Appendix B – Terms and Definitions

Communication and consultation - continual or iterative processes that an organisation conducts to provide, share or obtain information and to engage in dialogue with stakeholders regarding the management of risk

Consequence - outcome of an event affecting objectives

Control - measure to modify risk

Event - occurrence or change of a particular set of circumstances

• Nature, likelihood, and consequence of an event can not be fully knowable.

• An event can be one or more occurrences, and can have several causes.

• Likelihood associated with the event can be determined.

• An event can consist of a non occurrence of one or more circumstances.

• An event with a consequence is sometimes referred to as “incident”.

• An event where no loss occurs may also be referred to as a "near miss", "near hit", "close call" or "dangerous occurrence".

Exposure - extent to which an organisation is subject to an event

External context - external environment in which the organisation seeks to achieve its objectives. External context can include:

• the cultural, political, legal, regulatory, financial, technological, economic, natural and competitive environment, whether international, national, regional or local

• key drivers and trends having impact on the objectives of the organisation

• perceptions and values of external stakeholders.

Frequency - measure of the likelihood of an event expressed as a number of events or outcomes per defined unit of time

Hazard - potential source of harm

Internal context - internal environment in which the organisation seeks to achieve its objectives

Level of risk - magnitude of a risk expressed in terms of the combination of consequences and their likelihood

Likelihood - chance of something happening

• The English term “likelihood” does not have a direct equivalent in some languages; instead the equivalent of the term "probability" is often used. However, in English, “probability” is often narrowly interpreted as a mathematical term. This Guide therefore uses “likelihood“, with the intent that it should have the same broad interpretation as the term “probability“ has in many languages other than English.

Major Hazard Management Plan - (also called Principal Hazard Management Plan) a management plan developed to control major hazards that have the potential for multiple fatalities. They typically include an emergency response component and triggers that require evacuation from the mine.

Monitoring - continual checking, supervising, critically observing or determining the status in order to identify change from the performance level required or expected

Probability - measure of the chance of occurrence expressed as a number between 0 and 1, where 0 is impossibility and 1 is absolute certainty

Residual risk - risk remaining after risk treatments

Resilience - capacity to resist being affected by an event

Review - activity undertaken to determine the suitability, adequacy and effectiveness of the subject matter to achieve established objectives

Risk - effect of uncertainty on objectives

• An effect is a deviation from the expected - positive and/or negative.

• Objectives can have different aspects such as financial, health and safety, and environmental goals and can apply at different levels such as strategic, organisation-wide, project, product, and process.

• Risk is often characterised by reference to potential events, consequences, or a combination of these and how they can affect the achievement of objectives.

• Risk is often expressed in terms of a combination of the consequences of an event or a change in circumstances, and the associated likelihood of occurrence.

Risk acceptance - informed decision to take a particular risk

Risk aggregation - process to combine individual risks to obtain a more complete understanding of risk

Risk analysis - process to comprehend the nature of risk and to determine the level of risk

• Risk analysis provides the basis for risk evaluation and decisions about risk treatment.

Risk appetite - amount and type of risk an organisation is prepared to pursue or take

Risk assessment - overall process of risk identification, risk analysis and risk evaluation

Risk attitude - organisation’s approach to assess and eventually pursue, take or refuse risk

Risk aversion - attitude to turn away from risk

Risk avoidance - decision not to be involved in, or to withdraw from, an activity based on the level of risk

Risk criteria - terms of reference against which the significance of a risk is evaluated

Risk evaluation - process of comparing the results of risk analysis against risk criteria to determine whether the level of risk is acceptable or tolerable

Risk financing - form of risk treatments involving contingent arrangements for the provision of funds to meet the financial consequences should they occur

Risk identification - process of finding, recognising and describing risks

• Risk identification involves the identification of risk sources, events and their causes and their potential consequences.

• Risk identification can involve historical data, theoretical analysis, informed and expert opinions, and stakeholder’s needs.

Risk management - coordinated activities to direct and control an organisation with regard to risk

Risk management audit - systematic, independent and documented process for obtaining evidence and evaluating it objectively to determine the extent to which the risk management framework is adequate and effective

Risk management framework - set of components that provide the foundations and organisational arrangements for designing, implementing, monitoring, reviewing and continually improving risk management processes throughout the organisation

Risk management plan - document within the risk management framework specifying the approach, the management components and resources to be applied to the management of risk

• Management components typically include procedures, practices, assignment of responsibilities and sequence of activities.

• The risk management plan can be applied to a particular product, process and project, and part or whole of the organisation.

Risk management policy - overall intentions and direction of an organisation related to risk management

Risk management process - systematic application of management policies, procedures and practices to the tasks of communicating, consulting, establishing the context, identifying, analysing, evaluating, treating, monitoring and reviewing risk

Risk matrix - tool for ranking and displaying risks by defining ranges for consequence and likelihood

Risk mitigation - measures taken to reduce an undesired consequence

Risk owner - person or entity with the accountability and authority for managing the risk and any associated risk treatments

Risk perception - stakeholder’s view on a risk

Risk profile - description of a set of risks

Risk register - record of information about identified risks

Risk reporting - form of communication intended to address particular internal or external stakeholders to provide information regarding the current state of risk and its management

Risk retention - acceptance of the benefit of gain, or burden of loss, from a particular risk

Risk sharing - form of risk treatments involving the agreed distribution of risk with other parties

• Legal or regulatory requirements can limit, prohibit or mandate risk sharing.

• Risk sharing can be carried out through insurance or other forms of contract.

• Risk sharing can create new risks or modify existing risks.

Risk source - anything which alone or in combination has the intrinsic potential to give rise to risk

Risk tolerance - organisation’s readiness to bear the risk after risk treatments in order to achieve its objectives

Risk treatment - process of developing, selecting and implementing controls

Risk treatment can involve:

• avoiding the risk by deciding not to start or continue with the activity that gives rise to the risk

• seeking an opportunity by deciding to start or continue with an activity likely to create or enhance the risk

• removing the source of the risk

• changing the nature and magnitude of likelihood

• changing the consequences

• sharing the risk with another party or parties

• retaining the risk by choice.

Risk treatments that deal with negative consequences are sometimes referred to as risk mitigation, risk elimination, risk prevention, risk reduction, risk repression and risk correction.

Safety management system - (or safety and health management system) is the collective documentation of safety and risk based information and procedures for safely and effectively managing a mine.

Stakeholder - any person or organisation that can affect, be affected by, or perceive themselves to be affected by a decision or activity

Standard operating procedure - (maybe also be called standard work procedures or standard job instructions depending on the scope) these are typically task level procedures for consistent standardised methods to conducting a task. They are developed from team based risk assessments.

Uncertainty - state, even partial, of deficiency of information related to or understanding or knowledge of an event, its consequence, or likelihood

Vulnerability - intrinsic properties of something that create susceptibility to a source of risk that can lead to a consequence