Risk Management Toolkit
Chapter 8: Glossary
| Term | Definition |
|---|---|
| Accountable Authority (AA) | For an agency, has the same meaning as in section 2.7(2) of the GSF Act, which is, unless otherwise specified in the GSF Act, the Secretary of the Department if the agency is a Department, or the head of the agency if the agency is not a Department. |
| Audit and Risk Committee (ARC) | The Committee established in accordance with NSW Treasury policy requirements to monitor, review and provide advice and guidance about the agency’s governance processes, risk management and internal control frameworks and external accountability obligations |
| Chief Audit Executive (CAE) | The most senior position in the agency with the primary responsibility and accountability for the audit function of the agency, including monitoring and verifying the adequacy, effectiveness and correct operation of the internal control system, and sharing findings and relevant insights from audit projects. |
| Chief Risk Officer (CRO) | The person that has designated responsibility for designing the agency’s risk management framework and for the day-to-day activities associated with coordinating, maintaining and embedding the framework. |
| Circumvent | To find a way around an obstacle or to avoid something |
| Consequence | The outcome of an event affecting objectives |
| Control | A measure (including a process, policy, device, practice or other action) that is modifying risk |
| Enterprise Risk Management | The integrated process of identifying, assessing, managing, and monitoring risks across an organisation to minimise negative impacts and maximise opportunities. |
| Governance | Set of responsibilities and practices, policies and procedures, exercised by an agency’s executives, to provide strategic direction, ensure objectives are achieved, manage risks and use resources responsibly with accountability |
| Independent Assurance | The process of providing an objective evaluation of an organisation's processes, procedures, and controls |
| Internal Controls | The processes and procedures implemented by an organisation to ensure the integrity of financial and accounting information, promote accountability, and prevent fraud |
| Iterative | The process of repeating a sequence of steps or actions to gradually improve or refine the outcome |
| Key Risk Indicators | Measurable metrics used to identify potential risks that could impact an organisation's strategic objectives enabling proactive decision-making |
| Level of a risk | The magnitude of a risk or combination of risks, expressed as a combination of consequences and their likelihoods |
| Likelihood | The chance of something happening |
| Objectives | Specific and measurable goals that an organisation aims to achieve within a defined timeframe |
| Process Elements Model | Framework that defines the various components or elements that make up a process |
| Risk | The effect of uncertainty on objectives |
| Risk Appetite | The level of risk an organisation is willing to accept in pursuit of their goals |
| Risk Assessment | The overall process of risk identification, risk analysis and risk evaluation |
| Risk Culture | Combination of values, beliefs, knowledge and attitudes shared by an agency which shapes how staff identify and manage risk, and influences the approach taken to decision-making |
| Risk Identification | The process of finding, recognising and describing risks in terms of the source, event, cause and potential consequence |
| Risk Management | Coordinated activities to direct and control an organisation with regard to risk |
| Risk Management Framework | The set of components that provide the foundations and organisational arrangements for designing, implementing, monitoring, reviewing and continually improving risk management throughout an organisation |
| Risk Management Process | The systematic application of the steps an entity undertakes to identify, analyse, evaluate and treat risks |
| Risk Maturity | The degree of development and effectiveness with which an organisation identifies, assesses, monitors, and manages risks |
| Risk Ownership | Responsibility assigned to an individual or group, accountable for managing a specific risk by ensuring it is identified, assessed, mitigated, and monitored effectively. |
| Risk Rating | Evaluating the risks associated with an organisation's operations and categorizing them as low, medium, or high based on their potential impact on the business |
| Risk Register | A record of information about identified risks |
| Risk Reporting | The process of sharing risk information with decision makers |
| Risk Treatment | The process of identifying, selecting and implementing measures to mitigate the risks |
Download or print
Download NSW Treasury Risk Management Toolkit
Current as of Wednesday, 28 May 2025.
Request accessible format of this publication.