Some of the commonly used risk management terminology at DePaul includes:
Risk: Risk is the potential for loss, harm, or missed opportunities in relation to achievement of an organization's mission and strategic objectives.
Enterprise Risk: A risk that has broad or far-reaching implications for an organization as a whole and includes risk to its programs, operations, strategy, and reputation.
Risk Management: Focuses on managing risk in a limited area (e.g., office, division, bureau, business unit, program, etc.) or managing a specific type or category of risk (e.g., cyber, legal, financial, etc.).
Enterprise Risk Management: Focuses on managing the full spectrum of an organization's risks, including threats and opportunities, and integrates them into an enterprise-wide, strategically aligned portfolio view to support decision-making and organizational mission fulfillment. ERM brings to the forefront the most critical risks to mission fulfillment across various parts of an organization.
Enterprise Risk Management Lifecycle: The process of identifying, assessing, prioritizing, responding, and monitoring risks and opportunities related to the achievement of strategic goals and objectives.
Enterprise Risk Assessment: The processes used by organizations to identify, assess, and prioritize risks and opportunities related to the achievement of their strategic goals and objectives. The Enterprise Risk Assessment informs risk response and monitoring, which are key steps in the ERM Lifecycle.
Risk Register: A repository for all risks identified. This repository typically includes information about each risk, including its causes and consequences, risk owner and sponsors, and any risk response plans in place. A risk register is can also be referred to as a “risk taxonomy" or “risk inventory."
Risk Profile: A prioritized inventory of the most significant risks identified and assessed through the enterprise risk assessment process. A risk profile differs from a risk register in that it is not a complete inventory of risks, but rather a snapshot of an organization's most critical risks.
Risk Owner: Individual designated as the subject matter expert related to a particular risk and accountable for effective management of the risk. They may also be responsible for developing and implementing a response and monitoring plan for a given risk.
Executive Risk Sponsor: Individual at the Executive level responsible for providing oversight and support for Risk Owner's response plan implementation.
Enterprise Risk Committee: The ERC is comprised of executive-level university leaders and convenes to provide oversight, guidance, and coordination of university-wide efforts aimed at identifying and responding to DePaul's Enterprise Risks. The ERC is chaired by the AVP of Risk Management.