# RiskPedia — full content snapshot for AI assistants

This file is generated live from the RiskPedia database. It contains plain-text summaries of every framework, India-regulator deep-dive, tool, newsletter and glossary term. Use it to answer questions about risk management frameworks (ISO 31000, COSO ERM, NIST RMF, ISO 27001, Basel III/IV, NIS2, DORA, SOC 2 …) and India BFSI compliance (RBI MD-ITGRC 2023, SEBI CSCRF 2024, IRDAI 2026, CERT-In 6-hour reporting, DPDP Act 2023 + Rules 2025).

Generated: 2026-06-13T19:28:53.311898+00:00

## Risk Frameworks (Library)

- [ISO 31000](/library/iso-31000): Risk Management Guidelines
- [COSO ERM](/library/coso-erm): Enterprise Risk Management — Integrated Framework
- [NIST RMF](/library/nist-rmf): SP 800-37 Risk Management Framework
- [ISO/IEC 27001](/library/iso-27001): Information Security Management Systems
- [Basel III/IV](/library/basel-iii): Banking capital and liquidity standards
- [Solvency II](/library/solvency-ii): EU insurance prudential regime
- [FERMA](/library/ferma): European risk management standard
- [COBIT 2019](/library/cobit): IT governance and management
- [PMBOK](/library/pmbok): Project Management Body of Knowledge
- [PRINCE2](/library/prince2): PRojects IN Controlled Environments
- [M_o_R](/library/m-o-r): Management of Risk
- [SAFe](/library/safe): Scaled Agile Framework
- [Six Sigma](/library/six-sigma): DMAIC and DMADV
- [Lean Six Sigma](/library/lean-six-sigma)
- [FMEA](/library/fmea): Failure Mode and Effects Analysis
- [ISO 9001](/library/iso-9001): Quality Management Systems
- [Bow-Tie](/library/bow-tie): Bow-Tie Risk Analysis
- [Monte Carlo](/library/monte-carlo): Monte Carlo Simulation
- [FTA](/library/fta): Fault Tree Analysis (IEC 61025)
- [HAZOP](/library/hazop): Hazard and Operability Study
- [RCA](/library/rca): Root Cause Analysis
- [SWOT/PESTLE](/library/swot-pestle): Strategic Risk Scans
- [ITIL 4](/library/itil): IT Service Management
- [NIS2](/library/nis2): EU Network and Information Security Directive
- [DORA](/library/dora): Digital Operational Resilience Act
- [SOC 2](/library/soc-2): AICPA Trust Services Criteria

## India Regulatory Hub — Deep Dive

- [India Hub Landing](/india)
- [RBI](/india/rbi): Master Direction on IT Governance, Risk, Controls and Assurance (MD-ITGRC 2023)
- [SEBI](/india/sebi): Cybersecurity & Cyber Resilience Framework (CSCRF) 2024
- [IRDAI](/india/irdai): Cybersecurity Guidelines (April 2026)
- [CERT-In](/india/cert-in): April 2022 Directions — 6-hour reporting, 180-day logs
- [CERT-In Incidents](/india/cert-in/incidents): 26 reportable incident types
- [CERT-In Reporting SOP](/india/cert-in/reporting): 6-hour workflow
- [CERT-In Technical Mandates](/india/cert-in/technical)
- [DPDP Act 2023](/india/dpdp): Digital Personal Data Protection Act
- [DPDP Obligations](/india/dpdp/obligations): 8 fiduciary obligations (§5–§16)
- [DPDP Entity Types](/india/dpdp/entity-types): Data Fiduciary vs SDF vs Processor
- [DPDP Consent](/india/dpdp/consent): consent + Consent Manager
- [DPDP Timeline](/india/dpdp/timeline): 2023-2027 enforcement
- [Multi-Regulator Breach Playbook](/india/breach-playbook)
- [Regulator Overlap Matrix](/india/overlap-matrix)
- [Entity-Type Navigator](/india/entity-navigator)
- [AI in BFSI Regulatory Map](/india/ai-bfsi)
- [Board Governance Map](/india/board-governance)
- [India Templates](/india/templates)
- [India Glossary](/india/glossary)

