The following are key terms and definitions often used in enterprise risk management.

Risk Champion

A risk champion is the executive-level leader who provides oversight and guidance within a specific risk area. The role of the risk champion is to support risk owners in the execution of proposed risk mitigation strategies. The risk champion should be an individual with the authority to intervene when risk management efforts are being hampered.

Risk Owner

A risk owner is the individual who is ultimately accountable for the management and mitigation of an enterprise risk. With the assistance of the Ethics and Compliance Office, risk owners develop and implement strategies to address concerns raised within a specific risk area. Risk owners serve as the point of contact for the Ethics and Compliance Office in measuring and monitoring the effectiveness of a risk mitigation strategy.

Subject Matter Expert

A subject matter expert (SME) is an individual with specialized skills and/or knowledge in relation to the risk area. The job duties of the SME need not be specific to the risk area; however, the responsibilities and expertise of this individual should provide vital input regarding the assessment, existing controls and potential mitigation strategies.


The likelihood is a numeric rating of how likely the risk is to occur with existing controls.


Impact is the numeric rating of the financial, operational or reputational severity that results from a risk event occurring with existing controls.


Any action, process or procedure intended to reduce the likelihood or impact of risk.

Heat Map

A visual representation of each risk’s likelihood and severity scores.