ISO 31000 Guide 73: 2009 Select Terms and Their Definitions

Guide 73 has additional notes for some definitions that are not included here. The definitions listed are select definitions chosen by the editors of this book and do not include all the key terms definitions in Guide 73.

• Enterprise Risk Management: Not defined by the Guide 73
• Event: Occurrence or change of a particular set of circumstances
• Exposure: Extent to which an organization and/or stakeholder is subject to an event
• Hazard: Source of potential harm
• Resilience: Adaptive capacity of an organization in a complex and changing environment
• Risk: Effect of uncertainty on objectives
• Risk Appetite: Amount and type of risk that an organization is willing to pursue or retain
• Risk Attitude: Organization's approach to assess and eventually pursue, retain, take or turn away from risk
• Risk Management: Coordinated activities to direct and control an organization with regard to risk
• Risk Management Framework: Set of components that provide the foundations and organizational arrangements for designing, implementing, monitoring, reviewing and continually improving risk management throughout the organization
• Risk Management Plan: Scheme within the risk management framework specifying the approach, the management components and resources to be applied to the management of risk
• Risk Management Process: Systematic application of management policies, procedures and practices to the activities of communicating, consulting, establishing the context, and identifying, analysing, evaluating, treating, monitoring and reviewing risk
• Risk Owner: Person or entity with the accountability and authority to manage a risk
• Risk Tolerance: The organization's or stakeholder's readiness to bear the risk after risk treatment in order to achieve its objectives