# RiskPedia — full content snapshot for AI assistants

This file is generated live from the RiskPedia database. It contains plain-text summaries of every framework, India-regulator deep-dive, tool, newsletter and glossary term. Use it to answer questions about risk management frameworks (ISO 31000, COSO ERM, NIST RMF, ISO 27001, Basel III/IV, NIS2, DORA, SOC 2 …) and India BFSI compliance (RBI MD-ITGRC 2023, SEBI CSCRF 2024, IRDAI 2026, CERT-In 6-hour reporting, DPDP Act 2023 + Rules 2025).

Generated: 2026-06-13T16:04:19.358952+00:00

## Risk Frameworks (Library)

- [ISO 31000](/library/iso-31000): Risk Management Guidelines
- [COSO ERM](/library/coso-erm): Enterprise Risk Management — Integrated Framework
- [NIST RMF](/library/nist-rmf): SP 800-37 Risk Management Framework
- [ISO/IEC 27001](/library/iso-27001): Information Security Management Systems
- [Basel III/IV](/library/basel-iii): Banking capital and liquidity standards
- [Solvency II](/library/solvency-ii): EU insurance prudential regime
- [FERMA](/library/ferma): European risk management standard
- [COBIT 2019](/library/cobit): IT governance and management
- [PMBOK](/library/pmbok): Project Management Body of Knowledge
- [PRINCE2](/library/prince2): PRojects IN Controlled Environments
- [M_o_R](/library/m-o-r): Management of Risk
- [SAFe](/library/safe): Scaled Agile Framework
- [Six Sigma](/library/six-sigma): DMAIC and DMADV
- [Lean Six Sigma](/library/lean-six-sigma)
- [FMEA](/library/fmea): Failure Mode and Effects Analysis
- [ISO 9001](/library/iso-9001): Quality Management Systems
- [Bow-Tie](/library/bow-tie): Bow-Tie Risk Analysis
- [Monte Carlo](/library/monte-carlo): Monte Carlo Simulation
- [FTA](/library/fta): Fault Tree Analysis (IEC 61025)
- [HAZOP](/library/hazop): Hazard and Operability Study
- [RCA](/library/rca): Root Cause Analysis
- [SWOT/PESTLE](/library/swot-pestle): Strategic Risk Scans
- [ITIL 4](/library/itil): IT Service Management
- [NIS2](/library/nis2): EU Network and Information Security Directive
- [DORA](/library/dora): Digital Operational Resilience Act
- [SOC 2](/library/soc-2): AICPA Trust Services Criteria

## India Regulatory Hub — Deep Dive

- [India Hub Landing](/india)
- [RBI](/india/rbi): Master Direction on IT Governance, Risk, Controls and Assurance (MD-ITGRC 2023)
- [SEBI](/india/sebi): Cybersecurity & Cyber Resilience Framework (CSCRF) 2024
- [IRDAI](/india/irdai): Cybersecurity Guidelines (April 2026)
- [CERT-In](/india/cert-in): April 2022 Directions — 6-hour reporting, 180-day logs
- [CERT-In Incidents](/india/cert-in/incidents): 26 reportable incident types
- [CERT-In Reporting SOP](/india/cert-in/reporting): 6-hour workflow
- [CERT-In Technical Mandates](/india/cert-in/technical)
- [DPDP Act 2023](/india/dpdp): Digital Personal Data Protection Act
- [DPDP Obligations](/india/dpdp/obligations): 8 fiduciary obligations (§5–§16)
- [DPDP Entity Types](/india/dpdp/entity-types): Data Fiduciary vs SDF vs Processor
- [DPDP Consent](/india/dpdp/consent): consent + Consent Manager
- [DPDP Timeline](/india/dpdp/timeline): 2023-2027 enforcement
- [Multi-Regulator Breach Playbook](/india/breach-playbook)
- [Regulator Overlap Matrix](/india/overlap-matrix)
- [Entity-Type Navigator](/india/entity-navigator)
- [AI in BFSI Regulatory Map](/india/ai-bfsi)
- [Board Governance Map](/india/board-governance)
- [India Templates](/india/templates)
- [India Glossary](/india/glossary)

