Risk Vocabulary

Term	Definition
Asset	The definition of an IT Asset is very broad. It is any piece of hardware or software but may also includes data, interfaces or reports
Appetite	Risk appetite is the level of risk that an organization is prepared to accept in pursuit of its objectives, before action is deemed necessary to reduce the risk. It represents a balance between the potential benefits of innovation and the threats, that change inevitably brings -- Wikipedia
Control	Controls are specific manual or automated activities performed by persons or systems, which are designed to ensure that adverse effects of an event, should it occur, are prevented or detected.
Driver for Risk	Something existing in the environment in which organization operates that leads one to believe that a particular risk would occur
Event	Any unforeseen or unexpected occurrence (that can cause losses or create opportunity)
Impact	An an estimate of the potential losses or gains associated with an identified risk
Justification	Explanation of why have we chosen a certain risk strategy
Key Risk Indicator (KRI)	A metric to measure risk. It is used as an early warning for risk.
Probability or Likelihood	The possibility of a risk potential occurring measured in qualitative terms
Profile	Describes an organization's key risks, which include both threats and opportunities -- Canada.ca guide to risk
Tolerance	is the amount of risk that an organization is comfortable taking or the degree of uncertainty that an investor is able to handle -- investopedia.com
Risk	An uncertain event(s), should it occur, will have a favorable or adverse effect on the achievement of organization’s objectives.
Residual Risk	Risk remaining after effects of controls are accounted for
Strategy	The organizational response to address the risk