4ME A shorthand way of referring to the key root cause characterizations. It stands for Man, Machine, Materials, Method, and Environment.

actuarial theory The “science” used by actuaries—the people who develop and manage insurance pricing and predictions—that considers risk as the possibility of loss.

adverse selection When bad results occur because buyers and sellers have different information. This happens when risky buyers show unique tendencies or practices of which the sellers are unaware. These buyers are attracted to certain products which make the cost of supplying the product to them more than original expectations held by the seller when the product was manufactured and the price point established.

backtesting Checking the effectiveness of risk measurement predictions by verifying how predictions compare to actual results.

basis point Unit of measure used to describe the percentage change in the rate of a financial instrument. One basis point is equivalent to 0.01 percent.

benchmarks Data or individual measures drawn from other company examples or calculated from other sources.

black box A risk model that lacks transparency of its specific risk assumptions, measures, and findings. These models sometimes create as many risks for the organization as they are meant to manage.

blow-up A sudden major disruption or failing of a known successful business, due to some sort of breakdown. These often entail policy, values, measures, and/or governance issues.

bottom-up approach A method that takes individual risks and looks at how they behave together in an additive fashion.

business continuity plan (BCP)An emergency contingency plan that spells out how to recover and restore functions that have been partially or completely interrupted.

business rhythm The cycle of activities that revolves around financial management and monitoring.

capital allocation Attribution of economic capital, or other forms of capital, to each core business, product, and/or location.

capital at risk The amount of available cash that could diminish or be wiped out in the event of an unexpected loss.

capital buffers Money put aside from the capital base to support unexpected losses. Also sometimes synonymous with economic capital and capital at risk.

capital multiplier A number multiplied by the standard deviation (unexpected loss) in order to yield economic capital or capital at risk.

cash crisis liquidity plan A contingency plan, used in the event of a liquidity crisis, that shows potential sources of rapid cash, sources to call, and parts of the operation to shut down (or initiate).

compliance The successful fulfillment of regulations, usually set by a financial institution (for borrowing purposes) or industry standards.

concentrated risks A number of small risks that collect or merge into one big potential risk.

confidence interval The relationship of economic capital to unexpected loss, reflecting what amount of economic capital will cover all likely losses within a specific risk appetite.

contagion A chain of events, triggered by one incident, that affects other departments or aspects of a company.

contingency plans Specific planning designed to create a quick response after the occurrence of a risk event.

continuous improvement Managing the process of continuous change, upgrades, and advancements in risk skills, measures, uses, and other capabilities.

contribution method An approach to performance measurement that yields a specific dollar amount rather than a percentage. Economic profit is a contribution method.

correlation The degree of relationship between two variables; in risk management, specifically the degree of relationship between potential risks.

correlation coefficient A figure quantifying the correlation between risk events. This number is between negative one and positive one.

correlation matrix A table that describes the correlations between one factor and every other factor.

cost-benefit analysis An evaluation that determines the value of an approach relative to its costs and benefits; used in risk management to evaluate mitigation strategies.

covariance A statistical measure of how much two variables change together.

criticality The level of seriousness of a risk.

customer management In risk management, the process of identifying, targeting, managing, servicing, and addressing customer issues, including collections.

derivatives Financial instruments whose values are derived from the underlying value of other assets.

disaster recovery plan A contingency plan that goes into effect after a full disaster occurs, used to reestablish basic capabilities and resources.

distribution A common mechanism for portraying and measuring uncertainty in risk. It reflects the range of events that may occur, their frequency or likelihood, and impact.

distribution curve A graph that shows the way in which risk disperses by potential likelihood and impact, where likelihood is plotted on the y-axis and impact is plotted on the x-axis.

distribution tail The long end of the distribution curve; the fatter the tail, the greater the risk estimates.

diversification The branching out of products, assets, or services into several different types and lines or different markets or customer bases.

drivers Core characteristics that “drive” an outcome.

earnings volatility The variance of earnings. The lower the figure, the more stable the business.

earnings volatility analysis Measuring the volatility (standard deviation or unexpected loss) of a company’s earnings over time.

economic capital The amount of capital that could be placed at risk in the event of an unexpected loss. These are the real risks of the business activity. Synonymous with capital at risk and frequently with capital buffers.

economic profit A performance measure used to understand real profit contribution when analyzing risk-adjusted returns.

expected loss The mean loss rate generated by multiplying probability of default, exposure at default, and loss given default.

exposure The amount of money one could lose in a risk event.

exposure at default The projected potential total dollar and asset exposure at the time of default.

exposure limits The total allowable exposure to any particular risk factor.

external event information Data gathered by studying outside businesses or industries to see how risk events occur and their impacts.

financial risk The threat of any outside or inside issue or event to the monetary strength, profit margin, or capital investment of a business. This category includes cash flow, liquidity, budgetary requirements, tax obligations, creditor and debtor management, direct capital markets effects, remuneration, and other general account management concerns.

force majeureThe “God forbid” risk of disaster—tornadoes, hurricanes, floods, and fires. War is also considered a force majeure.

forward An over-the-counter contract between parties that determines the rate of interest, or the currency exchange rate, to be paid or received on an obligation beginning at a future date.

four lines of defense A common organizational model of in-house risk management that includes business management, risk and compliance, auditing, and senior management and the board.

front-page test A test of reputation risk: What would a newspaper’s banner headline say about your worst-case loss scenario?

futures A standard contract to buy or sell a standard amount and quality of a specified commodity at a certain date, at a market-determined price.

