One of the most profound ways to change the way people interact with something is to change the way people talk about it. Similarly, the way we talk about risk or compliance in our organization has a major effect on the way risk and compliance are treated throughout the organization. This is a common challenge in risk management that can result in communication mishaps and can or undetected risks. Using words that are vague can give people the wrong idea about risks.

The Danger of Vague Terminology

The problem with using words that can mean different things to different people, in risk management it results in different perception of risks. Let’s take a scenario if a board member asks from risk manager how likely is there to be a data breach in the next year, the risk manager can respond in any of these terms:

  • There may be a data breach
  • A data breach is possible
  • There will probably be a data breach
  • There is a possibility of a data breach happening
  • There are some chances a data breach may happen

Complimentary Webinar - Identify Critical Gaps in Your Risk and Controls While Fast Tracking Risk Management with 360factors and Crowe, LLP: ABA Endorsed Solution Providers

There are many more possible answers which will mean roughly the same thing. The problem is that the meaning of any of these phrases – possible, probably, possibly, changes, maybe – is not set in stone. To one manager this answer may sound like it is a warning that a data breach will definitely happen. Some may perceive it is a non-committal answer and while there are chances of there being a data breach, those chances are still low and thus the managers do not have to worry about a data breach too much.

Creating Common Risk Definitions

If an organization wants all of its employees to manage risks properly then it is important to create standardized risk definitions that help communicate the exact severity of each risk without any vagueness. The simplest way to make it easier for everyone to understand the same thing is to assign terms to different levels of risks. The terms can look like this:

risk definitions

Reimagine the conversation that happened between the board member and the risk manager in the beginning but in an organization where the terms are predetermined to mean a severity. Now if the risk manager is asked how likely a data breach is, and they reply that there is a fair probability there will be a data breach everyone will know that there is around a 30% chance of a data breach happening. Or, similarly, if the risk manager replied that a data breach is likely to happen within the 6 months under the current conditions, everyone will understand that they immediately need to improve their cybersecurity processes to lower the risk of a breach happening.

It is important to create standardized risk definitions that help communicate the exact severity of each type of risk without any vagueness. Click To Tweet

How Technology Helps in Creating Common Risk Standards

Modern risk management solutions are also a great help for organizations that want to ensure the same risk definitions and standards are used throughout the organization. When the whole organization uses the same risk management platform to manage risks, the platform will weigh all the risks equally and will also provide the same answer to everyone depending on the severity of the risk. The inherent vagueness of natural language does not exist in computer systems. If a risk management system says that there is a high chance of something happening, everyone using the system will know exactly how severe the risk is.

Risk management platforms also helped standardize the names of different risks. This is especially important because sometimes the same risk may be tracked by two different partners under different names. Does this common in organizations where the people in different departments have completely different specializations and may use different words for the same items. A risk management platform brings the whole organization on one page regarding risks. In doing so, not only does the risk management platform make risks more visible, but they also make risks easier to understand for the whole organization.

Risk management platforms are now one step ahead of just creating risk definitions – they also allow businesses to import an entire risk library from another source. Businesses can import a risk library into their risk management framework which will ultimately add all the risks and checklists to the risk management framework of the organization. This allows businesses to instantly improve the way they manage risks by allowing them to assess and detect more risks easily.


Enterprise Risk Management Software

Interested in seeing how your organization can use a risk management platform to standardize risk definitions? Get in touch with our risk management experts for a demonstration of Predict360.