Search the Wiki

Viewing 1 to 97 of 97 items

Nominal Scale

A scale on which information is displayed in categories without any specific order. Usage Notes: Typical scales include: Blue, Green, Yellow Fruits, Vegetables Cars, Trucks Only the most simple operations, such  Full Article…

Comments Off on Nominal Scale

Workforce

Includes operators of the organization at all levels.  

Comments Off on Workforce

Values

State what the organization stands for and the guide the conduct of both individuals and the organization as a whole.

Comments Off on Values

Transfer

Is the use of external funds to finance risk.

Comments Off on Transfer

Threat

Is an event that has, on balance, an undesirable effect on achieving objectives.

Comments Off on Threat

Timing

Is an estimate of when something may happen.

Comments Off on Timing

Stakeholder

Is a person, group, or organization that has direct or indirect stake in an organization because it can affect or be affected by the organization’s actions, objectives, and policies.

Comments Off on Stakeholder

Risk Tolerance

Is the level of risk that the organization is unwilling to exceed to achieve objectives.  

Comments Off on Risk Tolerance

Risk Financing

Provides funds to reduce the financial impact of undesirable effects experienced by an organization.

Comments Off on Risk Financing

Risk Culture

Includes the values, beliefs and behaviors about the governance, assurance and management of risk including: setting risk appetite and tolerances; views about impact of risk on conduct and decisions; and  Full Article…

Comments Off on Risk Culture

Risk Capacity

The maximum level of risk that the organization is able to address.

Comments Off on Risk Capacity

Risk Appetite

The level of risk that the organization is willing to accept to achieve objectives.

Comments Off on Risk Appetite

Risk Analysis Criteria

Are quantitative or qualitative values against which level of risk is evaluated.

Comments Off on Risk Analysis Criteria

Retention

Is the use of internal funds to finance risk.

Comments Off on Retention

Responsive Actions & Controls

Reward desirable; and correct undesirable conditions or events

Comments Off on Responsive Actions & Controls

Respond

Desirable conditions and events with rewards; and correct undesirable conditions and events so that the organization recovers from and resolves each immediate issue and improves future performance.

Comments Off on Respond

Residual Risk

Is the level of risk after actions and controls are in place.

Comments Off on Residual Risk

Requirement

Is something that an entity must address as a result of making a promise. Usage Notes Mandatory Requirement is a promise that is compelled by another party (such as the  Full Article…

Comments Off on Requirement

Quantitative Impact

Is a positive/negative affect on financial assets, tangible assets, intangible assets, business continuity, and health & safety.

Comments Off on Quantitative Impact

Procedure

Provides the “how to” of policies and guides their implementation; is audience-specific; provides exact instructions that will ensure compliance with a given policy.

Comments Off on Procedure

Proact

Proactively incent desirable conditions and events; and prevent undesirable conditions and events with management actions and controls.

Comments Off on Proact

Policy

Provides the “why;” is high level and strategic; sets the tone, context or intent; and changes infrequently.

Comments Off on Policy

Planned Performance

Is the level of reward that the organization expects to gain once planned actions and controls are operating.

Comments Off on Planned Performance

Opportunity

Is an event that has, on balance, a desirable effect on achieving objectives.

Comments Off on Opportunity

Notification

Provides multiple pathways to report the actual or potential occurrence of undesirable conditions, events and conduct; as well as the occurrence of desirable events.

Comments Off on Notification

Management Culture

Includes the values, beliefs and behaviors about how processes, resources and the organization itself are internally directed, controlled and evaluated including: the way authority is delegated; the degree to which  Full Article…

Comments Off on Management Culture

Management Actions

Are decisions, processes and use of associated resources which increase the likelihood that objectives are achieved.

Comments Off on Management Actions

Integrated Support

Provides “just-in-time” advice and education to individuals while they are performing a task.

Comments Off on Integrated Support

Integrate

To organize separate parts to provide a coordinated harmonious whole.

Comments Off on Integrate

Inquiry

Periodically seek input to understand perceptions about the governance, assurance and management of performance, risk and compliance; and the occurrence of undesirable events and activities.

Comments Off on Inquiry

Inherent Risk

Is the level of risk in the absence of actions and controls.

Comments Off on Inherent Risk

Information Management

Implements and manages so that capability information is relevant, reliable, timely, secure and available.

Comments Off on Information Management

Helpline

Is a live or on-demand channel for individuals to ask questions before or while they are engaging in a task.