“go/no-go”A decision to proceed or stop, built into various risk management strategies.

governance The “checks-and-balances” method that keeps risks in check; a review of measurements, mitigation methods, and risk monitoring results over a period of time.

growing the upside The process of expanding a business and increasing its potential.

hard risk limits Setting an absolute numerical limit or threshold of acceptable risk for a particular project or business.

hedging Offsetting the effect of risks by receiving cash flows when risks are high or the business climate unfavorable.

hierarchy of assurance A means of monitoring risk relative to seniority of personnel and roles in the company.

historical simulation The process of running historical financial parameters through one’s current portfolio of financial instruments to gauge how that portfolio would have behaved under past circumstances.

horizon time The target timeline for fulfilling a project or measuring a risk; for risk measures, usually one year.

hurdle rate The rate of return a company will try to meet or exceed.

idiosyncratic risk The portion of risk unique to specific factors (the customer, project, industry, operation, etc.).

incentives Bonuses and other rewards given for meeting or exceeding performance targets.

iterative process Arriving at a better decision or desired result by repeating rounds of analysis or operation cycles.

key man risk Risk surrounding the departure or leakage of information from the most vital employee in a department or company.

know your customer A concept tied to the risk behaviors and needs of the individual customer. In risk management, closely tied to regulation regarding anti-money laundering, external fraud, and antiterrorism measures.

lagging indicators Data that reflects a slower reaction to economic or market changes; useful to describe trends.

leading indicators Information that helps to forecast an increase in risk likelihood or severity before it appears in actual risk measures.

leakage The amount of financial or other resources that fall through the cracks.

life cycle The life span of a particular business rhythm or activity. There are business life cycles, customer life cycles, and even risk event life cycles.

limit trees Risk limits that start at a central top limit and break down as “branches” across a company’s departments, divisions, portfolios, or product lines.

loss event capture Recording all losses that have occurred in the organization.

loss given default Same as severity.A measure of losses, net of recovery, all costs, and including the time value of money. Used in financial risk measurement, particularly credit risk.

materiality The importance or significance of an amount; used in risk management to assess the most important risks.

material risks Risks that have grown to a size that must be addressed.

metrics Groupings of data, or numbers, that reflect specific measures or subjects.

mitigation The reduction or confinement of risk events once they have occurred.

models Equations or measures developed to evaluate specific types of risk. There are countless risk models.

modern portfolio theory A popular theory, defining risk as earnings volatility and taking into consideration the concepts of correlation and diversification: the more a company diversifies its holdings, products, and marketplace, the more risk can be reduced—to a point.

monitoring Systematic tracking of specific risk issues.

Monte Carlo analysis A method using a random number generator to create a set of market rates and apply them to a specified equation or algorithm; most commonly used in models to generate a distribution of potential outcomes.

Mutually Exclusive, Collectively Exhaustive (MECE)An ideal way to categorize risk, because it involves every company risk while addressing the issues posed by each.

natural hedge An investment that reduces undesired risk, often by matching revenues and expenses.

odds In risk management, the likelihood of an event occurring versus the likelihood of an event not occurring.

operational risk The risk of loss resulting from inadequate or failed internal processes, people or systems, or from external events. This includes fraud events, security issues, and external events, including natural disasters and political events.

opportunity cost Loss of money, reputation, or positioning from the inability to seize an opportunity or complete a major task or project.

options A contract between a buyer and a seller that gives the buyer the right to purchase or sell a particular asset on a future date at an agreed-upon price.

outsourcing Transfer of a segment of business to another company or specialist.

parametric VAR A value-at-risk measure that assumes that future behavior will replicate past behavior, applying a normal distribution to mean and standard deviations.

partnership model A business model that improves understanding of risks and joins together planning and management.

pilot program A test or experiment that usually takes place in the course of business operations, over a sufficient period of time.

