The process of transferring the decisions on risk response to a more senior stakeholder when the factors involved (e.g., a regulatory compliance risk) are particularly sensitive or critical. For example, enterprise risk strategy might direct that any risk with more than $1 million exposure or risks related to a particularly important business application must be managed at a more senior level.

Source: NISTIR 8286B-upd1 | Category: