what is risk mgmt?
evaluating risks together with procedures to minimize/mitigate the risk
what is business risk?
the threat to a company’s ability to achieve its objectives
what is financial risk?
risks associated with financing and equity
what is risk appetite?
amount of risk an org is willing to accept in pursuit of its strategic objectives
what is risk tolerance?
max risk a company is willing to take for each type of risk
what do we measure risk based on?
- impact
- likelihood
what is inherent risk?
risk in the business before controls/actions are put in place
what is residual risk?
risk remaining after dev and imp controls
what are the steps which can be taken to reduce the averse effects of risks?
- avoid
- transfer
- accept
- limit/reduce
when do we avoid risks?
for high probability and impact
when do we transfer risk?
low prob, high impact
when do we accept risk?
- low prob, low impact
- costs more to mitigate than just accept
when do we limit risk?
- high prob, low impact
- some acceptance, some avoidance
