Control
A control is an existing process, policy, device or action that minimises negative risk (or enhances opportunity).
Control effectiveness
How effective your organisation’s current controls are in reducing the consequence and likelihood of a risk. This resource rates control effectiveness as Good, Adequate or Poor.
Consequence
If a risk becomes a reality, the result could be positive or negative. Examples of negative consequences include loss of funding, prosecution, damaged relationships or loss of reputation. A positive consequence could be an opportunity.
This resource rates consequences as High, Medium or Low.
Hazard
A hazard is a source of risk. For example, loose carpet on a stairway is a hazard. The possibility of injury is a risk of this hazard.
Indicative controls
Indicative controls are the controls you should have in place for your organisation in an ideal situation to reduce the consequence and likelihood of a risk. The Risk Templates document lists the indicative controls for each risk.
Likelihood
Likelihood is a measure of the probability that a risk will have a particular consequence.
This resource rates likelihood as Likely, Possible or Unlikely.
Loss
A loss is any negative consequence, financial or otherwise.
Risk
Risk is the chance of an event that will have an consequence on objectives.
Risk assessment
Risk assessment is the process of identifying, analysing and evaluating risk.
Risk profile
A risk profile shows risks sorted from high to low. The risk management Excel tool uses a bar chart, rather than the matrix some people are familiar with.
Risk register
A risk register records risks along with their description, their ratings for consequence, control effectiveness and likelihood, and an overall risk value.
Risk ratings
Ratings that the risk management Excel tool assigns to the descriptors of consequence, control effectiveness and likelihood.
Risk threshold
The overall risk value (established by the board and documented in the risk management policy) beyond which a risk is considered unacceptable. This toolkit recommends a risk threshold of 60.
Risk value
The overall value assigned to a risk; calculated using the ratings of consequence, control effectiveness and likelihood.
Risk value = potential consequence x (100% – effectiveness of controls) x likelihood
Back to top