Glossary
Please see below a list of common glossary terms.
Term | Description |
---|---|
Business Objective | Those measurable steps the organization takes to achieve its strategy. |
Compliance | The ability to reasonably determine conformity and adherence to policies, plans, procedures, laws, regulations and contracts |
Control | Any action taken by management, the board, and other parties to manage risk and increase the likelihood that established objectives and goals are achieved |
Core Values | The entity’s beliefs and ideals about what is good or bad, acceptable or unacceptable, which influence the behaviour of the organization. |
Culture | The attitudes, behaviours, and understanding about risk, both positive and negative, that influence the decisions of management and personnel and reflect the mission, vision, and core values of the organization. |
Data | Raw facts that can be collected together to be analyzed, used, or referenced |
Enterprise Risk Management | The culture, capabilities, and practices, integrated with strategy-setting and its performance, that organizations rely on to manage risk in creating, preserving, and realizing value |
Entity | Any form of for-profit, not-for-profit, or governmental body. An entity may be publicly listed, privately owned, owned through a cooperative structure, or any other legal structure |
Event | An occurrence or set of occurrences |
External Environment | Anything outside of the entity that influences the ability to achieve strategy and business objectives |
External Stakeholders | Any parties not directly engaged in the entity’s operations but who are affected by the entity, directly influence the entity’s business environment, or influence the entity’s reputation, brand, and trust |
First Line of Defence | The core business functions; schools, faculties, corporate services |
Fraud | Any illegal act characterized by deceit, concealment, or violation of trust. These acts are not dependent upon the threat of violence or physical force. Frauds are perpetuated by parties and organizations to obtain money, property or services; to avoid payment or loss of services or to secure personal or business advantage |
Governance Framework | The system of risk management that assists the University in effectively identifying, measuring, monitoring, reporting and managing risks that may impede its ability to achieve strategic objectives |
Governance | The combination of processes and structures implemented by the Board to inform, direct, manage and monitor activities of Trinity College towards its objectives |
Impact | The result or effect of a risk. There may be a range of possible impacts associated with a risk. The impact of a risk may be positive or negative relative to the entity’s strategy or business objectives |
Independence | The freedom from conditions that threaten the ability to carry responsibilities in an unbiased manner |
Information | Processed, organized, and structured data concerning a particular fact or circumstance |
Internal Audit | Internal auditing is an independent, objective assurance and consulting activity designed to add value to and improve an organization's operations. Often referred to as the "third line of defence." |
Internal Control | A process, effected by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and compliance |
Internal Environment | Anything inside of the entity that influences the ability to achieve strategy and business objectives |
Internal Stakeholders | Parties working within the entity such as employees, faculty staff, management, and the board; as well as the entire student body |
Likelihood | The possibility that a given event will occur |
Materiality | An expression of the relative significance or importance of a particular matter in the context of an entity as a whole |
Mission | The entity’s core purpose, which establishes what it wants to accomplish and why it exists |
Objective | A concrete statement that describes what an entity is trying to achieve |
Operating Structure | The way in which an entity organizes and carries out its day-to-day operations |
Opportunity | An action or potential action that creates or alters goals or approaches for creating, preserving, and realizing value |
Organization | The term used to collectively describe the board of directors, management, and other personnel of an entity |
Organizational Sustainability | The ability of an entity to withstand the impact of large-scale events |
Performance Management | The measurement of efforts to achieve or exceed the strategy and business objectives |
Portfolio View | A composite view of risk an entity faces |
Reasonable Expectation | The amount of risk of achieving strategy and business objectives that is appropriate for the entity, recognizing that no one can predict risk with precision |
Risk | The possibility that events will occur and affect the achievement of strategy and business objectives |
Risk Analysis | The process to understand the nature, sources, and causes of the risks and estimate the level of risk. Used to study impacts and consequences and examine the controls that exist |
Risk Appetite | The types and amount of risk, on a broad level, an organization is willing to accept in pursuit of value |
Risk Capacity | The maximum amount of risk that an entity is able to absorb in the pursuit of strategy and business objectives |
Risk Evaluation | The process to compare risk analysis results with risk criteria in order to determine whether or not a specified level of risk is acceptable or tolerable |
Risk Identification | The process of identifying, recognizing, and describing risks that could affect the achievement of objectives |
Risk Inventory | All risks that could impact an entity |
Risk Management Practices | The methods and approaches deployed within an entity relating to managing risk |
Risk Profile | A composite view of the risk assumed at a particular level of the entity, or aspect of the business that positions management to consider the types, severity, and interdependencies of risks, and how they may affect performance relative to the strategy and business objectives |
Risk Register | The tool used to capture risks to an entity's objects at a granular and portfolio level for the purposes of performing risk assessments, including risk identification, risk analysis, and risk evaluation |
Second Line of Defence | Support functions e.g. risk compliance, data protection, legal etc |
Severity | A measurement of considerations such as the likelihood and impact of events or the time it takes to recover from events |
Stakeholders | Parties that have a genuine or vested interest in the entity |
Strategy | The organization’s plan to achieve its mission and vision and apply its core values |
Third line of defence | See "Internal Audit." |
Three lines of defence | Describes the way in which responsibilities for managing risk are divided throughout an entity |
Tolerance | The boundaries of acceptable variation in performance related to achieving business objectives |
Uncertainty | The state of not knowing how or if potential events may manifest |