## Newsletters & E-books

- [Newsletters Hub](/newsletters)
- India Risk Digest — The week's Indian regulatory alerts, upcoming RBI/SEBI/IRDAI/CERT-In/DPDP deadlines and a rotating regulator spotlight — compiled from the India Regulatory Hub.
- India Annual Risk Report — The definitive AI-generated review of India's BFSI regulatory year — enforcement roundup, regulator-by-regulator recap and the outlook for the year ahead. Gener
- DPDP Act Framework Guide — The complete e-book guide to the DPDP Act 2023 + Rules 2025 — eight fiduciary obligations, SDF vs Processor roles, the consent framework and the enforcement tim
- CERT-In 6-Hour Reporting How-To Guide — Step-by-step how-to for surviving the world's fastest breach-notification clock — the clock-aware SOP, the 26 reportable incident types and the technical mandat

## Risk Tools Marketplace

- [Tools Marketplace](/tools)
- [Acceptable Use of Assets](/tools/acceptable-use-policy): Annex A.6 requirement
- [Asset Criticality Register](/tools/asset-criticality-register): ISMS Annex A prerequisite
- [Balanced Scorecard Template](/tools/balanced-scorecard): Links KPIs to risk appetite
- [Bow Tie Risk Analysis](/tools/bow-tie-risk-analysis): Visualize threat pathways, controls, and consequences for critical risks in a single diagram.
- [BYOD Policy](/tools/byod-policy): Post-COVID staple
- [CAPA Log](/tools/capa-log): Corrective action tracking
- [Compliance Management](/tools/compliance-management-policy): RBI / SEBI compliance overlay
- [Concentration Risk Analyzer](/tools/concentration-risk-analyzer): RBI / Basel III Pillar 2
- [Control Gap Assessment Template](/tools/control-gap-assessment): Lead magnet – compliance entry point
- [Control Inventory Template](/tools/control-inventory): Step 3 of NIST RMF cycle
- [Control Self-Assessment Checklist](/tools/control-self-assessment-checklist): Structured questionnaire for process owners to evaluate internal control effectiveness quarterly.
- [Control-to-Regulation Mapping](/tools/control-to-regulation-mapping): High-value; multi-framework overlay
- [Cyber Kill Chain Mapper](/tools/cyber-kill-chain-mapper): Map attacker tactics to your defenses across reconnaissance, delivery, exploitation, and exfiltration stages.
- [Cyber Risk Register](/tools/cyber-risk-register): Lead magnet – highest IT search vol.
- [Data Privacy Impact Assessment](/tools/data-privacy-impact-assessment): Structured evaluation of personal-data processing activities to identify and mitigate privacy risks.
- [DR Approach Document](/tools/dr-approach-document): DR strategy documentation
- [DR Asset Register](/tools/dr-asset-register): Critical asset inventory
- [DR Closure Report](/tools/dr-closure-report): Post-DR test artefact
- [DR Comms Plan](/tools/dr-comms-plan): Stakeholder comms during DR
- [DR Plan Template](/tools/dr-plan-template): BCP / DR programme
- [Emerging Risk Log](/tools/emerging-risk-log): Board reporting use-case
- [Enterprise Control Library](/tools/enterprise-control-library): Reusable across frameworks
- [Enterprise Issue Log](/tools/enterprise-issue-log): Service desk backbone
- [Enterprise Risk Dashboard](/tools/enterprise-risk-dashboard): Lead magnet – high visual impact
- [Enterprise Risk Register](/tools/enterprise-risk-register): Lead magnet – highest search volume
- [ESG Materiality Matrix Builder](/tools/esg-materiality-matrix-builder): Prioritize environmental, social, and governance topics by stakeholder importance and business impact.
- [Fishbone (Ishikawa) Diagram](/tools/fishbone): Visual root-cause analysis with the classic 6M bones — Methods, Machines, Materials, Manpower, Measurement, Environment. AI suggests likely 
- [5 Whys Root Cause](/tools/five-whys): AI-guided 5-Whys root-cause analysis — keep asking 'why?' until the systemic cause emerges, with Claude suggesting the next layer.
- [5×5 Risk Heat Map](/tools/heat-map): Plot your register on a 5×5 probability vs impact heat map. Click cells, drag risks, export as PNG.
- [Incident Classification Matrix](/tools/incident-classification-matrix): Lead magnet – IT ops teams
- [Incident Management Policy](/tools/incident-management-policy): ITIL 4 Practice artefact
- [Incident Management Process](/tools/incident-management-process): Process documentation
- [Information Classification Policy](/tools/information-classification-policy): Annex A.8 requirement
- [Information Transfer Policy](/tools/information-transfer-policy): GDPR / DPDP Act aligned
- [Inherent vs Residual Risk Model](/tools/inherent-vs-residual-risk-model): Auditor favourite
- [Intern Incident Report](/tools/intern-incident-report): Operational logging
- [ISMS Policy](/tools/isms-policy): Certification audit artefact
