Who is this article for?
Risk Managers responsible for managing risk assessments.
No access is required.
This article provides definitions for the main terms used throughout the Q-Pulse Cloud risk module.
This article does not include any steps for the risk module and instead provides a glossary of terms to help explain the concepts and purpose of some of the features.
Important: In some cases, you may be familiar with the concept but refer to these as something different within your organisation.
A collection of lists made up of list items. These items are selected in dropdown lists throughout the risk module (e.g. risk types are used to categorise the risk and the list of types can be built by the administrator of the risk module).
Evidentiary files that can be added to the risk record.
A visualisation methodology available to review the attributes of the event. This visualisation displays the data in a bowtie shaped diagram which is easy to understand, with the undesirable event (or risk) appearing as the knot, and the threats and consequences creating the wings. The bowtie is then filled with the controls associated to each threat or consequence. This visualisation is available in the risk module but is not mandatory as some risk managers may prefer looking at the raw data.
An uncertain event that could have a negative impact on the project or the organisation. These are events are usually factors in causing a risk to take place and controls are put in place to reduce the likelihood of them occurring or the severity if they do happen. Also known as Threats.
The outcome if an undesirable event/risk was to take place (e.g. possible consequences of a slip, trip or fall could be injury, legal action, financial loss, etc).
A method of reducing the overall likelihood or severity of an event taking place, or the impact it has once it happens. Controls can be either preventive (i.e. reduce the likelihood or severity of a threat from occurring) or they can be reactive (i.e. they reduce the impact of a specific consequence once it does occur).
Like risk matrices, a control matrix is a factual approach to assessing a control. A matrix is made up of two axes, charting the design of the control and the operation of the control. In theory, a well-designed and well operated control is an effective control.
The rating assigned following a control assessment. These are normally colour coded to visualise the level of effectiveness.
A categorisation of controls. A control type does not affect the overall assessment or operation of the control but it allows controls to be grouped in a logical order.
A hazard is a potential source of risk.
A categorisation of hazards. A hazard type does not affect the overall assessment or operation of the risk assessment but it allows hazards to be grouped in a logical order.
The initial risk rating assigned without any controls in place. This essentially acts as a baseline.
An email alert issued to Q-Pulse users when specific actions are performed. These notifications can be toggled on or off within the risk module settings.
A role or individual responsible for the implementation of risk management activities. This could be the owner of the overall risk, the owner of controls, etc.
A record of all identified risks relating to a project, initiative, or organisation, including their status, history, etc. In some organisations this may be referred to as a risk log.
The remaining rating assigned once the controls are in place.
An uncertain event that, should it occur, will influence the achievement of objectives.
The amount of appetite the organisation is willing to accept.
A process to review and classify the risk, its impact and potential mitigation factors, with the purpose to reducing the impact to the organisation.
The maximum amount of risk the organisation can bear.
A matrix designed to assess the matrix. This involves selecting a severity and likelihood to calculate a rating.
The rating assigned following a risk assessment. These are normally colour coded to visualise the level of risk.
A categorisation of risks. A risk type does not affect the overall assessment or operation of the risk but it allows risks to be grouped in a logical order.
Any individual, group or an organisation that can affect, be affected (or perceive itself to be affected) by the risk being reviewed and/or assessed.
A statement that describes the options available in handling an event. Some examples in Q-Pulse Cloud include Accept, Reject, etc.
The desired level of risk that an event should present. If your risk event presents a higher level of risk then a risk response plan should be implemented.
In Q-Pulse Cloud, a Threat is referred to as a Cause.