ISO 31000 and Guide 73: 2009 Select Terms and Their Definitions1
ISO 31000 Guide 73: 2009 Select Terms and Their Definitions
Guide 73 has additional notes for some definitions that are not included here. The definitions listed are select definitions chosen by the editors of this book and do not include all the key terms definitions in Guide 73.
Enterprise Risk Management: Not defined by the Guide 73
Event: Occurrence or change of a particular set of circumstances
Exposure: Extent to which an organization and/or stakeholder is subject to an event
Hazard: Source of potential harm
Resilience: Adaptive capacity of an organization in a complex and changing environment
Risk: Effect of uncertainty on objectives
Risk Appetite: Amount and type of risk that an organization is willing to pursue or retain
Risk Attitude: Organization's approach to assess and eventually pursue, retain, take or turn away from risk
Risk Management: Coordinated activities to direct and control an organization with regard to risk
Risk Management Framework: Set of components that provide the foundations and organizational arrangements for designing, implementing, monitoring, reviewing and continually improving risk management throughout the organization
Risk Management Plan: Scheme within the risk management framework specifying the approach, the management components and resources to be applied to the management of risk
Risk Management Process: Systematic application of management policies, procedures and practices to the activities of communicating, consulting, establishing the context, and identifying, analysing, evaluating, treating, monitoring and reviewing risk
Risk Owner: Person or entity with the accountability and authority to manage a risk
Risk Tolerance: The organization's or stakeholder's readiness to bear the risk after risk treatment in order to achieve its objectives