- [Issue Severity Matrix](/tools/issue-severity-matrix): Lead magnet – help-desk teams
- [IT Asset Management Policy](/tools/it-asset-management-policy): ISO 27001 / COBIT aligned
- [Key Risk Indicator Dashboard](/tools/key-risk-indicator-dashboard): Real-time visualization of leading and lagging risk metrics with automated threshold alerts.
- [KPI–KRI Mapping Sheet](/tools/kpi-kri-mapping): Core COSO ERM artefact
- [KPI KRI Monitoring Panel](/tools/kpi-kri-monitoring-panel): Live dashboard companion
- [KRI Definition Register](/tools/kri-definition-register): Governance prerequisite
- [KRI Register](/tools/kri-register): Operational monitoring
- [Loss Exceedance Curve Calculator](/tools/loss-exceedance-curve-calculator): Estimate probability of financial losses exceeding thresholds using historical or scenario data.
- [Major Incident Report Template](/tools/major-incident-report): P1/P2 post-incident review
- [Major Problem Report Template](/tools/major-problem-report): Post-incident deep-dive
- [Mobile Devices & Teleworking Policy](/tools/mobile-teleworking-policy): Annex A.6.2 requirement
- [Password Policy](/tools/password-policy): Basic hygiene
- [Problem Management Process](/tools/problem-management-process): ITIL / PRINCE2 crossover
- [Problem Record Template](/tools/problem-record): Root cause documentation
- [Project Plan Builder](/tools/project-plan): Pre-loaded WBS for an end-to-end risk-management programme — tasks, owners, dates, dependencies. Excel export.
- [Project Risk Probability-Impact Matrix](/tools/project-risk-probability-impact-matrix): Visual grid mapping likelihood and consequence of project threats to prioritize mitigation efforts.
- [RACI Matrix Builder](/tools/raci-matrix): Map risk-management responsibilities across activities and roles — Responsible / Accountable / Consulted / Informed.
- [Residual Risk Calculator](/tools/residual-risk-calculator): Pairs with Impact Scoring Model
- [Risk Categorization Matrix](/tools/risk-categorization-matrix): Lead magnet – framework entry point
- [Risk Dependency Mapping](/tools/risk-dependency-mapping): Complex; justifies Pro gating
- [Risk Exposure Summary Panel](/tools/risk-exposure-summary-panel): CFO / Board reporting
- [Risk Heatmap Generator](/tools/risk-heatmap-generator): High-retention tool; recurring use
- [Risk Impact Scoring Model](/tools/risk-impact-scoring-model): Used in every risk assessment cycle
- [Risk Register](/tools/risk-register): Track risks with probability, impact, score, owner, treatment and status. Cloud-synced workspaces + team collaboration + CSV export.
- [Risk Reporting Dashboard](/tools/risk-reporting-dashboard): Monthly risk committee pack
- [Risk Score Calculator](/tools/risk-score): Quick probability × impact calculator with NIST-style severity bands and treatment guidance.
- [Risk-to-Control Mapping Sheet](/tools/risk-to-control-mapping): Core RMF artefact
- [Risk Trend Analysis Sheet](/tools/risk-trend-analysis-sheet): Quarterly review staple
- [Risk Velocity Tracker](/tools/risk-velocity-tracker): Differentiator
- [Scenario Analysis Sheet](/tools/scenario-analysis-sheet): Monte Carlo companion
- [Scenario Analysis Stress Testing](/tools/scenario-analysis-stress-testing): Quantifies financial impact of extreme but plausible adverse scenarios on key business metrics.
- [Security Incident Mgmt Process](/tools/security-incident-mgmt-process): ISO 27001 / ITIL crossover
- [Strategic Risk Register](/tools/strategic-risk-register): C-suite / CRO audience
- [Structure Damage Incident Report](/tools/structure-damage-incident-report): Facilities / physical risk
- [Supplier Risk Scoring Matrix](/tools/supplier-risk-scoring-matrix): Outsourcing risk – RBI guidelines
- [Third-Party Risk Register](/tools/third-party-risk-register): Third-party risk management
- [Third-Party Risk Scorecard](/tools/third-party-risk-scorecard): Weighted scoring system to rate vendor cybersecurity, financial stability, and compliance posture.
- [Third-Party Risk Scoring Calculator](/tools/third-party-risk-scoring-calculator): Quantifies vendor risk exposure using weighted criticality factors and control maturity scores.
- [Third-Party Risk Scoring Sheet](/tools/third-party-risk-scoring-sheet): Supplier / vendor onboarding
- [Threat Landscape Monitoring Log](/tools/threat-landscape-log): SOC team tool
- [Vendor Risk Assessment Template](/tools/vendor-risk-assessment): Procurement / SCM teams
- [Vulnerability Prioritization Matrix](/tools/vulnerability-prioritization-matrix): CVSS scoring companion
- [Vulnerability Remediation Tracker](/tools/vulnerability-remediation-tracker): Centralized log to prioritize, assign, and monitor closure of identified security vulnerabilities.