## Newsletters & E-books

- [Newsletters Hub](/newsletters)
- India Risk Digest — The week's Indian regulatory alerts, upcoming RBI/SEBI/IRDAI/CERT-In/DPDP deadlines and a rotating regulator spotlight — compiled from the India Regulatory Hub.
- India Annual Risk Report — The definitive AI-generated review of India's BFSI regulatory year — enforcement roundup, regulator-by-regulator recap and the outlook for the year ahead. Gener
- DPDP Act Framework Guide — The complete e-book guide to the DPDP Act 2023 + Rules 2025 — eight fiduciary obligations, SDF vs Processor roles, the consent framework and the enforcement tim
- CERT-In 6-Hour Reporting How-To Guide — Step-by-step how-to for surviving the world's fastest breach-notification clock — the clock-aware SOP, the 26 reportable incident types and the technical mandat

## Risk Tools Marketplace

- [Tools Marketplace](/tools)
- [Acceptable Use of Assets](/tools/acceptable-use-policy): Annex A.6 requirement
- [Asset Criticality Register](/tools/asset-criticality-register): ISMS Annex A prerequisite
- [Balanced Scorecard Template](/tools/balanced-scorecard): Links KPIs to risk appetite
- [Bow-Tie Risk Analysis Builder](/tools/bow-tie-risk-analysis-builder): Visual tool mapping threats, preventive controls, consequences, and mitigative controls for critical risks.
- [Business Continuity Time Calculator](/tools/business-continuity-time-calculator): Determines recovery time objectives and maximum tolerable downtime for critical processes to guide continuity planning and investment.
- [BYOD Policy](/tools/byod-policy): Post-COVID staple
- [CAPA Log](/tools/capa-log): Corrective action tracking
- [Carbon Footprint Estimation Worksheet](/tools/carbon-footprint-estimation-worksheet): Calculates organizational greenhouse gas emissions across Scope 1, 2, and 3 sources to support climate risk reporting and reduction targets.
- [Compliance Management](/tools/compliance-management-policy): RBI / SEBI compliance overlay
- [Concentration Risk Analyzer](/tools/concentration-risk-analyzer): RBI / Basel III Pillar 2
- [Control Gap Assessment Template](/tools/control-gap-assessment): Lead magnet – compliance entry point
- [Control Inventory Template](/tools/control-inventory): Step 3 of NIST RMF cycle
- [Control Testing Sampling Calculator](/tools/control-testing-sampling-calculator): Determines statistically valid sample sizes for audit and compliance control testing based on population and confidence level.
- [Control-to-Regulation Mapping](/tools/control-to-regulation-mapping): High-value; multi-framework overlay
- [Cyber Exposure Score Calculator](/tools/cyber-exposure-score-calculator): Quantifies external attack surface by scoring internet-facing assets, open ports, and known vulnerabilities.
- [Cyber Risk Register](/tools/cyber-risk-register): Lead magnet – highest IT search vol.
- [DR Approach Document](/tools/dr-approach-document): DR strategy documentation
- [DR Asset Register](/tools/dr-asset-register): Critical asset inventory
- [DR Closure Report](/tools/dr-closure-report): Post-DR test artefact
- [DR Comms Plan](/tools/dr-comms-plan): Stakeholder comms during DR
- [DR Plan Template](/tools/dr-plan-template): BCP / DR programme
- [Emerging Risk Log](/tools/emerging-risk-log): Board reporting use-case
- [Enterprise Control Library](/tools/enterprise-control-library): Reusable across frameworks
- [Enterprise Issue Log](/tools/enterprise-issue-log): Service desk backbone
- [Enterprise Risk Dashboard](/tools/enterprise-risk-dashboard): Lead magnet – high visual impact
- [Enterprise Risk Register](/tools/enterprise-risk-register): Lead magnet – highest search volume
- [ESG Materiality Assessment Worksheet](/tools/esg-materiality-assessment-worksheet): Structured template to identify, score, and prioritize ESG topics based on stakeholder impact and business relevance.
- [Fishbone (Ishikawa) Diagram](/tools/fishbone): Visual root-cause analysis with the classic 6M bones — Methods, Machines, Materials, Manpower, Measurement, Environment. AI suggests likely 
- [5 Whys Root Cause](/tools/five-whys): AI-guided 5-Whys root-cause analysis — keep asking 'why?' until the systemic cause emerges, with Claude suggesting the next layer.
- [5×5 Risk Heat Map](/tools/heat-map): Plot your register on a 5×5 probability vs impact heat map. Click cells, drag risks, export as PNG.
- [Incident Classification Matrix](/tools/incident-classification-matrix): Lead magnet – IT ops teams
- [Incident Management Policy](/tools/incident-management-policy): ITIL 4 Practice artefact
- [Incident Management Process](/tools/incident-management-process): Process documentation
- [Information Classification Policy](/tools/information-classification-policy): Annex A.8 requirement
- [Information Transfer Policy](/tools/information-transfer-policy): GDPR / DPDP Act aligned
