ISO 73, 2009 (†456)ISO/GUIDE 73:2009(en) – Risk Management – Vocabulary
- risk (§1.1): Effect of uncertainty on objectives. ¶Note 1 to entry: An effect is a deviation from the expected – positive and/or negative. ¶Note 2 to entry: Objectives can have different aspects (such as financial, health and safety, and environmental goals) and can apply at different levels (such as strategic, organization-wide, project, product and process). ¶Note 3 to entry: Risk is often characterized by reference to potential events (188.8.131.52) and consequences (184.108.40.206), or a combination of these. ¶Note 4 to entry: Risk is often expressed in terms of a combination of the consequences of an event (including changes in circumstances) and the associated likelihood (220.127.116.11) of occurrence. ¶Note 5 to entry: Uncertainty is the state, even partial, of deficiency of information related to, understanding or knowledge of, an event, its consequence, or likelihood. (†637)
- risk analysis (§3.6.1): 3.6.1 risk analysis ~ process to comprehend the nature of risk (1.1) and to determine the level of risk (18.104.22.168) ¶Note 1 to entry: Risk analysis provides the basis for risk evaluation (3.7.1) and decisions about risk treatment (3.8.1). ¶Note 2 to entry: Risk analysis includes risk estimation. (†639)
- risk management (§2.1): 2.1 risk management ~ Coordinated activities to direct and control an organization with regard to risk (1.1)
2.1.1 risk management framework ~ Set of components that provide the foundations and organizational arrangements for designing, implementing, monitoring (22.214.171.124), reviewing and continually improving risk management (2.1) throughout the organization ¶Note 1 to entry: The foundations include the policy, objectives, mandate and commitment to manage risk (1.1). ¶Note 2 to entry: The organizational arrangements include plans, relationships, accountabilities, resources, processes and activities. ¶Note 3 to entry: The risk management framework is embedded within the organization's overall strategic and operational policies and practices.
2.1.2 risk management policy ~ Statement of the overall intentions and direction of an organization related to risk management (2.1)
2.1.3 risk management plan ~ scheme within the risk management framework (2.1.1) specifying the approach, the management components and resources to be applied to the management of risk (1.1) ¶Note 1 to entry: Management components typically include procedures, practices, assignment of responsibilities, sequence and timing of activities. ¶Note 2 to entry: The risk management plan can be applied to a particular product, process and project, and part or whole of the organization. (†638)
- risk management : [Note: The standard organizes terms under headings for risk management, risk management process, communication and consultation, context, risk assessment, risk identification, risk analysis, risk evaluation, and risk treatment, each with many term defined. For example, the entry for risk analysis includes definitions for likelihood, exposure, consequence, probability, frequency, and vulnerability. (†640)