Concepts GRC and Risk Management

Promotion holder
The person or organization (part) designated to implement the  risk management measure  to be carried out under the responsibility of the  risk manager.

Actor
See action holder

Administrator
See risk manager

Control measure
An activity that in any way aims at eliminating , avoiding or minimizing the  cause or the effect of an unwanted event >> see NARIS^® Risk management

Gross risk
Risk without control measures

Corrective measure
A measure that aims to achieve the intended objectives after an undesirable event has occurred

Endogenous risk
A risk of which the suggestibility and responsibility lies within one’s own organization (seen from the person who reports on it)

Severity
See consequence

Owner
See risk owner

ERM model or risk management model
A standard risk management model. For example; COSO Enterprise Risk Management (integral), ISO 31000 guidelines (integral), RISMAN (projects), Management of Risk (M_o_R)

Exogenous risk
A  risk whose suggestibility and responsibility lies outside one’s own organization (as seen from the person reporting on it).

Facilitator
A person who supervises risk meetings. Process supervisor

Event
An event that has or may affect the achievement of the intended objectives.

Consequence
The effect resulting from the occurrence of a  risk.

GRC framework
Governance risk and compliance is a model in which the risks are linked to the governance and compliance activities of the organization. As a result, it is better integrated into the organization.

Initial risk
The assessment of the  risk without the effects of control measures< /em>.

Approaches
Perspectives to look at a project in different ways to aid in the identification of risks.

Impact
See consequence

Incident
See event

Internal control
Processes aimed at providing reasonable assurance about achieving objectives.

Opportunity
The possibility of an event occurring expressed as a value between 0 and 1.

Qualitative risk analysis
A risk analysis in which the risks of are ranked in order of importance on the basis of a qualitative assessment.

Quantitative risk analysis
A  risk analysis in which the magnitude of the  opportunity and of the  consequence of the risks and uncertainties quantitatively, so in numbers, are estimated.

Mitigating measure

See control measure

Net risk
Risk including control measure, also called residual risk

Undesirable event
An event that has or may have a negative influence on the achievement of the intended objectives.

Undesirable top event
An event that is used in the  risk analysis  as the most undesirable event em>.

Uncertainty
Unfamiliarity with the actual and/or future situation.

Operational Risk Management
< /strong>Operational risk refers to the risk that arises as a result of the failure or inadequacy of internal processes, human and technical deficiencies, e n unexpected external events. The risks are known and it is especially important whether the control measures are actually operational.

Organization

• An organized group of activities , resources and people working towards common goals. Stakeholders
• Groups and individuals whose interests are represented or influenced by the organization.
• Governing body – Those accountable to stakeholders for the success of the organization.
• Management – ​​The individuals, teams, and support functions designated to provide products and/or services to the organization’s customers.
• Internal audit