- [Inherent vs Residual Risk Model](/tools/inherent-vs-residual-risk-model): Auditor favourite
- [Intern Incident Report](/tools/intern-incident-report): Operational logging
- [ISMS Policy](/tools/isms-policy): Certification audit artefact
- [Issue Severity Matrix](/tools/issue-severity-matrix): Lead magnet – help-desk teams
- [IT Asset Management Policy](/tools/it-asset-management-policy): ISO 27001 / COBIT aligned
- [Key Risk Indicator Dashboard Guide](/tools/key-risk-indicator-dashboard-guide): Step-by-step framework to select, baseline, and visualize leading indicators for enterprise risk monitoring.
- [Key Risk Indicator Dashboard Template](/tools/key-risk-indicator-dashboard-template): Tracks leading and lagging risk metrics with thresholds to provide early warning signals before risks escalate into issues.
- [KPI–KRI Mapping Sheet](/tools/kpi-kri-mapping): Core COSO ERM artefact
- [KPI KRI Monitoring Panel](/tools/kpi-kri-monitoring-panel): Live dashboard companion
- [KRI Definition Register](/tools/kri-definition-register): Governance prerequisite
- [KRI Register](/tools/kri-register): Operational monitoring
- [Major Incident Report Template](/tools/major-incident-report): P1/P2 post-incident review
- [Major Problem Report Template](/tools/major-problem-report): Post-incident deep-dive
- [Mobile Devices & Teleworking Policy](/tools/mobile-teleworking-policy): Annex A.6.2 requirement
- [Operational Loss Scenario Modeler](/tools/operational-loss-scenario-modeler): Monte Carlo-based calculator estimating annual loss exposure from operational risk events using frequency and severity.
- [Password Policy](/tools/password-policy): Basic hygiene
- [Problem Management Process](/tools/problem-management-process): ITIL / PRINCE2 crossover
- [Problem Record Template](/tools/problem-record): Root cause documentation
- [Project Plan Builder](/tools/project-plan): Pre-loaded WBS for an end-to-end risk-management programme — tasks, owners, dates, dependencies. Excel export.
- [RACI Matrix Builder](/tools/raci-matrix): Map risk-management responsibilities across activities and roles — Responsible / Accountable / Consulted / Informed.
- [Residual Risk Calculator](/tools/residual-risk-calculator): Pairs with Impact Scoring Model
- [Risk Categorization Matrix](/tools/risk-categorization-matrix): Lead magnet – framework entry point
- [Risk Dependency Mapping](/tools/risk-dependency-mapping): Complex; justifies Pro gating
- [Risk Exposure Summary Panel](/tools/risk-exposure-summary-panel): CFO / Board reporting
- [Risk Heatmap Generator](/tools/risk-heatmap-generator): High-retention tool; recurring use
- [Risk Impact Scoring Model](/tools/risk-impact-scoring-model): Used in every risk assessment cycle
- [Risk Register](/tools/risk-register): Track risks with probability, impact, score, owner, treatment and status. Cloud-synced workspaces + team collaboration + CSV export.
- [Risk Reporting Dashboard](/tools/risk-reporting-dashboard): Monthly risk committee pack
- [Risk Score Calculator](/tools/risk-score): Quick probability × impact calculator with NIST-style severity bands and treatment guidance.
- [Risk-to-Control Mapping Sheet](/tools/risk-to-control-mapping): Core RMF artefact
- [Risk Trend Analysis Sheet](/tools/risk-trend-analysis-sheet): Quarterly review staple
- [Risk Velocity Tracker](/tools/risk-velocity-tracker): Differentiator
- [Scenario Analysis Sheet](/tools/scenario-analysis-sheet): Monte Carlo companion
- [Scenario Loss Impact Calculator](/tools/scenario-loss-impact-calculator): Estimates financial losses from risk events by combining probability, severity, and exposure to quantify potential operational impacts.
- [Security Incident Mgmt Process](/tools/security-incident-mgmt-process): ISO 27001 / ITIL crossover
- [Strategic Risk Register](/tools/strategic-risk-register): C-suite / CRO audience
- [Structure Damage Incident Report](/tools/structure-damage-incident-report): Facilities / physical risk
- [Supplier Risk Scoring Matrix](/tools/supplier-risk-scoring-matrix): Outsourcing risk – RBI guidelines
- [Third-Party Risk Register](/tools/third-party-risk-register): Third-party risk management
- [Third-Party Risk Scoring Sheet](/tools/third-party-risk-scoring-sheet): Supplier / vendor onboarding
- [Third-Party Risk Tiering Matrix](/tools/third-party-risk-tiering-matrix): Categorizes vendors into risk tiers based on data access, criticality, and regulatory scope for due diligence.
- [Threat Landscape Monitoring Log](/tools/threat-landscape-log): SOC team tool
- [Vendor Risk Assessment Template](/tools/vendor-risk-assessment): Procurement / SCM teams
- [Vendor Risk Scoring Matrix](/tools/vendor-risk-scoring-matrix): Quantifies third-party risk across security, financial, operational, and compliance dimensions to prioritize vendor oversight.
- [Vulnerability Prioritization Matrix](/tools/vulnerability-prioritization-matrix): CVSS scoring companion

