Difference between revisions of "GRC Glossary"
Jump to navigation
Jump to search
(→R) |
|||
| Line 54: | Line 54: | ||
=== N === | === N === | ||
=== O === | === O === | ||
| + | |||
| + | :'''Operational Risk Register''': Organize risks into logical groupings, and define relevant risk assessment criteria which will be applied to any risks contained in the register. | ||
=== P === | === P === | ||
=== Q === | === Q === | ||
| Line 59: | Line 61: | ||
:'''Risk Management''': is the set of processes through which management identifies, analyzes, and, where necessary, responds appropriately to risks that might adversely affect realization of the organization's business objectives. The response to risks typically depends on their perceived gravity, and involves controlling, avoiding, tolerating or transferring them to a third party, whereas organizations routinely manage a wide range of risks (e.g. technological risks, commercial/financial risks, information security risks etc.). | :'''Risk Management''': is the set of processes through which management identifies, analyzes, and, where necessary, responds appropriately to risks that might adversely affect realization of the organization's business objectives. The response to risks typically depends on their perceived gravity, and involves controlling, avoiding, tolerating or transferring them to a third party, whereas organizations routinely manage a wide range of risks (e.g. technological risks, commercial/financial risks, information security risks etc.). | ||
| − | |||
=== S === | === S === | ||
Revision as of 14:02, 22 April 2020
| Home > Applications > GRC > Glossary | Index |
IntroductionBelow is a list of terms and definitions as they apply and are used in the context of the Hornbill GRC app. |
Related Articles |
A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | R | S | T | U | V | W | X | Y | Z | #
A
- Attestation: The act of evidencing or proofing something. In Hornbill GRC this may relate to a manual task in a Control lifecycle, where a user is required to provide confirmation and evidence that the controls are in fact in place.
- Audit: Internal or External assessment of one or multiple Controls and their. An audit allows for each control to be assessed from the perspective of being fit for purpose and being operationally enforced to evidence compliance.
- Audit Register: A collection of Controls
- Audit Schedule: A calendar view of scheduled audits
- Authority Document: An external set of authoritative rules against which we must comply, they are authoritative rules that are not of our own creation. These authoritative rules can come in the form of regulations, principles, standards, guidelines, best practices, policies, and procedures. Each Authority Document contains one or multiple rules in the form of sections and citations.
B
C
- Citation: A specific requirement in an Authority Document, a requirement which you are required to be compliant with.
- Control: An entity which is used to evidence compliance
- Compliance: Means conforming with stated requirements. In GRC this refers to the auditing of controls to evidence compliance against policy statement requirements, which may in term be linked to one or more citations in external Authority Documents.
D
E
F
G
- Governance: Describes the overall management approach through which senior executives direct and control the entire organization. Policies can be used to record the governance and their objectives. Policies statements can be used to break down the policy into more manageable pieces. Controls can be configured to manage the objectives of the Policy statements. Governance can both be internally led, and or externally enforced through regulations, laws, guidance which may apply to a business both based on territory and industry. Authority Documents and Citations are used to record the requirements of the external governance.
H
I
J
K
L
M
N
O
- Operational Risk Register: Organize risks into logical groupings, and define relevant risk assessment criteria which will be applied to any risks contained in the register.
P
Q
R
- Risk Management: is the set of processes through which management identifies, analyzes, and, where necessary, responds appropriately to risks that might adversely affect realization of the organization's business objectives. The response to risks typically depends on their perceived gravity, and involves controlling, avoiding, tolerating or transferring them to a third party, whereas organizations routinely manage a wide range of risks (e.g. technological risks, commercial/financial risks, information security risks etc.).