top of page

The A to Z of risk terminology – ‘C’

Cause - The reason a risk may eventuate.

Code of Professional Conduct - A framework of core values, principles and standards of the Australian Professionals Association that guides members in their conduct with guests, colleagues, and the community.

Communication and Consultation - Continual and iterative processes that an organisation conducts to provide, share, or obtain information, and to engage in dialogue with stakeholders regarding the management of risk.

Compliance - Adhering to the requirements of laws, industry and organisational standards and codes, organisational policies and procedures, principles of good governance, and accepted community and ethical standards.

Compliance Evaluation Mechanisms - Review mechanisms, such as formal or informal audits, performance, or incident reporting.

Compliance Key Contact - Appropriate contact person for compliance matters.

Compliance Measures - Systems, procedures, processes, or other measures in place to ensure The organisation’s achieves compliance with the legislative, policy and procedure requirements.

Compliance Policy - A declaration of The organisation’s commitment to comply with all relevant laws and other requirements, including policies and procedures, for which there is a reasonable expectation of compliance.

Compliance Program - A series of activities that when combined are intended to achieve Compliance.

Compliance Results - Audit findings, breaches, penalty notices, fines, or areas of non-compliance.

Compliance Risk - The risk of impairment to The organisation’s operating model, reputation and financial condition resulting from a failure to meet applicable licence, legal and other requirements.

Consequence - Outcome of a risk affecting organisational objectives. Can have positive or negative effect, and be expressed qualitatively or quantitatively.

See also Qualitative Analysis and Quantitative Analysis

Context - Defining the external and internal parameters to be taken into account when managing risk.

See also External Context and Internal Context

Control - Measure (including process, policy, device, practice, or other action) that modifies risk. Type of controls are Preventing, Detecting, Mitigating, Correcting, and Enhancing.

Control Assessment - Systematic review of processes to ensure that controls are effective and appropriate.

Control Effectiveness - A measure of the completeness, relevance and efficacy of current controls when compared with what is reasonably achievable by the organisation.

Control Owner Person - or entity accountable to the Risk Owner for designing, implementing, and monitoring the Effectiveness of the control.

Corrective Action - Action to eliminate the cause of a non-conformity and to prevent recurrence.

Correcting Control - A Control that restores the system or process back to the state prior to an event.

Critical Controls - Individual controls that play a key role in preventing and / or mitigating Threat Risks & Project Risks, and enhancing and / or maximising Opportunity Risks.

See also Key Controls

Crisis Management - The process by which an event is managed after the failure of Incident Management and / or the Business Continuity Plan.

Current Controls - Controls that reduce the probability and consequence of a risk that are established (in place) and operating.

Current Risk - The assessed level of risk based on Current Controls, recognising their current Effectiveness.

See also Residual Risk


bottom of page