review
Residual Risk	A calculated measure of risk after any form of treatment has taken place. For example, the risk of fire is reduced by 50% if smoke detectors are installed. Risks can be reduced by adding controls or building treatment plans
Connected Controls	A list of controls helps mitigate the risk
Control Effectiveness	A numerical measure of how useful an organizational control is at reducing a risk. For example, the risk of theft can be reduced by having security cameras (controls). If the cameras are working as designed and no thefts have taken place, the control is 100% effective
Treatment Type	The appropriate strategy to continue reducing risk Avoidance Remediation Transference Acceptance Mitigation
Action Plan	In case your risk actions do not include controls, you can leverage a free text editor in the Treatment plan section to add details on how the risk will be addressed

To learn more about TrustCloud’s TrustRegister, click here!

Learning

Platform Overview

TrustOps

TrustShare

TrustRegister

AuditLens

Changelogs

TrustCloud API

Courses

GRC Launchpad

Forums

Welcome

TrustCloud Q&A

GRC Q&A

Champions

Companies

Resources

Trusted Partners

Articles

Glossary

Code of Conduct

Support

Report a bug

TrustCloud Blog

Go to TrustCloud.ai

High Level Risk Definitions

High-level risk definitions

Join the conversation Cancel reply

ON THIS PAGE

SHARE THIS PAGE

SUBSCRIBE

Want to see how to turn GRC into a profit center?

Resources

Platform

TOPICS

ABOUT US