## Glossary (top 100 terms)

- [AI Ethics Review Board](/glossary/ai-ethics-review-board): A multidisciplinary committee that evaluates AI initiatives for ethical implications, fairness, bias, and alignment with
- [AI Risk Assessment](/glossary/ai-risk-assessment): The evaluation of potential harms and failures arising from artificial intelligence systems throughout their lifecycle.
- [AI Risk Management Framework](/glossary/ai-risk-management-framework): A structured approach to identify, assess, and mitigate risks throughout the AI system lifecycle from design to deployme
- [Audit Risk](/glossary/audit-risk): The probability that auditors fail to detect material misstatements or control deficiencies during an examination.
- [Business Continuity Management](/glossary/business-continuity-management): The holistic management process ensuring critical business functions continue during and after significant disruptions.
- [Compliance Management System](/glossary/compliance-management-system): An integrated framework of policies, procedures, controls, and monitoring processes to ensure adherence to legal and reg
- [Compliance Risk](/glossary/compliance-risk): The current or prospective risk to earnings, capital, or reputation arising from violations of laws, regulations, rules,
- [Compliance Risk Assessment](/glossary/compliance-risk-assessment): The systematic process of identifying, analyzing, and prioritizing risks of non-compliance with laws, regulations, and o
- [Compliance Risk Management Software](/glossary/compliance-risk-management-software): Technology platforms that automate tracking, monitoring, and reporting of regulatory obligations, policy adherence, and 
- [Cyber Risk Quantification](/glossary/cyber-risk-quantification): The process of measuring cybersecurity risks in financial terms by estimating the probability and monetary impact of pot
- [Cyber Threat Modeling](/glossary/cyber-threat-modeling): A structured approach identifying potential attackers, attack vectors, and vulnerabilities to inform security architectu
- [Cybersecurity Control Framework](/glossary/cybersecurity-control-framework): A structured set of security controls and practices designed to protect information systems from cyber threats.
- [Cybersecurity Risk](/glossary/cybersecurity-risk): The potential for loss or harm from threats to information systems, data confidentiality, integrity, or availability.
- [Cybersecurity Risk Assessment](/glossary/cybersecurity-risk-assessment): A systematic evaluation of cyber threats, vulnerabilities, and potential impacts to determine an organization's exposure
- [Cybersecurity Risk Assessment Tools](/glossary/cybersecurity-risk-assessment-tools): Software applications and methodologies used to identify, analyze, and evaluate cyber threats, vulnerabilities, and pote
- [Cybersecurity Risk Management Framework](/glossary/cybersecurity-risk-management-framework): A systematic approach to identify, assess, prioritize, and mitigate cyber threats to information systems, networks, and 
- [Cybersecurity Risk Management Plan](/glossary/cybersecurity-risk-management-plan): A documented strategy outlining how an organization will identify, assess, mitigate, and monitor cybersecurity risks to 
- [Cybersecurity Risk Management Program](/glossary/cybersecurity-risk-management-program): The ongoing organizational initiative encompassing policies, processes, tools, and resources dedicated to managing cyber
- [Data Loss Prevention](/glossary/data-loss-prevention): Technologies and policies that detect and prevent unauthorized transmission, use, or exfiltration of sensitive informati
- [ESG Risk Integration](/glossary/esg-risk-integration): The incorporation of environmental, social, and governance factors into enterprise risk management processes and decisio
- [Enterprise Risk Management Framework](/glossary/enterprise-risk-management-framework): An integrated, organization-wide approach to identifying, assessing, and managing all material risks that could affect s
- [Enterprise Risk Reporting](/glossary/enterprise-risk-reporting): The systematic communication of risk information to stakeholders through dashboards, scorecards, and narratives that sup
- [Environmental, Social, and Governance Integration](/glossary/environmental-social-and-governance-integration): The incorporation of ESG factors into investment decisions, risk management processes, and corporate strategy.
- [IT Risk Management Framework](/glossary/it-risk-management-framework): A structured approach to identify, assess, and mitigate risks associated with information technology systems, infrastruc
