Cause - The reason a risk may eventuate.
Code of Professional Conduct - A framework of core values, principles and standards of the Australian Professionals Association that guides members in their conduct with guests, colleagues, and the community.
Communication and Consultation - Continual and iterative processes that an organisation conducts to provide, share, or obtain information, and to engage in dialogue with stakeholders regarding the management of risk.
Compliance - Adhering to the requirements of laws, industry and organisational standards and codes, organisational policies and procedures, principles of good governance, and accepted community and ethical standards.
Compliance Evaluation Mechanisms - Review mechanisms, such as formal or informal audits, performance, or incident reporting.
Compliance Key Contact - Appropriate contact person for compliance matters.
Compliance Measures - Systems, procedures, processes, or other measures in place to ensure The organisation’s achieves compliance with the legislative, policy and procedure requirements.
Compliance Policy - A declaration of The organisation’s commitment to comply with all relevant laws and other requirements, including policies and procedures, for which there is a reasonable expectation of compliance.
Compliance Program - A series of activities that when combined are intended to achieve Compliance.
Compliance Results - Audit findings, breaches, penalty notices, fines, or areas of non-compliance.
Compliance Risk - The risk of impairment to The organisation’s operating model, reputation and financial condition resulting from a failure to meet applicable licence, legal and other requirements.
Consequence - Outcome of a risk affecting organisational objectives. Can have positive or negative effect, and be expressed qualitatively or quantitatively.
See also Qualitative Analysis and Quantitative Analysis
Context - Defining the external and internal parameters to be taken into account when managing risk.
See also External Context and Internal Context
Control - Measure (including process, policy, device, practice, or other action) that modifies risk. Type of controls are Preventing, Detecting, Mitigating, Correcting, and Enhancing.
Control Assessment - Systematic review of processes to ensure that controls are effective and appropriate.
Control Effectiveness - A measure of the completeness, relevance and efficacy of current controls when compared with what is reasonably achievable by the organisation.
Control Owner Person - or entity accountable to the Risk Owner for designing, implementing, and monitoring the Effectiveness of the control.
Corrective Action - Action to eliminate the cause of a non-conformity and to prevent recurrence.
Correcting Control - A Control that restores the system or process back to the state prior to an event.
Critical Controls - Individual controls that play a key role in preventing and / or mitigating Threat Risks & Project Risks, and enhancing and / or maximising Opportunity Risks.
See also Key Controls
Crisis Management - The process by which an event is managed after the failure of Incident Management and / or the Business Continuity Plan.
Current Controls - Controls that reduce the probability and consequence of a risk that are established (in place) and operating.
Current Risk - The assessed level of risk based on Current Controls, recognising their current Effectiveness.
See also Residual Risk