Terms | Description |
| ALARP | “As Low As Reasonably Practicable”, which, in a risk management context, involves weighing a risk against the trouble, time and money needed to control it. |
| Assessment | In a risk management context, evaluating a risk including, if possible, both qualitative & quantitative evaluation in terms of occurrence probability, cost, time, or other form of potential or actual impact |
| CAPA | Corrective and Preventative Action |
| CAS | Casualty Actuarial Society (by extension, their widely used ERM theoretical framework & set of principles) |
| (Risk) Category | A more specific class of risks beyond their subdivision into threats vs opportunities |
| CDF | Cumulative Distribution Function. In probability theory & statistics, the CDF of a random variable, actually realized, X, or simply the distribution function of X evaluated at x, is the probability that X will have a value less than or equal to x. |
| COBIT | Control Objectives for Information and Related Technologies (a widely used ERM theoretical framework & set of principles) |
| COSO | Committee of Sponsoring Organizations (by extension, their widely used ERM theoretical framework & set of principles) |
| Domain | Typically, a project, an organizational unit, or an asset |
| DSHA | Defined Situation of Hazard and Accident |
| Enterprise risk | An enterprise-wide risk that pervades most, realistically all levels and areas of an enterprise (vs project risk, which impacts/consequences are typically contained within a specific project or domain context within a larger enterprise) |
| ERM | Enterprise Risk Management |
| HAZID | Hazard identification |
| HAZOP | Hazard and operability study. A structured and systematic study of a complex planned or existing process or operation to identify and assess problems that may pose a risk to personnel or equipment. |
| ISO | International Standard Organization |
| ISO-31000 | An international standard on Risk management |
| (Risk) Lift | A method to aggregate risks within a hierarchical domain tree. Note: Risk Lifting shall not be confused with "lifting risk" (a manual handling risk in many industries) |
| Matrix | In ERM, a Risk Matrix positions risks over a pre-determined scope within a color-coded 2D diagram, ranked by probability vs potential consequence/impact severity. Additional metadata might indicate how each risk has evolved since a previous assessment. |
| Mitigation | An action aimed to control or neutralize a risk |
| Monte-Carlo | A particular type of simulation conducted on risks that have 3-points estimate values, to model the probability of different outcomes in a process that cannot be easily predicted due to the intervention of random variables. It is a technique used to understand the impact of risk and uncertainty in prediction and forecasting models. The calculations are based on a triangular distribution of the consequence values. A uniform distribution is used for probability. For each simulation, for each risk, the probability decides whether the risk occurs or not. In a Monte-Carlo graph:
|
| MTO | Man-Technology-Organization. A systemic approach to understanding Human factors within complex industrial contexts, rather than studying them in isolation. The methodology was developed following a series of major accidents that occurred during the 1980s (Bhopal, Chernobyl, Zeebrugge, King's Cross, Piper Alpha and Clapham Junction) which in most cases appeared to have originated in the managerial and organizational sphere. |
| NIST | National Institute of Standards and Technology, US-based (by extension, their widely used ERM theoretical framework & set of principles, especially targeted to cybersecurity risk domains) |
| NPV | Net Present Value |
| P10, P50, P90 | P50 (and P90, Mean, Expected and P10) is the methodology based on simulating potential scenarios with Monte Carlo Simulations, where the P stands for Percentile. For example, in the oil & gas industry: P90 should be at least a 90% probability that the actually recovered quantities will equal or exceed the low estimateP50 should be at least a 50% probability that the actually recovered quantities will equal or exceed the best estimateP10 should be at least a 10% probability that the actually recovered quantities will equal or exceed the high estimate. P50 is a good middle estimate, mean and expected. |
| PS | Performance Standard |
| QRA | Quantitative Risk Assessment. A formal and systematic risk analysis approach to quantifying the risks associated with the operation of an engineering process. QRA is an essential tool to support the understanding of exposure to risk to employees, the environment, company assets and its reputation. |
| Risk opportunity | A positive outcome that may bring additional value to a project by allowing achieving improvement |
| RBS | Risk Breakdown Structure |
| RIMS | Risk and Insurance Management Society (by extension, their widely used ERM theoretical framework & set of principles) |
| Risk | The potential variability of expected returns (either in terms of time/schedule, goals/scope, financial costs, or other factors). |
| RRM | Risk Reducing Measure |
| Three-point estimate | Overall expected value for the consequence area of a risk, derived from minimum, most likely and maximum values for the risk. |
| UI | User Interface |
| UX | User eXperience |
| WBS | Work Breakdown Structure |
| X-domain risk | A risk extending to more than 1 project or domain. Note: a cross-domain risk is not necessarily an enterprise-wide risk (see enterprise risk) |
| Zero-training | An UI/UX concept focused on apps high intuitiveness, resulting in less training costs, faster adoption, wider scope, and usage pervasiveness |