risk-management - Concepts

Explore concepts tagged with "risk-management"

Total concepts: 53

Concepts

Inherent Risk - The level of risk present in an activity or process before any controls or mitigation measures are applied.
Residual Risk - The level of risk that remains after risk mitigation controls and treatments have been applied.
Portfolio Thinking - Managing a diverse collection of projects, skills, or investments for balanced growth and risk.
Bus Factor - The number of team members who would need to be unavailable before a project stalls.
20% Rule - An investment strategy recommending that roughly 20% of a portfolio be allocated to alternative investments uncorrelated with the stock market.
Risk Management - The systematic process of identifying, assessing, prioritizing, and mitigating risks to minimize their negative impact.
Productive Paranoia - Preparing for worst-case scenarios during good times to ensure survival and success during bad times.
Vendor Lock-in - The situation where switching to a different tool or service becomes prohibitively difficult due to proprietary dependencies.
Crisis Management - The process of preparing for, responding to, and recovering from significant events that threaten an organization or its stakeholders.
Risk Mitigation - The process of reducing the likelihood or impact of identified risks through preventive and corrective actions.
Barrier Analysis - A root cause analysis technique that examines what barriers should have prevented an incident and why they failed.
Enterprise Risk Management - A holistic approach to managing all types of risk across an organization in an integrated and strategic manner.
Business Continuity - Planning and preparation to ensure critical business functions continue during and after a disaster.
Single Point of Failure - A component whose failure would cause the entire system to stop functioning, representing a critical vulnerability in any system design.
Fault Tree Analysis - A top-down deductive analysis method that maps how combinations of lower-level failures can lead to an undesired system-level event using Boolean logic.
Cross-Training - The practice of training team members in each other's roles and responsibilities to reduce knowledge concentration and increase organizational resilience.
Risk Register - A structured document that records identified risks along with their analysis, treatment plans, and current status.
Error Culture - The set of organizational norms, attitudes, and practices that determine how mistakes, failures, and errors are handled, learned from, and communicated.
Pre-Mortem Analysis - A risk assessment technique that imagines a project has failed before it begins to identify potential causes of failure.
Minimax - A decision rule for minimizing the worst-case potential loss when facing uncertainty or adversarial conditions.
Risk Appetite - The level and type of risk an organization or individual is willing to accept in pursuit of their objectives.
Scenario Planning - A strategic planning method that creates multiple plausible future narratives to prepare for uncertainty and improve decision-making.
Margin of Safety - Building buffers to protect against uncertainty and errors.
Iatrogenics - Harm caused by the healer—when interventions intended to help actually make things worse, often by disrupting natural adaptive systems.
Risk Matrix - A visual grid that maps risks by plotting their likelihood against their potential impact to prioritize response efforts.
Safe-to-Fail - Experiments designed so that failure produces learning without catastrophic consequences.
Small and Riskless Bets - Making many small, low-risk experiments instead of betting everything on one big project.
Three-Point Estimation - An estimation technique that uses optimistic, most likely, and pessimistic values to calculate a weighted expected effort.
Risk Tolerance - The acceptable level of variation in outcomes that an organization or individual is willing to withstand.
Barbell Strategy - A risk management approach that combines extreme safety on one end with small, high-risk/high-reward bets on the other—avoiding the mediocre middle.
Zero-Risk Bias - Preferring to eliminate a small risk entirely over a greater reduction of a larger risk.
Antifragility - The property of systems that gain from disorder, volatility, and stressors—beyond mere resilience or robustness, they actually improve when exposed to shocks.
Consequential vs Inconsequential Mistakes - A framework for categorizing errors by their impact to guide appropriate risk-taking and recovery strategies.
Cascading Failures - A process where the failure of one component triggers sequential failures in dependent components, potentially leading to complete system collapse.
Risk Response Strategies - The four primary approaches to handling identified risks: avoid, transfer, mitigate, and accept.
Risk Assessment - The systematic process of identifying hazards and evaluating the likelihood and impact of potential risks.
Operational Resilience - An organization's ability to prevent, adapt to, respond to, and recover from disruptions to continue delivering critical services.
Asymmetric Upside - Decisions where potential gains significantly exceed potential losses, creating favorable risk-reward profiles.
Cone of Uncertainty - The principle that estimation accuracy improves as a project progresses and unknowns are resolved.
FUBAR - Military-origin acronym meaning Fouled Up Beyond All Recognition, describing situations so badly broken that recovery is extremely difficult or impossible.
Murphy's Law - Anything that can go wrong will go wrong.
Certainty Effect - The tendency to overweight outcomes that are certain compared to outcomes that are merely probable.
Risk Culture - The shared values, beliefs, attitudes, and behaviors within an organization that shape how risk is identified, assessed, and managed.
SNAFU - Military-origin acronym meaning Situation Normal, All Fouled Up, describing the expectation that things will always go wrong in predictable, routine ways.
Recoverable vs Irrecoverable Decisions - A decision framework that evaluates choices by whether you can bounce back from negative outcomes, distinct from whether the decision itself can be reversed.
Data Protection Impact Assessment - A systematic process to identify and minimize data protection risks of a project or system before it is implemented.
Redundancy - The inclusion of extra components beyond the minimum necessary, serving as backups to maintain system function when primary components fail.
Bow-Tie Analysis - A risk analysis method that visually maps the pathways from causes through a hazardous event to consequences, showing preventive and mitigative barriers.
Key Risk Indicators - Quantitative metrics used to monitor and provide early warning signals about changes in risk exposure.
Risk Compensation - The tendency for people to adjust their behavior in response to perceived risk, often taking more risks when they feel protected by safety measures.
Decision Under Uncertainty - Frameworks and strategies for making choices when the possible outcomes or their probabilities are unknown.
Failure Mode and Effects Analysis - A systematic method for proactively identifying potential failure modes in a process or product and prioritizing them by severity, occurrence, and detectability.
Business Impact Analysis - A systematic process for identifying and evaluating the potential effects of disruptions on critical business operations.

← Back to all concepts