Concepts GRC and Risk Management
Practice shows that jargon raises question marks. We have therefore drawn up a list of risk management concepts. Do you have more questions about risk management? Then contact us!
What is GRC software? What is a GRC tool?
GRC software is the collection of software that supports Governance, Risk and Compliance (GRC) activities. GRC is the integral set of capabilities that enables an organization to confidently achieve goals, address uncertainty, and act with integrity.
In addition to the GRC activities, modern GRC software also supports the ability to perform an audit, handle incidents and support mitigation strategies such as through insurance and contracts with third parties. A supplier of GRC software must of course also be certified, such as the ISO 27001 standard.
The person or organization (part) designated to implement the risk management measure to be carried out under the responsibility of the risk manager.
See action holder
See risk manager
An activity that in any way aims at eliminating , avoiding or minimizing the cause or the effect of an unwanted event >> see NARIS® Risk management
Risk without control measures
A measure that aims to achieve the intended objectives after an undesirable event has occurred
A risk of which the suggestibility and responsibility lies within one’s own organization (seen from the person who reports on it)
See consequence p>
See risk owner
ERM model or risk management model
A standard risk management model. For example; COSO Enterprise Risk Management (integral), ISO 31000 guidelines (integral), RISMAN (projects), Management of Risk (M_o_R)
A risk whose suggestibility and responsibility lies outside one’s own organization (as seen from the person reporting on it).
A person who supervises risk meetings. Process supervisor
An event that has or may affect the achievement of the intended objectives.
The effect resulting from the occurrence of a risk. p>
Governance risk and compliance is a model in which the risks are linked to the governance and compliance activities of the organization. As a result, it is better integrated into the organization.
The assessment of the risk without the effects of control measures< /em>.
Perspectives to look at a project in different ways to aid in the identification of risks.
Processes aimed at providing reasonable assurance about achieving objectives.
The possibility of an event occurring expressed as a value between 0 and 1.
Qualitative risk analysis
A risk analysis in which the risks of are ranked in order of importance on the basis of a qualitative assessment.
Quantitative risk analysis
A risk analysis in which the magnitude of the opportunity and of the consequence of the risks and uncertainties quantitatively, so in numbers, are estimated.
See control measure
Risk including control measure, also called residual risk
An event that has or may have a negative influence on the achievement of the intended objectives.
Undesirable top event
An event that is used in the risk analysis as the most undesirable event em>.
Unfamiliarity with the actual and/or future situation.
Operational Risk Management
< /strong>Operational risk refers to the risk that arises as a result of the failure or inadequacy of internal processes, human and technical deficiencies, e n unexpected external events. The risks are known and it is especially important whether the control measures are actually operational.
- An organized group of activities , resources and people working towards common goals. Stakeholders
- Groups and individuals whose interests are represented or influenced by the organization.
- Governing body – Those accountable to stakeholders for the success of the organization.
- Management – The individuals, teams, and support functions designated to provide products and/or services to the organization’s customers.
- Internal audit