## Glossary (top 100 terms)

- [AI Explainability](/glossary/ai-explainability): The degree to which AI system decisions and processes can be understood and interpreted by humans.
- [AI Governance](/glossary/ai-governance): The framework of policies, standards, and oversight mechanisms ensuring responsible development and deployment of artifi
- [AI Hallucination Risk](/glossary/ai-hallucination-risk): The tendency of generative AI models to confidently produce false, fabricated, or nonsensical information as fact.
- [AI Model Governance](/glossary/ai-model-governance): The framework of policies, processes, and controls ensuring AI systems are developed, deployed, and monitored ethically,
- [AI Training Data Poisoning](/glossary/ai-training-data-poisoning): Deliberate corruption of machine learning training datasets to manipulate model behavior or create vulnerabilities.
- [Adversarial Machine Learning](/glossary/adversarial-machine-learning): Techniques to deceive AI systems through carefully crafted inputs that cause misclassification or incorrect outputs.
- [Algorithmic Accountability](/glossary/algorithmic-accountability): Frameworks ensuring AI systems and automated decision-making processes remain traceable, explainable, and subject to hum
- [Algorithmic Bias](/glossary/algorithmic-bias): Systematic and unfair discrimination in AI system outputs resulting from biased training data or flawed design.
- [Assumption Breach](/glossary/assumption-breach): When foundational premises underlying risk models, strategies, or controls prove invalid, exposing organizations to unan
- [Attack Surface Management](/glossary/attack-surface-management): Continuous discovery, classification, and monitoring of an organization's internet-facing digital assets to identify vul
- [Audit Fatigue](/glossary/audit-fatigue): Organizational exhaustion and declining cooperation quality from excessive, overlapping, or poorly coordinated audit and
- [Audit Trail](/glossary/audit-trail): A chronological record documenting the sequence of activities affecting operations, procedures, or events.
- [Audit Universe](/glossary/audit-universe): The comprehensive inventory of all auditable entities, processes, and systems within an organization's scope, used to pr
- [Backtesting](/glossary/backtesting): Validation technique comparing risk model predictions against actual historical outcomes to assess model accuracy and ca
- [Bow Tie Analysis](/glossary/bow-tie-analysis): A risk visualization method showing potential causes, preventive barriers, consequences, and mitigating controls around 
- [Business Continuity Planning](/glossary/business-continuity-planning): The process of creating systems to prevent and recover from potential threats to ensure continuous operations.
- [Business Impact Analysis](/glossary/business-impact-analysis): A systematic process identifying critical functions and quantifying operational and financial consequences of potential 
- [Carbon Transition Risk](/glossary/carbon-transition-risk): Financial and operational exposures arising from the shift toward a low-carbon economy through policy, technology, and m
- [Circular Economy Risk](/glossary/circular-economy-risk): Risks arising from transitioning to circular business models that minimize waste and maximize resource reuse, recovery, 
- [Climate Risk](/glossary/climate-risk): Financial and operational threats arising from climate change, including physical hazards and transition impacts.
- [Compliance Automation](/glossary/compliance-automation): Application of technology to execute compliance tasks, monitoring, and reporting with minimal human intervention.
- [Compliance Drift](/glossary/compliance-drift): Gradual deviation from regulatory requirements or internal policies through incremental process changes, exceptions, and
- [Compliance Monitoring](/glossary/compliance-monitoring): Ongoing surveillance activities that verify adherence to laws, regulations, internal policies, and contractual obligatio
- [Compliance Obligation Register](/glossary/compliance-obligation-register): Centralized inventory of all legal, regulatory, contractual, and voluntary commitments that create compliance requiremen
- [Compliance Risk Assessment](/glossary/compliance-risk-assessment): Systematic evaluation of potential violations of laws, regulations, and internal policies, including likelihood and cons
- [Composite Risk Indicator](/glossary/composite-risk-indicator): An aggregated metric combining multiple risk signals or KRIs to provide a single, holistic view of risk exposure in a do
