International ERM Glossary

The International ERM Glossary is intended to provide users with a set of definitions that are in common usage around the world by actuaries, regulators and members of the insurance industry. The purpose in developing the glossary is to help provide a common understanding of the terms currently in use, as definitions and meanings have varied over time, and among practitioners. It can also be used as a training and educational tool for regulators.

The glossary can be consulted per letter, organization or grouping.

DISCLAIMER: The content of the International ERM Glossary has been compiled by the Joint ORSA Subcommittee of the Insurance Regulation Committee and the Enterprise and Financial Risk Committee of the IAA. This information has been collated and presented for educational and informational purposes to the members of the IAA and interested parties. The IAA assumes no responsibility for the accuracy, completeness, currency, reliability of the information in the International ERM Glossary or access to any information contained on any of the sources cited in the Glossary. The IAA, its employees and officers shall not be liable for any loss or damage, direct or indirect, which may arise or occur as a result of the use of or reliance upon any of the material in the International ERM Glossary.

Export

Glossary
TermGroupingOrganization or Jurisdiction Defining TermSource of DefinitionDefinition
Enterprise Risk ManagementGeneralCOSOCOSOThe culture, capabilities, and practices, integrated with strategy-setting and its execution, that organizations rely on to manage risk in creating, preserving, and realizing value.E
Enterprise Risk ManagementGeneralIAISIAIS ICP 16The process of identifying, assessing, measuring, monitoring, controlling and mitigating risks.E
Enterprise Risk ManagementGeneralIAISIAIS Supervisory MaterialThe process and activities of identifying, assessing, measuring, monitoring, controlling and mitigating risks in respect of the insurer's enterprise as a whole.E
Enterprise Risk ManagementGeneralInternational Actuarial AssociationIAA - Acturial Aspects of ERM for Insurance CompaniesERM is a continuous process. ERM adopts a holistic view to risk and assesses risk from the perspective of the company's aggregate position as well as from a standalone perspective. ERM is concerned with all risks, including those that are unquantifiable or difficult to quantify. ERM considers uncertainty from both a positive and negative viewpoint. ERM aims to achieve greater value for all stakeholders by assisting in achieving an appropriate risk-reward balance. ERM considers both the short term and the long term aspects of risk.E
Enterprise Risk ManagementGeneralThe European Economic AreaSolvency IINot specifically defined. Insurance and reinsurance undertakings shall have in place an effective risk-management system comprising strategies, pro­cesses and reporting procedures necessary to identify, measure, monitor, manage and report, on a continuous basis the risks, at an individual and at an aggregated level, to which they are or could be exposed, and their interdependencies. (Solvency II Directive art. 45)E
Enterprise Risk ManagementGeneralUnited StatesU.S. ASB TermsThe discipline by which an organization in any industry assesses, controls, exploits, finances, and monitors risks from all sources for the purpose of increasing the organization's short- and long-term value to its stakeholders.E
Framework (ERM Framework)GeneralCOSOCOSOThe five components consisting of (1) Risk Governance and Culture; (2) Risk, Strategy, and Objective-Setting; (3) Risk in Execution; (4) Risk Information, Communication, and Reporting; and (5) Monitoring Enterprise Risk Management Performance.F
Own Risk and Solvency Assessment (ORSA)GeneralIAISIAIS ICP 16The assessment of whether an insurer's risk management and solvency position is currently adequate and is likely to remain so in the future.O
Own Risk and Solvency Assessment (ORSA)GeneralInternational Actuarial AssociationIAA - Acturial Aspects of ERM for Insurance CompaniesA company's assessment of its risks and of the solvency needs associated with those risksO