- [Inherent Risk Rating](/glossary/inherent-risk-rating): The assessed level of risk before considering the mitigating effects of controls or other management actions.
- [Internal Control Framework](/glossary/internal-control-framework): A systematic structure of policies, procedures, and activities designed to provide reasonable assurance of achieving obj
- [Key Risk Indicator Threshold](/glossary/key-risk-indicator-threshold): A predetermined trigger point for a risk metric that signals when risk exposure exceeds acceptable levels requiring mana
- [Model Risk Management Framework](/glossary/model-risk-management-framework): A structured governance approach for identifying, assessing, and controlling risks arising from potential errors in mode
- [NIST AI Risk Management Framework](/glossary/nist-ai-risk-management-framework): A voluntary framework providing a structured approach to identify, assess, and manage risks throughout the AI system lif
- [NIST Risk Management Framework](/glossary/nist-risk-management-framework): A structured, seven-step process for integrating security, privacy, and cyber supply chain risk management activities in
- [Operational Loss Event](/glossary/operational-loss-event): An incident resulting in financial loss, service disruption, or other negative impact caused by inadequate or failed int
- [Operational Risk Appetite](/glossary/operational-risk-appetite): The amount of operational risk an organization is willing to accept in executing its business strategy and operations.
- [Operational Risk Assessment](/glossary/operational-risk-assessment): The systematic process of identifying, analyzing, and evaluating risks from operational failures, process breakdowns, an
- [Operational Risk Capital](/glossary/operational-risk-capital): Capital set aside by financial institutions to absorb potential losses from failed processes, people, systems, or extern
- [Operational Risk Capital Modeling](/glossary/operational-risk-capital-modeling): Quantitative techniques estimating capital reserves needed to absorb potential operational losses at a confidence level.
- [Operational Risk Event](/glossary/operational-risk-event): An occurrence resulting from inadequate or failed internal processes, people, systems, or external events causing loss.
- [Operational Risk Framework](/glossary/operational-risk-framework): The governance structure, policies, processes, and tools organizations use to systematically identify, measure, monitor,
- [Operational Risk Management](/glossary/operational-risk-management): The discipline of identifying, assessing, and mitigating risks arising from inadequate or failed internal processes, peo
- [Operational Risk Manager](/glossary/operational-risk-manager): A professional responsible for identifying, assessing, and mitigating risks stemming from internal processes, systems, p
- [Operational Risk Software](/glossary/operational-risk-software): Technology platforms that automate the collection, analysis, monitoring, and reporting of operational risks, incidents, 
- [Process Risk Assessment](/glossary/process-risk-assessment): A systematic evaluation of risks embedded in business processes to identify control gaps and improvement opportunities.
- [Project Risk Log](/glossary/project-risk-log): A living document that tracks identified project risks, their status, assigned owners, and action plans throughout the p
- [Project Risk Management Plan](/glossary/project-risk-management-plan): A document defining how risk management activities will be structured, executed, and monitored throughout a project life
- [Ransomware Response Plan](/glossary/ransomware-response-plan): A predefined set of procedures for detecting, containing, and recovering from ransomware attacks while managing decision
- [Regulatory Capital](/glossary/regulatory-capital): The minimum amount of capital financial institutions must hold to absorb losses and protect depositors, as mandated by r
- [Regulatory Compliance Risk Assessment](/glossary/regulatory-compliance-risk-assessment): A systematic evaluation of an organization's exposure to penalties, sanctions, or restrictions from failing to meet lega
- [Regulatory Risk Assessment](/glossary/regulatory-risk-assessment): The systematic evaluation of potential impacts from existing, changing, or emerging laws and regulatory requirements.
- [Reputation Risk](/glossary/reputation-risk): The potential for loss of stakeholder trust and brand value resulting from negative perceptions about organizational act
- [Reputational Risk](/glossary/reputational-risk): The potential for negative stakeholder perceptions to damage an organization's brand, customer relationships, or market 