- [Concentration Risk](/glossary/concentration-risk): Exposure to potential losses arising from an overreliance on a single counterparty, asset, market, geography, or revenue
- [Conduct Risk](/glossary/conduct-risk): The risk of inappropriate behavior by employees or the organization that results in poor customer outcomes, market integ
- [Continuous Auditing](/glossary/continuous-auditing): Automated audit methodology using technology to perform continuous or frequent testing of controls and transactions rath
- [Continuous Compliance Monitoring](/glossary/continuous-compliance-monitoring): Automated, real-time surveillance of activities, transactions, and controls to detect compliance deviations as they occu
- [Control Attestation](/glossary/control-attestation): Formal certification by control owners that assigned controls are designed effectively and operating as intended.
- [Control Decay](/glossary/control-decay): The gradual deterioration of control effectiveness over time due to changes in processes, personnel, technology, or envi
- [Control Deficiency](/glossary/control-deficiency): A weakness in the design or operation of internal controls that reduces the likelihood of achieving control objectives a
- [Control Effectiveness Testing](/glossary/control-effectiveness-testing): Systematic evaluation of whether implemented controls operate as designed and achieve their intended risk mitigation obj
- [Control Environment](/glossary/control-environment): The organizational culture, governance structures, and management attitudes that influence control consciousness and eff
- [Control Gap Analysis](/glossary/control-gap-analysis): Systematic comparison of existing controls against required or desired control states to identify deficiencies requiring
- [Control Re-Performance](/glossary/control-re-performance): Audit technique where auditors independently execute the control procedure to verify it produces expected results.
- [Control Self-Assessment](/glossary/control-self-assessment): A process where business unit personnel evaluate the effectiveness of their own risk controls and governance practices.
- [Control Testing Program](/glossary/control-testing-program): Systematic schedule of evaluations verifying that internal controls operate effectively and as designed throughout the y
- [Counterparty Credit Risk](/glossary/counterparty-credit-risk): The possibility that a party to a financial contract will default on obligations before settlement or during the contrac
- [Credit Spread Risk](/glossary/credit-spread-risk): The risk that the difference between yields on corporate bonds and risk-free government securities will widen, decreasin
- [Critical Tier Supplier](/glossary/critical-tier-supplier): A supplier whose failure would cause severe operational disruption, significant financial loss, or critical safety and c
- [Cross-Border Data Transfer Risk](/glossary/cross-border-data-transfer-risk): Risks arising from moving personal or sensitive data across international borders, including regulatory violations, acce
- [Cyber Insurance Gap](/glossary/cyber-insurance-gap): The difference between an organization's total cyber risk exposure and the coverage provided by insurance policies.
- [Cyber Resilience](/glossary/cyber-resilience): An organization's ability to prepare for, withstand, recover from, and adapt to cyber attacks while maintaining operatio
- [Cyber Risk Quantification](/glossary/cyber-risk-quantification): Methodology translating cybersecurity threats into financial terms using probability, loss magnitude, and exposure analy
- [Cyber Threat Intelligence](/glossary/cyber-threat-intelligence): Analyzed information about potential or current cyberattacks that enables proactive defense and informed security decisi
- [Cybersecurity Kill Chain](/glossary/cybersecurity-kill-chain): A framework describing the sequential stages of a cyber attack from reconnaissance through data exfiltration or objectiv
- [Cybersecurity Maturity Model](/glossary/cybersecurity-maturity-model): A framework measuring an organization's cybersecurity capabilities across defined maturity levels.
- [Cybersecurity Mesh Architecture](/glossary/cybersecurity-mesh-architecture): Distributed approach to security that creates a perimeter around each digital asset rather than centralized network boun
