These are the definitions for terms related to risk, risk tasks, risk controls and risk tags. Visit our main Data dictionary page to learn more. And find out more about risks in our Community pages.
Risk
| Term | Description |
| Accountable | The name of the person accountable for the risk. |
| Approval state | The approval status for the risk. For example: awaiting approval, draft, not applicable and not approved. |
| Approver | The name of the person that can approve a risk. |
| Assurances | Any measures that have been put in place to mitigate the risk. |
| Category | The category of the risk, such as business interruption, health and safety or patient safety. Risk categories are set by your organisation. |
| Consequence score | The current consequence score for the risk. |
| Consulted / Informed | The name of the person or people that need to be consulted or informed about the risk. |
| Controls implemented | The number of controls already implemented for the risk. Controls are mitigating factors for the risk. |
| Controls outstanding | The number of controls not yet completed for the risk. Controls are mitigating factors for the risk. |
| Created by | The name of the user who created the risk. |
| Created on | The date when the risk was created. |
| Created With Board Assurance Framework | Notes if the risk was created within the Board Assurance Framework. If it was, assurance details such as objectives, accountability and others will appear in the PDF export and the overview tab of the risk. |
| Current score | The current score of the risk, as defined by the person reviewing the risk. |
| Date approved | The date when the risk was approved. |
| Date risk identified | The date when the risk was noticed. |
| Date scored | The date when the risk was scored. |
| Description | The description of the risk. |
| GapsInAssurances | Any gaps in the assurances associated to the risk. |
| Last Review Date | The date when the risk was last reviewed. |
| Latest comment | The text from the latest comment on the risk. |
| Level of risk | A value defined by your organisation to categorise risks. It can be based on any measures relevant for your organisation, such as risk likelihood, appetite or whether it impact strategic objectives. Typically, these levels might be high, medium, low; or level 1, 2, 3, but it can be anything your organisation decides. |
| Likelihood score | The current likelihood score for the risk. |
| Likely outcome | A comment specifying the likely outcome of a risk. For example, injury to residents or staff, compliance failures, damage to property, etc. |
| Monitoring Committee | The selected monitoring committee for the risk. |
| Next review date | The date when the risk is due to be reviewed next. |
| OrganisationCode | A short code that identifies your organisation, used for data security. |
| Original consequence score | The consequence score of the risk, as set when it was initially created. |
| Original likelihood score | The likelihood score of the risk, as set when it was initially created. |
| Original score | The score of the risk, as set when it was initially created. |
| Overall assurance | The overall level of assurance for this risk, based on how relevant the controls are, if they have been planned or implemented, if they are being monitored, etc. The values for this measure are set by your organisation. |
| Owner | The name of the user owning the risk. This user is responsible for reviewing risk, setting targets and other actions. |
| Reference | A unique code for this risk, made up of letters (defining the risk type) and a number (automatically assigned). |
| Risk appetite | An indication of how important the risk is for your organisation. The possible values are: no appetite, lower, medium and significant. The choice of appetite is typically based on the overall risk score, the strategic objectives it may link to and other key indicators chosen by your organisation. |
| Risk closed date | The date when the risk was closed. |
| Risk response | The main action for the risk, based on risk appetite. For example: treat, put in controls, tolerate, transfer risk to different department, terminate risk. |
| RiskUID | The main, unique number that identifies a risk. A risk is the potential for harm or negative impact that can arise from an organisation's processes, operations, or environment. In the risk tables, you will find measures and options to register, monitor and mitigate risk in your organisation. |
| Scope | Notes whether the risk applies to the whole organisation, a region or a particular location. |
| Scope name | If the scope for this risk is region or location, this is the name of that region or location. |
| ScopeUID | The main, unique number that identifies a scope. |
| Status | The status of the risk. For example: draft, pending, awaiting approval, etc. |
| Strategic Objectives | The objectives associated with the risk. Also referred to as Objectives in the Risk Register. These objectives are set by your organisation and are typically linked to other assurance data such as controls or accountability. |
| Strategic risk | Notes whether a risk impacts strategic measures for the organisation. |
| Target consequence score | The target consequence score for the risk. |
| Target likelihood score | The target likelihood score for the risk. |
| Target met | Notes whether the target has been met for this risk. Targets are defined by the risk owner when creating the risk. |
| Target score | The target score for the risk. |
| Title of risk | The name for the risk. |
| Uncontrolled risk | Notes whether there are controls recorded for the risk. |
Risk tasks
| Term | Description |
| Comment | The content of any comments left by the user who completed or is responsible for a task associated with a risk. |
| Description | The description of the risk task. |
| Id | A number that identifies a task. |
| OrganisationCode | A short code that identifies your organisation, used for data security. |
| Risk Id | A number that identifies the risk that the specified task is associated with. |
| Status | The status of the risk task. For example: closed, overdue, pending and planned. |
| Task owner | The name of the person required to complete the risk task. |
Risk controls
| Term | Description |
| AdequacyStatus | Defines if this control is likely to help mitigate the risk. For example: adequate, not adequate, not applicable (if not defined). |
| AssuranceStatus | Defines the status of the assurances for this risk control. For example: low, medium, high or not applicable. |
| Comment | The content of any comments left by the user who completed or is responsible for a control associated with a risk. |
| CommentDate | If there is a comment for this risk control, this is the date when the comment was made. |
| Control owner | The name of the person owning the risk control. Your organisation defines whether this is the person required to implement the control, or the person responsible for overseeing the implementation. |
Risk tags
| Term | Description |
| OrganisationCode | A short code that identifies your organisation, used for data security. |
| RiskUID | The unique number that identifies the risk, used in this table to link the risk with its tags. |
| Tag | The tags assigned to this risk. Tags are a way of grouping locations, documents or any other data together based on a theme. In reporting, tags can be used to filter data. |
| TagSource | The place where the tag was created: form, location or region. |
| TagType | The type of tag: module, location or region. |