top of page
Search
Anthony Wilson

The A to Z of risk terminology – ‘C’

Cause - The reason a risk may eventuate.


Code of Professional Conduct - A framework of core values, principles and standards of the Australian Professionals Association that guides members in their conduct with guests, colleagues, and the community.


Communication and Consultation - Continual and iterative processes that an organisation conducts to provide, share, or obtain information, and to engage in dialogue with stakeholders regarding the management of risk.


Compliance - Adhering to the requirements of laws, industry and organisational standards and codes, organisational policies and procedures, principles of good governance, and accepted community and ethical standards.


Compliance Evaluation Mechanisms - Review mechanisms, such as formal or informal audits, performance, or incident reporting.


Compliance Key Contact - Appropriate contact person for compliance matters.


Compliance Measures - Systems, procedures, processes, or other measures in place to ensure The organisation’s achieves compliance with the legislative, policy and procedure requirements.


Compliance Policy - A declaration of The organisation’s commitment to comply with all relevant laws and other requirements, including policies and procedures, for which there is a reasonable expectation of compliance.


Compliance Program - A series of activities that when combined are intended to achieve Compliance.


Compliance Results - Audit findings, breaches, penalty notices, fines, or areas of non-compliance.


Compliance Risk - The risk of impairment to The organisation’s operating model, reputation and financial condition resulting from a failure to meet applicable licence, legal and other requirements.


Consequence - Outcome of a risk affecting organisational objectives. Can have positive or negative effect, and be expressed qualitatively or quantitatively.

See also Qualitative Analysis and Quantitative Analysis


Context - Defining the external and internal parameters to be taken into account when managing risk.

See also External Context and Internal Context


Control - Measure (including process, policy, device, practice, or other action) that modifies risk. Type of controls are Preventing, Detecting, Mitigating, Correcting, and Enhancing.


Control Assessment - Systematic review of processes to ensure that controls are effective and appropriate.


Control Effectiveness - A measure of the completeness, relevance and efficacy of current controls when compared with what is reasonably achievable by the organisation.


Control Owner Person - or entity accountable to the Risk Owner for designing, implementing, and monitoring the Effectiveness of the control.


Corrective Action - Action to eliminate the cause of a non-conformity and to prevent recurrence.


Correcting Control - A Control that restores the system or process back to the state prior to an event.


Critical Controls - Individual controls that play a key role in preventing and / or mitigating Threat Risks & Project Risks, and enhancing and / or maximising Opportunity Risks.

See also Key Controls


Crisis Management - The process by which an event is managed after the failure of Incident Management and / or the Business Continuity Plan.

Current Controls - Controls that reduce the probability and consequence of a risk that are established (in place) and operating.


Current Risk - The assessed level of risk based on Current Controls, recognising their current Effectiveness.

See also Residual Risk





Comments


bottom of page