- [Data Loss Prevention](/glossary/data-loss-prevention): Security technologies and policies designed to detect and prevent unauthorized transmission or exfiltration of sensitive
- [Disaster Recovery Time Objective](/glossary/disaster-recovery-time-objective): The target duration within which a business process or system must be restored after a disaster to avoid unacceptable co
- [Double Materiality](/glossary/double-materiality): The principle that organizations must assess both how sustainability issues affect financial performance and how their o
- [Dual-Use Technology Risk](/glossary/dual-use-technology-risk): Exposure arising from technologies developed for legitimate purposes that can be repurposed for harmful or malicious app
- [Dynamic Risk Assessment](/glossary/dynamic-risk-assessment): Real-time risk evaluation methodology that continuously updates risk ratings based on changing conditions rather than pe
- [ESG Materiality Assessment](/glossary/esg-materiality-assessment): Process determining which environmental, social, and governance issues significantly impact financial performance or sta
- [ESG Rating Divergence Risk](/glossary/esg-rating-divergence-risk): Exposure to inconsistent sustainability assessments across rating agencies due to varying methodologies and data sources
- [ESG Risk](/glossary/esg-risk): Potential negative impacts to a company's value arising from environmental, social, or governance factors.
- [Emerging Risk](/glossary/emerging-risk): A newly developing or evolving risk that is difficult to quantify and may have significant future impact but lacks histo
- [Enterprise Risk Modeling](/glossary/enterprise-risk-modeling): Quantitative framework integrating multiple risk types to assess aggregate exposure, correlations, and potential losses 
- [Epistemic Uncertainty](/glossary/epistemic-uncertainty): Uncertainty arising from incomplete knowledge or data that could theoretically be reduced through additional information
- [Expected Loss](/glossary/expected-loss): The anticipated average loss from a risk over a specified period, calculated as probability of occurrence multiplied by 
- [Fourth-Party Risk](/glossary/fourth-party-risk): Exposure arising from an organization's third-party vendors' reliance on their own external service providers and subcon
- [Fraud Risk Assessment](/glossary/fraud-risk-assessment): Systematic evaluation of organizational vulnerabilities to internal and external fraud schemes across processes and cont
- [Geopolitical Risk](/glossary/geopolitical-risk): Potential impacts on business from political events, government actions, conflicts, or instability in countries where an
- [Greenwashing Risk](/glossary/greenwashing-risk): The reputational and regulatory exposure from misleading stakeholders about environmental practices, sustainability effo
- [Identity and Access Governance](/glossary/identity-and-access-governance): The framework ensuring appropriate user access rights through lifecycle management, policy enforcement, certification ca
- [Inherent Risk](/glossary/inherent-risk): The level of risk before any controls or mitigation measures are applied to reduce impact or likelihood.
- [Inherent Versus Residual Risk Analysis](/glossary/inherent-versus-residual-risk-analysis): Comparison of risk levels before controls are applied versus after controls reduce likelihood or impact.
- [Insider Threat](/glossary/insider-threat): Security risks posed by individuals within an organization who misuse access to harm the company or its data.
- [Integrated Assurance](/glossary/integrated-assurance): Coordinated approach aligning all assurance activities across an organization to optimize coverage, eliminate duplicatio
- [Interest Rate Risk in the Banking Book](/glossary/interest-rate-risk-in-the-banking-book): The exposure of a bank's non-trading positions to adverse movements in interest rates affecting net interest income and 
- [Issue Management Workflow](/glossary/issue-management-workflow): Structured process for identifying, documenting, tracking, and resolving control deficiencies, audit findings, and risk 
- [Just-in-Time Risk](/glossary/just-in-time-risk): Vulnerability arising from lean inventory practices that minimize buffer stock, creating exposure to supply disruptions 
- [Key Control](/glossary/key-control): A critical control activity that must operate effectively to mitigate significant risks and prevent material errors or c
- [Key Risk Indicator](/glossary/key-risk-indicator): A metric used to provide early warning signals of increasing risk exposure or potential risk events.
