A multidisciplinary committee that evaluates AI initiatives for ethical implications, fairness, bias, and alignment with organizational values.

The evaluation of potential harms and failures arising from artificial intelligence systems throughout their lifecycle.

A structured approach to identify, assess, and mitigate risks throughout the AI system lifecycle from design to deployment and monitoring.

The holistic management process ensuring critical business functions continue during and after significant disruptions.

An integrated framework of policies, procedures, controls, and monitoring processes to ensure adherence to legal and regulatory requirements.

The current or prospective risk to earnings, capital, or reputation arising from violations of laws, regulations, rules, or organizational standards.

The systematic process of identifying, analyzing, and prioritizing risks of non-compliance with laws, regulations, and organizational policies.

A structured set of security controls and practices designed to protect information systems from cyber threats.

The potential for loss or harm from threats to information systems, data confidentiality, integrity, or availability.

A systematic evaluation of cyber threats, vulnerabilities, and potential impacts to determine an organization's exposure to cyberattacks and data breaches.

A systematic approach to identify, assess, prioritize, and mitigate cyber threats to information systems, networks, and digital assets.

A documented strategy outlining how an organization will identify, assess, mitigate, and monitor cybersecurity risks to protect information assets.

The ongoing organizational initiative encompassing policies, processes, tools, and resources dedicated to managing cybersecurity risks across the enterprise.

Technologies and policies that detect and prevent unauthorized transmission, use, or exfiltration of sensitive information.

The incorporation of environmental, social, and governance factors into enterprise risk management processes and decision-making.

An integrated, organization-wide approach to identifying, assessing, and managing all material risks that could affect strategic objectives and value creation.

A structured approach to identify, assess, and mitigate risks associated with information technology systems, infrastructure, and digital operations.

The assessed level of risk before considering the mitigating effects of controls or other management actions.

A systematic structure of policies, procedures, and activities designed to provide reasonable assurance of achieving objectives.

A predetermined trigger point for a risk metric that signals when risk exposure exceeds acceptable levels requiring management action.

A structured governance approach for identifying, assessing, and controlling risks arising from potential errors in model development, implementation, or use.

A voluntary framework providing a structured approach to identify, assess, and manage risks throughout the AI system lifecycle.

A structured, seven-step process for integrating security, privacy, and cyber supply chain risk management activities into the system development life cycle.

The amount of operational risk an organization is willing to accept in executing its business strategy and operations.

The systematic process of identifying, analyzing, and evaluating risks from operational failures, process breakdowns, and business disruption events.

Capital set aside by financial institutions to absorb potential losses from failed processes, people, systems, or external events.

An occurrence resulting from inadequate or failed internal processes, people, systems, or external events causing loss.

The governance structure, policies, processes, and tools organizations use to systematically identify, measure, monitor, and control operational risks.

The discipline of identifying, assessing, and mitigating risks arising from inadequate or failed internal processes, people, systems, or external events.

A systematic evaluation of risks embedded in business processes to identify control gaps and improvement opportunities.

A living document that tracks identified project risks, their status, assigned owners, and action plans throughout the project lifecycle.

A predefined set of procedures for detecting, containing, and recovering from ransomware attacks while managing decisions about payment.

The minimum amount of capital financial institutions must hold to absorb losses and protect depositors, as mandated by regulators.

A systematic evaluation of an organization's exposure to penalties, sanctions, or restrictions from failing to meet legal and regulatory requirements.

The potential for negative stakeholder perceptions to damage an organization's brand, customer relationships, or market position.

The systematic process of discovering, recognizing, and describing risks that could affect organizational objectives.

A structured approach defining how an organization identifies, assesses, treats, monitors, and reports risks across all business functions.

A visual interface presenting key risk metrics, indicators, trends, and status information to support management and board decision-making.

The process of selecting and implementing measures to modify risk through avoidance, mitigation, transfer, or acceptance strategies.

A comprehensive methodology for identifying, assessing, and mitigating security threats to organizational assets, operations, and stakeholders.

The potential for interruptions in the flow of goods, services, or information through supplier and logistics networks.

The systematic evaluation of vulnerabilities and threats across the supply chain that could disrupt operations, quality, or regulatory compliance.

A governance framework defining roles and responsibilities across operational management, risk oversight, and independent assurance.

An ongoing process for identifying, classifying, prioritizing, remediating, and reporting security vulnerabilities across IT assets.

The risk that AI systems making decisions without human oversight produce harmful, unintended, or uncontrollable outcomes.

The ability to describe in understandable terms how an AI system reached its decisions, predictions, or recommendations.

Tendency of generative AI models to produce convincingly presented but factually incorrect, nonsensical, or fabricated information.

The ongoing tracking of machine learning model performance degradation over time as data patterns, relationships, or populations change.

Framework of policies, procedures, and controls ensuring artificial intelligence systems are developed, deployed, and monitored responsibly.

Hierarchical classification system organizing AI-specific risks into categories such as technical, ethical, legal, operational, and societal domains.