Own Risk and Solvency Assessment (ORSA)GeneralThe European Economic AreaSolvency IIThat assessment shall include at least the following:(a) the overall solvency needs taking into account the specific risk profile, approved risk tolerance limits and the business strategy of the undertaking, (b) the compliance, on a continuous basis, with the capital requirements, (c) the significance with which the risk profile of the undertaking concerned deviates from the assumptions underlying the Solvency Capital Requirement, calculated with the standard formula or with its partial or full internal model. (Solvency II Directive art. 45.1, text adjusted)O
Own Risk and Solvency Assessment (ORSA)GeneralUnited StatesNAIC ORSA MANUALA component of an insurer's enterprise risk management (ERM) framework, is a confidential internal assessment appropriate to the nature, scale and complexity of an insurer conducted by that insurer of the material and relevant risks identified by the insurer assuciated with an insurer's current business plan and the sufficiency of capital resources to support those risks.O
Risk AppetiteGeneralCOSOCOSOThe types and amount of risk, on a broad level, an organization is willing to accept in pursuit of value.R
Risk AppetiteGeneralFinancial Stability BoardFSB Principles for an Effective Risk AppetiteThe aggregate level and types of risk a financial institution is willing to assume within its risk capacity to achieve its strategic objectives and business plan. R
Risk AppetiteGeneralIAISIAIS Supervisory MaterialThe aggregate level and types of risk an insurer is willing to assume within its risk capacity to achieve its strategic objectives and business plan.R
Risk AppetiteGeneralInternational Actuarial AssociationIAA - Acturial Aspects of ERM for Insurance CompaniesThe level and type of risk that an organization is willing to accept in order to achieve its objectives.R
Risk AppetiteGeneralInternational Actuarial AssociationIAA Deriving Value from ORSAThe level of aggregate risk that a company chooses to take in pursuit of its objectives.R
Risk AppetiteGeneralInternational Risk Management InstituteIRMI TermsThe degree to which an organization's management is willing to accept the uncertainty of loss for a given risk when it has the option to pay a fixed sum to transfer that risk to an insurer.R
Risk AppetiteGeneralUnited StatesNAIC ORSA MANUALDocuments the overall principles that a company follows with respect to risk-taking, given its business strategy, financial soundness objectives and capital resources. Often stated in qualitative terms, a risk appetite defines how an organization weighs strategic decisions and communicates its strategy to key stakeholders with respect to risk-taking. It is designed to enhance management's ability to make informed and effective business decisions while keeping risk exposures within acceptable boundaries.R
Risk AppetiteGeneralUnited StatesU.S. ASB TermsThe level of aggregate risk that an organization chooses to take in pursuit of its objectives.R
Risk Appetite FrameworkGeneralFinancial Stability BoardFSB Principles for an Effective Risk AppetiteThe overall approach, including policies, processes, controls, and systems through which risk appetite is established, communicated, and monitored. It includes a risk appetite statement, risk limits, and an outline of the roles and responsibilities of those overseeing the implementation and monitoring of the RAF. The RAF should consider material risks to the financial institution, as well as to the institution's reputation vis-à-vis policyholders, depositors, investors and customers. The RAF aligns with the institution's strategy R
Risk Appetite StatementGeneralFinancial Stability BoardFSB Principles for an Effective Risk AppetiteThe articulation in written form of the aggregate level and types of risk that a financial institution is willing to accept, or to avoid, in order to achieve its business objectives. It includes qualitative statements as well as quantitative measures expressed relative to earnings, capital, risk measures, liquidity and other relevant measures as appropriate. It should also address more difficult to quantify risks such as reputation and conduct risks as well as money laundering and unethical practices. R
Risk ExposureGeneralThe European Economic AreaSolvency IIThe term is mentioned in de Directive, but has not been defined explicitly.R
Risk ExposureGeneralUnited StatesNAIC ORSA MANUALFor each risk listed in the company's risk profile, the amount the company stands to lose due to that particular risk at a particular time, as indicated by a chosen metric.R
