A whitepaper published by Protiviti explores five categories the board may want to consider in determining whether to adopt a risk language specific to the organization for risk oversight. The five categories include:

  1. Governance risks – Risks related to the boards’ decisions concerning leadership and structure.
  2. Critical enterprise risks – The top risks that threaten the company’s strategy or viability of its business model.
  3. Board-approved risks – Risks related to decisions the board must make in regard to strategic initiatives, such as acquisitions, divestitures, major investments, or new product lines.
  4. Business management risks – Risks associated to day-to-day business activities.
  1. Emerging risks – External risks outside of the categories (1) through (4).

The risk categories listed above can be useful for the board to consider in ensuring the scope of risk oversight is adequately complete.