Glossary of Terms
Clarification of key terms used in the NHSCFA's Risk Management Guidance
|An evaluated opinion, based on evidence gained from a review and analysis of an organisation’s governance, risk management and internal control framework.
|Audit, Risk & Assurance Committee (ARAC)
|A Committee appointed to support the Board to in monitoring the corporate governance and control systems in the organisation.
|Designed to reduce the harm of or compensate for the realisation of a risk.
|Controls put in place to detect whether a risk has been realised. These are designed to limit harm and act as an early warning.
|Directions to employees or business units designed specifically to limit risk realisation or harm.
|The consequences, as a combination of impact and likelihood, which may be experienced by the organisation if a specific risk is realised.
|Governance comprises the organisational arrangements put in place to ensure that the intended outcomes for stakeholders are defined and achieved.
|The exposure arising from a specific risk before any action has been taken to manage it.
|Any action originating within the organisation taken to manage risk. These actions may be taken to manage either the impact if the risk is realised, or the frequency of the realisation of the risk.
|An issue is defined as an event that has happened or is happening. It is a known as opposed to an unknown quantity. The outcome of the actions or events is no longer subject to uncertainty.
|Controls designed to limit the possibility of an undesirable outcome being realised.
|Probability and impact matrix
|A grid setting out the possible risk assessment scores for each combination of probability and impact.
|The exposure arising from a specific risk after action has been taken to manage it and making the assumption that the action is effective.
|Risk is defined as the uncertainty on objectives: whether positive opportunity or negative threat. It is the combination of probability and impact.
|The amount of risk that an organisation is prepared to accept or be exposed to at any point in time. Sometimes referred to as “risk tolerance”.
|Risk Appetite Statement
|The amount and type of risk that an organisation is willing to take in order to meet their strategic objectives.
|The evaluation of risk with regard to the probability and impact should a risk be realised taking into account risk proximity.
|All the processes involved in identifying, and assessing risks, assigning ownership, taking actions to mitigate or anticipate them, and monitoring, reviewing and communicating progress.
|The overall organisational approach to risk management as defined by the senior management and/or Board. This should be documented and easily available throughout the organisation.
|The documented and prioritised overall assessment of the range of specific risks faced by the organisation
|A judgement as to how soon exposure to the risk might occur of the risk
Was this page helpful?
Tell us what's happened so we can fix the problem. Please do not provide any personal, identifiable or sensitive information.