Compliance, risk and governance

This glossary contains definitions related to compliance. Some definitions explain the meaning of words used in compliance regulations. Other definitions are related to the strategies that compliance officers use to mitigate risk and create a manageable compliance infrastructure.
  • What is risk exposure in business? - Risk exposure is the quantified potential loss from currently underway or planned business activities.
  • What is risk management? Importance, benefits and guide - Risk management is the process of identifying, assessing and controlling threats to an organization's capital, earnings and operations.
  • What is risk mitigation? Strategies, plan and best practices - Risk mitigation is a strategy to prepare for and lessen the effects of threats faced by a business.
  • What is risk reporting? - Risk reporting is a method of identifying risks tied to or potentially impacting an organization's business processes.
  • What is root cause analysis? - Root cause analysis (RCA) is a method for understanding the underlying cause of an observed or experienced incident.
  • What is segregation of duties (SoD)? - Segregation of duties (SoD) is an internal control mechanism designed to prevent errors and fraud by ensuring at least two individuals are responsible for the separate parts of any task.
  • What is sustainability risk management (SRM)? - Sustainability risk management (SRM) is a business strategy that aligns profit goals with a company's environmental, social and governance (ESG) policies.
  • What is the Cybersecurity Information Sharing Act (CISA)? - The Cybersecurity Information Sharing Act (CISA) allows United States government agencies and non-government entities to share information with each other as they investigate cyberattacks.
  • What is the Digital Operational Resilience Act (DORA)? - The Digital Operational Resilience Act (DORA) is a European Union regulation designed to enhance cybersecurity and ensure functional continuity of the financial sector, employing rigorous information and communications technology (ICT) standards across all EU financial entities.
  • What is the Driver's Privacy Protection Act (DPPA)? - The Driver's Privacy Protection Act (DPPA) is a United States federal law designed to protect the personally identifiable information of licensed drivers from improper use or disclosure.
  • What is the Gramm-Leach-Bliley Act (GLBA)? - The Gramm-Leach-Bliley Act (GLB Act or GLBA), also known as the Financial Modernization Act of 1999, is a federal law enacted in the United States to control the ways financial institutions deal with the private information of individuals.
  • What is the Sarbanes-Oxley Act? Definition and summary - The Sarbanes-Oxley Act of 2002 (SOX) is a federal law that established sweeping auditing and financial regulations for public companies.
  • What is the triple bottom line (TBL)? - The triple bottom line (TBL) is a sustainability-based accounting framework that includes social, environmental and financial factors as bottom-line categories.
  • What is threat modeling? - Threat modeling is the systematic process of identifying threats to and vulnerabilities in software applications, and then defining countermeasures to mitigate those threats and vulnerabilities to better protect business processes, networks, systems and data.
  • Whistleblower Protection Act - The Whistleblower Protection Act of 1989 is a law that protects federal government employees in the United States from retaliatory action for voluntarily disclosing information about dishonest or illegal activities occurring in a government organization.