Porter’s Five Forces An economic standard process for identifying the strengths and weaknesses of a company’s present competitive position.

portfolio risk The risk of particular investments and their effects on the overall portfolio.

predictive model A model that tries to predict future behavior using past behavior.

probability of default Likelihood that a debtor will default within a one-year horizon time.

probability of event Likelihood of an actual risk event occurring within a one-year horizon time.

probability of loss Estimated likelihood of financial and material losses due to a risk event.

project risk Threats to the management of equipment, finances, resources, technology, time frames, and people associated with specific projects.

rank ordering An analysis method that evaluates risks from highest to lowest.

recovery data Information that helps to recover defaulted payments from customers.

replacement probability Likelihood of risk recurrence following a risk event.

reporting cycle The frequency of filing risk management and other reports; varies from daily to annually.

reputation risk The damage to a company’s image and standing resulting from outside events or shoddy practices.

reserves Money set aside to offset expected losses.

risk A predictable or unpredictable event that has an uncertain outcome.

risk appetite The amount of risk that a company is willing to absorb and sustain.

risk appetite statement A working document that spells out the risk parameters of a company, as well as its preferences for taking or not taking specific risks.

risk assumptions Evaluations of existing risk, completed before and after a risk assessment.

risk classes Categories and subcategories of risk, stemming from financial, operational, and strategic risk.

risk culture The corporate policy, philosophy, and attitude that determine how a company approaches risk.

risk dashboard A summary of risk and related reporting information, generally displayed in a web-based format.

risk event An event leading to the disruption of operations, caused by factors (risks) either known or unknown.

risk management theory A theory that uses volatility, risk probability, and severity of loss to determine the level of risk.

risk manager A company official or outside expert who oversees all risk operations for a department or the entire enterprise.

risk matrix A graph that compares the likelihood and severity of risks from highest to lowest.

risk profile The overall sum and degree of risks a company possesses.

risk rating An assessment measure used to rate a customer’s risk (usually risk of default on a financial obligation). This approach may be applied widely to many types of risks and specific applications.

risk register A record of a company’s risks.

risk table A tool used to better understand and predict the likelihood and/or severity of risks.

risk transfer Shifting currently or potentially risky activities to another company.

risk versus return Comparison of projected profits of business endeavors with their associated risk.

risk versus reward The bedrock comparison when evaluating the profitability of risk-taking: How much reward will come from the risk?

risk-adjusted return on capital (RAROC)A key measure in risk management. A simple return (earnings) is adjusted for risk losses or costs, then divided by the amount of risk associated with the activity.

risk-weighted outcomes Strategic projections into which the likelihood of a particular risk, or set of risks, has been factored.

root cause analysis A procedure that traces through a complete chain of events to find the cause of a risk event.

scenario analysis The process of identifying and evaluating potential risks to your business, and how they might play out, before they occur.

scorecard An approach to rating risk used in many areas of risk management. A scorecard is most commonly used for rating customer risk (often individuals) as the probability of default in financial risk management.

securitization Collecting groups of credit assets (loans) into pools (similar to groups), then reselling them as securities.

severity The potential impact of a risk event.

share of wallet The total percentage a customer spends on goods and services with your company compared to what he spends with competitors.

shareholder value The gauge of a company’s value to investors, shareholders, officers, board members, and other interested parties.

soft risk limits Guidelines for risk thresholds that can be adjusted higher or lower depending upon business activity.

stage-gating A process evaluation method that assigns criteria, or “gates,” that must be met before proceeding to the next step.

stakeholders People directly affected by a company’s status. They include executives, managers, employees, suppliers, distributors, regulatory agencies, service providers, shareholders, media, and more.

standard deviation The measured range of economic volatility that can occur during the course of doing business.

stop-loss limit A limit at which operations, typically production, lending, or trading, stop and major remedial action takes place.

strategic risk The current or prospective risk to earnings and capital arising from the business environment, business decisions, or improper implementation.

stress test A test of a financial or risk model’s ability to sustain extreme amounts of stress to its viability.

swaps A financial tool in which parties with differing business interests exchange—swap—one cash flow stream with another.

SWOT analysis A method that enables companies to view strengths, weaknesses, opportunities, and threats together.

systemic risk The portion of total risk that already exists in the company. Also called nondiversifiable risk.

target credit rating The goal number companies seek when assessing their credit standing.

thresholds Risk limits to be approached, but not exceeded.

top-down approach The method that analyzes overall company health, then breaks down that view into smaller and smaller segments.

total loss exposure The measure of how much a company would physically lose in a risk event, plus related aftereffects.

traffic lights Three colored signals used to categorize risk: high (red), medium (yellow), and low (green).

transparency Identifying, quantifying, and openly reporting on a company’s risk and mitigation status.

triggers Figures, or limits, that alert risk managers of trouble when they are hit or exceeded, usually indicating the start of a predetermined process or action.

unexpected loss(UL)Losses that happen suddenly or that exceed forecasted amounts. Businesses plan for them by holding aside capital buffers.

value-at-risk (VAR)A measurement method that yields a standard deviation of return.

volatility The positive and negative swings in business and risk management. Volatility and risk are directly related and complementary.

war-gaming An approach to strategic risk scenario analysis that shows the point-of-view of both the competitor and the company.

X-bar/R chart A pair of deviation charts that reveal abnormal risk behavior.