Comments Off on Helpline

GRC Roles

Includes any role that is primarily charged with the governance, assurance or management of performance, risk and compliance.

Comments Off on GRC Roles

GRC Capability

Is the capability or integrated collection of capabilities that enables an organization to reliably achieve objectives, address uncertainty and act with integrity; including the governance, assurance and management of performance[/],  Full Article…

Comments Off on GRC Capability

Governance Culture

Includes the values, beliefs and behaviors about how processes, resources and the organization itself are externally directed, controlled and evaluated including the involvement of the board of directors. How power  Full Article…

Comments Off on Governance Culture

Governance Actions & Controls

Help externally direct, control and evaluate an entity, process or resource.

Comments Off on Governance Actions & Controls

Forces

/ Drive events, conditions and requirements that affect the achievement of objectives. Usage Notes A change in condition is easily understood to be an event. Industry forces competitors, supply chain,  Full Article…

Comments Off on Forces

Extended Enterprise

Includes the entity and its network of suppliers and business partners.

Comments Off on Extended Enterprise

Ethical culture

Includes the values, beliefs and behaviors about responsible behavior and integrity.

Comments Off on Ethical culture

Embed

The ways and means of governance, performance, risk, control, compliance, and ethics capabilities into other business processes.  

Comments Off on Embed

Effect

 A measure of the likelihood, timing and impact of an event on something.

Comments Off on Effect

Detective Actions & Controls

Detect the actual or potential occurrence of desirable and undesirable conditions and events.

Comments Off on Detective Actions & Controls

Detect

Ongoing progress toward objectives as well as actual and potential undesirable conditions and events using management actions and controls.

Comments Off on Detect

Culture

includes the values, beliefs and behaviors characteristic of an entity

Comments Off on Culture

Corrective Actions & Controls

Cleans up the mess caused by the occurrence of undesirable conditions or events; and reduces the ongoing likelihood, impact and velocity of additional undesirable conditions, events and effects.

Comments Off on Corrective Actions & Controls

Corporate Governance

Is the act of externally directing, controlling and evaluating a corporation.

Comments Off on Corporate Governance

Condition

Is a state of being that has a desirable or undesirable effect (or both) on objectives.

Comments Off on Condition

Communication

Delivers relevant, reliable, and timely information to the right audiences as required by mandates or as needed to perform responsibilities and effectively shape attitudes.

Comments Off on Communication

Compliance culture

Includes the values, beliefs and behaviors about the governance, assurance, and management, of compliance including: identifying compliance requirements. Views about the impact of compliance on conduct and decisions; and modeling of  Full Article…

Comments Off on Compliance culture

Compliance

Is the state of being able to prove the fulfillment of a requirement.

Comments Off on Compliance

Competence

Is the combination of knowledge, skills and behavior that enables an individual to do their job.

Comments Off on Competence

Board

Is the corporate board of directors or any other oversight authority for the organization.

Comments Off on Board

Assurance Actions & Controls

Help objectively evaluate an entity, process or resource.

Comments Off on Assurance Actions & Controls

Assurance

 Is the act of objectively evaluating an entity, process or resource using suitable criteria.

Comments Off on Assurance

Assess

To identify threats, opportunities and requirements; assess the level of risk, reward and conformance; and align an approach to reliably achieve objectives while addressing uncertainty and acting with integrity.

Comments Off on Assess

Resource

A useful asset that can be used to achieve objectives such as capital, people, technology, facilities and information. Usage Notes Resources are used in processes to develop value and achieve  Full Article…

Comments Off on Resource

Process

A sequence of interdependent and linked procedures which consume one or more resources to convert inputs into outputs.  

Comments Off on Process

Management

The act of internally and directly guiding, controlling and evaluating an entity, process or resource. Usage Notes Management is different from governance because management must be INTERNAL to the object  Full Article…

Comments Off on Management

Integrity

(of an object or system) The state of being whole and complete. (of a person or organization) The keeping and honoring of promises. Usage Notes If a promise cannot be  Full Article…

Comments Off on Integrity

Principled Performance

The act of reliably achieving objectives while addressing uncertainty and acting with integrity. Principled Performance provides a modern point of view and disciplined approach to business. The definition above can  Full Article…

