Risk Management (MoR) Dictionary of Terms

This is an A-Z glossary of terms, from the Management of Risk (M_o_R). See also dictionaries for Agile Projects, Managing Successful Programmes (MSP) Dictionary, Project Office Dictionary (P30), PRINCE2 and ITIL. See also Project Management Dictionary.

A - D - acceptance to Dis-benefit | E - O - Enhancement to output | P - Q - Probability to Quality assurance | R - Realisation to Risk tolerance line | S - T - Senior Responsible Officer to Transfer | Risk - Acronyms

A - Accept to D - Disbenefit


A risk response that means that the organization takes the chance that the risk will occur, with full impact on objectives if it does.

Accounting Officer

A public sector role. Has personal responsibility for the propriety and regularity of the finances for which he or she is answerable; for the keeping of proper accounts; for prudent and economical administration; for avoidance of waste and extravagance; and for the efficient and effective use of resources. This brings with it a responsibility for governance issues, and includes custodianship of risk management and its adoption throughout the organization.

Audit committee

A body of independent directors who are responsible for monitoring the integrity of the financial statement of the company; the effectiveness of the company's internal audit function; and the external auditor's independence and objectivity; and the effectiveness of the audit process.


The measurable improvement resulting from an outcome perceived as an advantage by one or more stakeholders.

Business case

The justification for an organizational activity (strategic, programme, project or operational) which typically contains costs, benefits, risks and timescales and against which continuing viability is tested.

Download a Business Case - Word or PDF format

Download a PRINCE2 Business Case - Mind map, Word or PDF format

Business change manager

The role responsible for benefits management, from identification through to realisation and ensuring the implementation and embedding of the new capabilities delivered by the projects. Typically allocated to more than one individual.
Alternative title: change agent.

Business continuity management (BCM)

A holistic management process that identifies potential impacts that threaten an organization and provides a framework for building resilience with the capability for an effective response that safeguards the interests of its key stakeholders, reputation, brand and value creating activities. The management of recovery or continuity in the event of a disaster. Also the management of the overall process through training, rehearsals and reviews, to ensure the business continuity plan stays current and up-to-date.

Business continuity plan (BCP)

A plan for the fast and efficient resumption of essential business operations by directing recovery actions of specified recovery teams.

Business risk

Failure to achieve business objectives/benefits.

The Top 50 Business Risks and how to manage them!

Communications plan

A plan of the communications activities during the organizational activity (strategic, programme, project or operational) that will be established and maintained. Typically contains when, what, how and with whom information flows.
A plan to be executed if a particular risk occurs in order to minimise the impact after the event.
The process of identifying and planning appropriate responses to be taken when a risk actually occurs.

Corporate governance

The ongoing activity of maintaining a sound system of internal control by which the directors and officers of an organization ensure that effective management systems, including financial monitoring and control systems, have been put in place to protect assets, earnings capacity and the reputation of the organization.


A formalised security risk analysis and management methodology originally developed by CCTA (now part of the OGC) in collaboration with a number of private sector organizations.

Disaster recovery planning

A series of processes that focus on recovery processes, principally in response to physical disasters. This activity forms part of business continuity planning, not the totality.


Outcomes perceived as negative by one or more stakeholders. Dis-benefits are actual consequences of an activity whereas, by definition, a risk has some uncertainty about whether it will materialise.

Copyright © AXELOS Limited 2012. All rights reserved. Material is reproduced with the permission of AXELOS