GLOSSARY
Assumption. A factor in the planning process considered to be true, real, or certain, without proof or demonstration.
Cause. Events or circumstances that currently exist or are certain to exist in the future, which might give rise to risks.
Component. A predetermined element of a portfolio or program that is work related to the achievement of the portfolio's or program's strategic objectives.
Constraint. A factor that limits the options for managing a project, program, portfolio, or process.
Contingency Plan. A document that describes actions to take if predetermined trigger conditions occur.
Contingency Reserve. Time or money allocated in the schedule or cost baseline for known risks with active response strategies. See also management reserve.
Emergent Risk. A risk that arises which could not have been identified earlier on.
Enterprise Risk Management. An approach to managing risk that reflects the organization's culture, capability, and strategy to create and sustain value.
Identify Risks. The process of determining and documenting the risks that might affect the intended outcomes.
Impact. A measure of the effect of a risk on one or more objectives if it occurs.
Issue. A current threat that may have an impact on one or more objectives. See also opportunity, risk, and threat.
Management Reserve. Time or money that management sets aside in addition to the schedule or cost baseline and releases for unforeseen work that is within the scope of the project. See also contingency reserve.
Opportunity. A risk that would have a positive effect on one or more objectives. See also issue, risk, and threat.
Organizational Project Management. A framework in which portfolio, program, and project management are integrated with organizational enablers in order to achieve strategic objectives.
Overall Risk. The effect of uncertainty on the portfolio, program, or project as a whole.
Portfolio. Projects, programs, subsidiary portfolios, and operations managed as a group to achieve strategic objectives. See also program and project.
Portfolio Management. The centralized management of one or more portfolios to achieve strategic objectives. See also program management and project management.
Probability. A measure of how likely an individual risk is to occur.
Program. Related projects, subsidiary programs, and program activities managed in a coordinated manner to obtain benefits not available from managing them individually. See also portfolio and project.
Program Management. The application of knowledge, skills, and principles to a program to achieve the program objectives and to obtain benefits and control not available by managing program components individually. See also portfolio management and project management.
Project. A temporary endeavor undertaken to create a unique product, service, or result. See also portfolio and program.
Project Management. The application of knowledge, skills, tools, and techniques to project activities to meet the project requirements. See also portfolio management and program management.
Qualitative Risk Analysis. The consideration of a range of characteristics such as probability of occurrence, degree of impact on the objectives, manageability, timing of possible impacts, relationships with other risks, and common causes or effects.
Quantitative Risk Analysis. The combined effect of identified risks on the desired outcome.
Residual Risk. The risk that remains after risk responses have been implemented. See also secondary risk.
Response Strategy. A high-level approach to address an individual risk or overall risk, broken down into a set of risk actions.
Risk. An uncertain event or condition that, if it occurs, has a positive or negative effect on one or more objectives. See also issue, opportunity, and threat.
Risk Acceptance. A risk response that involves acknowledging the risk and taking no action unless it occurs. See also risk avoidance, risk enhancement, risk exploiting, risk mitigation, risk sharing, and risk transference.
Risk Action. A detailed task that implements, in whole or in part, a response strategy in order to address an individual risk or overall risk.
Risk Action Owner. The person(s) responsible for carrying out the approved risk actions when responding to a given risk. Also known as response owner.
Risk Analysis. The activities related to defining the characteristics of a risk and the degree to which it can impact objectives.
Risk Appetite. The degree of uncertainty an organization or individual is willing to accept in anticipation of a reward. See also risk threshold and risk tolerance.
Risk Assessment. The process of identifying, analyzing, and determining the probability of occurrence of a risk.
Risk Attitude. A disposition toward uncertainty, adopted explicitly or implicitly by individuals and groups, driven by perception, and evidenced by observable behavior.
Risk Avoidance. A risk response that involves eliminating the threat or protecting the project, program, or portfolio from its impact. See also risk acceptance, risk enhancement, risk exploiting, risk mitigation, risk sharing, and risk transference.
Risk Enhancement. A risk response that involves increasing the probability of occurrence or impact of an opportunity.
Risk Escalation. A risk response that involves transferring the ownership of the risk to a relevant party in the organization because the risk is outside of scope or the team does not have sufficient authority to address it.
Risk Exploiting. A risk response that involves ensuring that an opportunity occurs. See also risk acceptance, risk avoidance, risk enhancement, risk mitigation, risk sharing, and risk transference.
Risk Exposure. An aggregate measure of the potential impact of all risks at any given point in time in a project, program, or portfolio.
Risk Identification. The process of locating and profiling the characteristics of risks related to work objectives.
Risk Management. The process that shapes decision making across the organization and within each of the domains and involves identifying, analyzing, responding to, and monitoring risks.
Risk Management Framework. A structure that organizes the process and activities of managing risks in an iterative fashion.
Risk Management Life Cycle. A structured approach for undertaking a comprehensive view of risk throughout the enterprise, portfolio, program, and project domains.
Risk Management Plan. A component of the project, program, or portfolio management plan that describes how risk management activities will be structured and performed.
Risk Mitigation. A risk response that involves decreasing the probability or impact of a threat. See also risk acceptance, risk avoidance, risk enhancement, risk exploiting, risk sharing, and risk transference.
Risk Owner. The person responsible for monitoring the risk and for selecting and implementing an appropriate risk response strategy.
Risk Register. A repository in which outputs of risk management processes are recorded.
Risk Response. An action, planned or implemented, to address particular threats and opportunities.
Risk Sharing. A risk response that involves allocating ownership of an opportunity to a third party who is best able to capture the opportunity or absorb the impact of the threat. See also risk acceptance, risk avoidance, risk enhancement, risk exploiting, risk mitigation, and risk transference.
Risk Threshold. The measure of acceptable variation around an objective that reflects the risk appetite of the organization and stakeholders. See also risk appetite and risk tolerance.
Risk Transference. A risk response that involves shifting the impact of a threat to a third party, together with ownership of the response. See also risk acceptance, risk avoidance, risk enhancement, risk exploiting, risk mitigation, and risk sharing.
Secondary Risk. A risk that arises as a direct result of implementing a risk response. See also residual risk.
Stakeholder. An individual, group, or organization that may affect, be affected by, or perceive itself to be affected by a decision, activity, or outcome of a project, program, or portfolio.
Threat. A risk that would have a negative effect on one or more objectives. See also issue, opportunity, and risk.
Trigger Condition. An event or situation that indicates that a risk is about to occur.