- [Risk Assessment Methodology](/glossary/risk-assessment-methodology): A systematic approach defining how risks are identified, analyzed, evaluated, and prioritized using qualitative, quantit
- [Risk Identification](/glossary/risk-identification): The systematic process of discovering, recognizing, and describing risks that could affect organizational objectives.
- [Risk Management Framework](/glossary/risk-management-framework): A structured approach defining how an organization identifies, assesses, treats, monitors, and reports risks across all 
- [Risk Mitigation Strategy](/glossary/risk-mitigation-strategy): A planned set of actions designed to reduce the likelihood or impact of identified risks to acceptable levels within ris
- [Risk Owner](/glossary/risk-owner): An individual or team assigned accountability for managing a specific risk, including assessment, treatment, monitoring,
- [Risk Reporting Dashboard](/glossary/risk-reporting-dashboard): A visual interface presenting key risk metrics, indicators, trends, and status information to support management and boa
- [Risk Treatment](/glossary/risk-treatment): The process of selecting and implementing measures to modify risk through avoidance, mitigation, transfer, or acceptance
- [Risk-Based Auditing](/glossary/risk-based-auditing): An audit approach that prioritizes activities and allocates resources based on assessed risk levels rather than cyclical
- [Risk-Based Decision Making](/glossary/risk-based-decision-making): An approach where organizations systematically consider risk information alongside financial, strategic, and operational
- [Risk-Based Internal Auditing](/glossary/risk-based-internal-auditing): An audit approach prioritizing activities based on assessed risk levels to optimize assurance coverage and resource allo
- [Sanctions Compliance Risk](/glossary/sanctions-compliance-risk): The exposure to penalties from violating economic sanctions regimes imposed by governments or international bodies.
- [Security Risk Management Framework](/glossary/security-risk-management-framework): A comprehensive methodology for identifying, assessing, and mitigating security threats to organizational assets, operat
- [Supply Chain Disruption Risk](/glossary/supply-chain-disruption-risk): The potential for interruptions in the flow of goods, services, or information through supplier and logistics networks.
- [Supply Chain Risk Assessment](/glossary/supply-chain-risk-assessment): The systematic evaluation of vulnerabilities and threats across the supply chain that could disrupt operations, quality,
- [Three Lines Model](/glossary/three-lines-model): A governance framework defining roles and responsibilities across operational management, risk oversight, and independen
- [Top-Down Risk Assessment](/glossary/top-down-risk-assessment): A strategic approach where senior leadership identifies and evaluates enterprise-level risks that could prevent achievem
- [Vendor Risk Assessment](/glossary/vendor-risk-assessment): The evaluation process that determines the risk profile of third-party suppliers based on criticality, financial stabili
- [Vulnerability Management Program](/glossary/vulnerability-management-program): An ongoing process for identifying, classifying, prioritizing, remediating, and reporting security vulnerabilities acros
- [AI Autonomous Decision Risk](/glossary/ai-autonomous-decision-risk): The risk that AI systems making decisions without human oversight produce harmful, unintended, or uncontrollable outcome
- [AI Explainability](/glossary/ai-explainability): The ability to describe in understandable terms how an AI system reached its decisions, predictions, or recommendations.
- [AI Hallucination Risk](/glossary/ai-hallucination-risk): Tendency of generative AI models to produce convincingly presented but factually incorrect, nonsensical, or fabricated i
- [AI Model Drift Monitoring](/glossary/ai-model-drift-monitoring): The ongoing tracking of machine learning model performance degradation over time as data patterns, relationships, or pop
- [AI Model Governance](/glossary/ai-model-governance): Framework of policies, procedures, and controls ensuring artificial intelligence systems are developed, deployed, and mo
- [AI Risk Taxonomy](/glossary/ai-risk-taxonomy): Hierarchical classification system organizing AI-specific risks into categories such as technical, ethical, legal, opera
- [AI Training Data Quality Risk](/glossary/ai-training-data-quality-risk): Potential for poor, biased, or unrepresentative training data to produce unreliable, discriminatory, or harmful artifici