Comments Off on Principled Performance

Criteria

Standards against which evaluation or decisions are based. Usage Notes Criteria may include quantitative targets and tolerances; and other qualitative items. Some specific example of criteria include: Performance Criteria Risk  Full Article…

Comments Off on Criteria

Target

A measurable value that an entity strives to achieve. Usage Notes Targets are used to guide activity. A target is a single value. A range of acceptable values is expressed  Full Article…

Comments Off on Target

Tolerance

The acceptable level of departure from a target. Usage Notes Tolerance is usually expressed using the same unit of measure as the target– or some percentage of the target. As  Full Article…

Comments Off on Tolerance

Indicator

A metric that can be used to judge underlying activity. Usage Notes There are three types of indicators: leading indicator, lagging indicator and coincident indicator Indicators are metrics that can  Full Article…

Comments Off on Indicator

Metric

A single value obtained by direct measurement, or calculated using several other constituent values. Usage Notes “Total Sales” is a metric that directly measures the quantity of sales in a  Full Article…

Comments Off on Metric

Coincident Indicator

An indicator that accurately represents current activity. Usage Notes Coincident indicators are often called real-time indicators.

Comments Off on Coincident Indicator

Leading Indicator

An indicator that predicts future activity. Usage Notes Leading indicators are difficult to design and, typically, require historical information to validate.

Comments Off on Leading Indicator

Evaluate

To measure something against criteria. Usage Notes Measurement and evaluation are related concepts. Measurement is, generally, free from judgement. Evaluation, on the other hand, uses one or more metrics to  Full Article…

Comments Off on Evaluate

Measure

To reduce the uncertainty of a value using a standardized unit of measure. A value or a metric. Usage Notes Measurement is not perfect. There will always be some sort of  Full Article…

Comments Off on Measure

Purpose of the GRC Glossary

The main aims of the OCEG GRC Glossary are to: provide an open and interdisciplinary source of plain-language definitions related to principled performance and GRC which includes the governance, assurance  Full Article…

Comments Off on Purpose of the GRC Glossary

Velocity

A measure of how quickly an entity is impacted once an event occurs. Usage Notes Quantitatively, velocity is expressed using a unit of time (days, hours, minutes, seconds or some sub-second measure). Qualitatively,  Full Article…

Comments Off on Velocity

Event

An observable action, occurrence, or a change in condition. A change in knowledge about a condition, even if the condition did not change. NOTES A change in condition is easily  Full Article…

Comments Off on Event
is proportional to

Likelihood (Mathematical)

The hypothetical probability that an event that has already occurred would yield a specific outcome. Usage Notes Unlike probability, mathematical likelihood is used to evaluate past events. Historical Notes Formerly,  Full Article…

Comments Off on Likelihood (Mathematical)

Probability

A measure of the chance that an event (or set of events) will occur expressed on a linear scale from 0 (impossibility) to 1 (certainty). Usage Notes: Sometimes, probability is expressed  Full Article…

Comments Off on Probability

Ordinal Scale

A scale on which information is displayed in order of magnitude because there is no standard of measurement of differences. Usage Notes: Typical scales include: High, Medium, Low Hot, Medium,  Full Article…

Comments Off on Ordinal Scale

Likelihood

A measure of the chance of an event occurring. Usage Notes Quantitatively, likelihood is typically expressed as either: Probability Likelihood (Mathematical) Qualitatively, likelihood is typically expressed using an Ordinal Scale (high, medium, low). Be careful  Full Article…

Comments Off on Likelihood

Entity

Any individual or collection of individuals such as a team, group, organization or company. Usage Notes Entity is often used when something can be applied at both an organizational as  Full Article…

Comments Off on Entity

Negative Effect

(when dealing with a future event) A measure, expressed as a function of the likelihood that an event may occur, how fast the event may impact objectives and the estimated negative  Full Article…

Comments Off on Negative Effect

Risk

A measure of the negative effect of uncertainty on achieving objectives. A measure of the likelihood that an event may occur, how fast the event may impact the entity, and the estimated  Full Article…

Comments Off on Risk

Governance

The act of externally and indirectly guiding, controlling and evaluating an entity, process or resource. Usage Notes Governance is different from management because governance must be EXTERNAL to the object  Full Article…

Comments Off on Governance

GRC

The integrated collection of capabilities that enable an organization to reliably achieve objectives while addressing uncertainty and acting with integrity. It  encompasses the governance, assurance and management of performance, risk,  Full Article…

Comments Off on GRC