Risk Exposure

The extent to which an organization is subject to specific risks at a point in time. Risk exposure represents the combination of risk likelihood and impact after considering existing controls (residual risk). In RBPM, exposure is regularly assessed and compared to risk appetite to determine whether the organization is operating within acceptable risk boundaries. The Appetite Alignment Matrix visually displays the relationship between exposure and appetite, highlighting areas of over-exposure or under-exposure that require management attention.