- [Adversarial Machine Learning](/glossary/adversarial-machine-learning): Techniques attackers use to manipulate AI models through crafted inputs that cause incorrect predictions or behaviors.
- [Algorithmic Bias Risk](/glossary/algorithmic-bias-risk): The risk that AI or automated decision systems produce systematically unfair outcomes due to biased training data or fla
- [Attack Surface](/glossary/attack-surface): The sum of all possible entry points where unauthorized users could attempt to access systems or extract data from an en
- [Audit Program](/glossary/audit-program): A documented set of audit procedures designed to test controls, verify compliance, and gather evidence for specific audi
- [Audit Trail](/glossary/audit-trail): Chronological record of system activities, transactions, or data changes enabling verification, reconstruction, and acco
- [Audit Universe](/glossary/audit-universe): The comprehensive inventory of all auditable entities, processes, and systems within an organization's scope.
- [Backtesting](/glossary/backtesting): Process of testing risk models by comparing their predictions against actual historical outcomes to validate accuracy an
- [Biodiversity Risk](/glossary/biodiversity-risk): Exposure to financial and operational impacts from ecosystem degradation, species loss, or dependence on threatened natu
- [Bow Tie Analysis](/glossary/bow-tie-analysis): A visual risk assessment method showing causes, preventive controls, consequences, and mitigative controls for a critica
- [Business Continuity Planning](/glossary/business-continuity-planning): The process of creating systems of prevention and recovery to maintain critical functions during and after disruptions.
- [Business Impact Tolerance](/glossary/business-impact-tolerance): Maximum duration an organization can withstand disruption to critical operations before experiencing unacceptable conseq
- [Change-Related Risk Assessment](/glossary/change-related-risk-assessment): Evaluation of potential risks introduced by organizational, technological, or process changes before implementation.
- [Circular Economy Risk](/glossary/circular-economy-risk): Exposure arising from business model transitions toward resource reuse, recycling, and regeneration, including execution
- [Climate Physical Risk](/glossary/climate-physical-risk): Potential financial losses and operational impacts from acute weather events or chronic climate changes affecting assets
- [Climate Scenario Analysis](/glossary/climate-scenario-analysis): Forward-looking assessment of potential climate-related financial impacts under different temperature pathways and trans
- [Climate Transition Risk](/glossary/climate-transition-risk): Financial and operational risks arising from the shift toward a low-carbon economy including policy changes, technology 
- [Compliance Monitoring](/glossary/compliance-monitoring): Ongoing surveillance and testing activities to verify adherence to laws, regulations, policies, and contractual obligati
- [Compliance Obligation Register](/glossary/compliance-obligation-register): Comprehensive inventory of all legal, regulatory, contractual, and internal policy requirements applicable to an organiz
- [Compliance Risk Culture](/glossary/compliance-risk-culture): The collective values, beliefs, and behaviors within an organization that influence how employees perceive and respond t
- [Compliance Testing Sampling Methodology](/glossary/compliance-testing-sampling-methodology): Statistical approach for selecting representative subsets of transactions or controls to verify compliance with requirem
- [Concentration Risk](/glossary/concentration-risk): Exposure arising from over-reliance on a single customer, supplier, geographic region, product, or counterparty creating
- [Consent Order](/glossary/consent-order): A legally binding agreement between a regulator and an organization requiring specific remedial actions to address ident
- [Continuous Control Monitoring](/glossary/continuous-control-monitoring): Automated, ongoing evaluation of control performance using technology to detect exceptions, failures, or deterioration i
- [Control Deficiency](/glossary/control-deficiency): Weakness in internal control design or operation that reduces the likelihood of preventing or detecting errors, fraud, o
- [Control Effectiveness Testing](/glossary/control-effectiveness-testing): Systematic evaluation of whether internal controls operate as designed and achieve their intended risk mitigation object
- [Control Environment](/glossary/control-environment): The collective attitude, awareness, and actions of management and the board concerning internal controls and their impor

---
Source of truth: https://riskpedia.co.in