- [Liquidity Risk](/glossary/liquidity-risk): The risk that an entity cannot meet financial obligations when due without incurring unacceptable losses from asset liqu
- [Logistics Network Resilience](/glossary/logistics-network-resilience): The capability of a supply chain to anticipate, prepare for, respond to, and recover from disruption events.
- [Loss Given Default](/glossary/loss-given-default): The proportion of exposure a lender expects to lose when a borrower defaults, after accounting for recoveries from colla
- [Machine Learning Model Validation](/glossary/machine-learning-model-validation): Independent review of AI models' development, performance, limitations, and controls to ensure reliability and complianc
- [Maturity Model Assessment](/glossary/maturity-model-assessment): Evaluation framework measuring an organization's risk management capabilities against defined progression levels from in
- [Model Drift](/glossary/model-drift): The degradation of a predictive model's accuracy over time as relationships between input features and outputs change in
- [Model Risk](/glossary/model-risk): The potential for adverse consequences from decisions based on incorrect or misused quantitative models.
- [Monte Carlo Simulation](/glossary/monte-carlo-simulation): A computational technique using repeated random sampling to model the probability distribution of outcomes when multiple
- [Nature-Related Risk](/glossary/nature-related-risk): Threats to organizational performance arising from dependence on ecosystem services and impacts from biodiversity loss, 
- [Non-Financial Risk](/glossary/non-financial-risk): All risks other than credit, market, and liquidity risks, including operational, compliance, conduct, reputational, stra
- [Operational Loss Database](/glossary/operational-loss-database): Centralized repository documenting internal operational failures, losses, and near-misses to support risk analysis and m
- [Operational Resilience](/glossary/operational-resilience): The capability to prevent, adapt to, respond to, recover from, and learn from operational disruptions.
- [Operational Risk Appetite](/glossary/operational-risk-appetite): The level of operational risk an organization is willing to accept in pursuit of its business objectives and strategy.
- [Operational Risk Capital](/glossary/operational-risk-capital): Financial capital held to absorb potential losses from failed internal processes, people, systems, or external events.
- [Operational Risk Event Classification](/glossary/operational-risk-event-classification): A standardized taxonomy for categorizing operational risk losses and near-misses to enable consistent data collection, a
- [Parametric Insurance](/glossary/parametric-insurance): Coverage that pays predetermined amounts based on triggering events measured by objective parameters rather than actual 
- [Physical Climate Risk Assessment](/glossary/physical-climate-risk-assessment): Evaluation of how acute weather events and chronic climate changes threaten assets, operations, and supply chains.
- [Polymorphic Malware](/glossary/polymorphic-malware): Malicious software that continuously changes its code signature to evade signature-based detection while maintaining its
- [Pre-Mortem Analysis](/glossary/pre-mortem-analysis): A prospective risk identification technique where teams imagine a project has failed and work backward to identify poten
- [Privileged Access Management](/glossary/privileged-access-management): Security practices and technologies controlling and monitoring elevated access rights to critical systems and sensitive 
- [Process Mining for Risk Detection](/glossary/process-mining-for-risk-detection): Automated analysis of event logs to discover, monitor, and improve actual business processes for risk identification.
- [Project Risk Burndown](/glossary/project-risk-burndown): Tracking metric that visualizes the reduction of identified project risks over time as mitigation actions are completed.
- [Project Risk Interdependency Analysis](/glossary/project-risk-interdependency-analysis): Assessment of how risks across project activities, workstreams, or related initiatives influence and amplify each other.
- [Project Risk Register](/glossary/project-risk-register): A document identifying, assessing, and tracking risks that could impact project objectives, timelines, or budgets.

---
Source of truth: https://riskpedia.co.in