Risk LimitGeneralCOSOCOSOThe maximum amount of risk that an entity is able to absorb in the pursuit of strategy and business objectives.R
Risk LimitGeneralFinancial Stability BoardFSB Principles for an Effective Risk AppetiteQuantitative measures based on forward looking assumptions that allocate the financial institution's aggregate risk appetite statement (e.g. measure of loss or negative events) to business lines, legal entities as relevant, specific risk categories, concentrations, and as appropriate, other levels. R
Risk LimitGeneralIAISIAIS Supervisory MaterialThe level of risk to which the insurer is prepared to be exposed. The risk measure might be a supervisory one or an internal one or a combination of both.R
Risk LimitGeneralInternational Actuarial AssociationIAA - Acturial Aspects of ERM for Insurance CompaniesThe maximum amount of risk that can be underwritten. Risk limits will often be identified for key risk-taking activities such as insurance underwriting and investment.R
Risk LimitGeneralUnited StatesNAIC ORSA MANUALTypically quantitative boundaries that control the amount of risk that a company takes. Risk limits are typically more granular than risk tolerances and may be expressed at various levels of aggregation: by type of risk, category within a type of risk, product or line of business, or some other level of aggregation. Risk limits should be consistent with the company's overall risk tolerance.R
Risk LimitGeneralUnited StatesU.S. ASB TermsA threshold used to monitor the actual risk expousre of a specific unit or units of the organization to ensure that the level of aggregate risk remains within the risk tolerance.R
Risk ProfileGeneralCOSOCOSOA composite view of the risk assumed at a particular level of the entity, or aspect of the business model that positions management to consider the types, severity, and interdependencies of risks, and how they may affect performance relative to its strategy and business objectives.R
Risk ProfileGeneralFinancial Stability BoardFSB Principles for an Effective Risk AppetitePoint in time assessment of the financial institution's gross and, as appropriate, net risk exposures (after taking into account mitigants) aggregated within and across each relevant risk category based on forward looking assumptions. R
Risk ProfileGeneralInternational Actuarial AssociationIAA - Acturial Aspects of ERM for Insurance CompaniesA description of the risk exposures of an organization.R
Risk ProfileGeneralInternational Actuarial AssociationIAA Deriving Value from ORSAThe characteristics of the material and relevant risks to which a company is exposed over a specified period of time.R
Risk ProfileGeneralThe European Economic AreaSolvency IIThe term is used a lot in de Directive, but has not been defined explicitly.R
Risk ProfileGeneralUnited StatesNAIC ORSA MANUALA delineation and description of the material risks to which an organization is exposed.R
Risk ToleranceGeneralIAISIAIS Supervisory MaterialUsed to include the active retention of risk that is appropriate for an insurer in the context of its strategy, financial strength, and the nature, scale and complexity of its business and risks. Risk tolerance is typically a percentage of the absolute risk bearing capacity for an insurer.R
Risk ToleranceGeneralInternational Actuarial AssociationIAA - Acturial Aspects of ERM for Insurance CompaniesA quantitative description of the extent of risk that the company is willing to take in respect of a specific risk.R
Risk ToleranceGeneralInternational Risk Management InstituteIRMI TermsThe willingness of an organization to incur risk to gain future reward.R
Risk ToleranceGeneralThe European Economic AreaSolvency IIThe term risk tolerance limit is used in de Directive itself and Guidelines on the ORSA, but has not been defined explicitly. (Solvency II Directive art. 45 on ORSA)R
Risk ToleranceGeneralUnited StatesNAIC ORSA MANUALThe company's qualitative and quantitative boundaries around risk-taking, consistent with its risk appetite. Qualitative risk tolerances are useful to describe the company's preference for, or aversion to, particular types of risk, particularly for those risks that are difficult to measure. Quantitative risk tolerances are useful to set numerical limits for the amount of risk that a company is willing to take.R
Risk ToleranceGeneralUnited StatesU.S. ASB TermsThe aggregate risk-taking capacity of an organization.R