COMPEL Glossary / risk-taxonomy
Risk Taxonomy
A risk taxonomy is a structured classification system that organizes AI-specific risks into categories with defined severity levels, likelihood assessments, and mitigation strategies.
What this means in practice
The COMPEL risk taxonomy covers six major categories: technical risk (model performance, infrastructure failure), ethical risk (bias, fairness violations), legal risk (regulatory non-compliance, liability), operational risk (system failures, data pipeline breaks), strategic risk (competitive disadvantage, misaligned investment), and reputational risk (public trust erosion, brand damage). The taxonomy translates the Risk Appetite Statement from strategic intent into operational risk management, enabling consistent risk assessment across all AI initiatives. It must accommodate the novel risk categories that agentic AI systems introduce, including autonomous decision authority, tool misuse, and emergent behavior.
Why it matters
A structured risk taxonomy provides a shared vocabulary for identifying, discussing, and governing AI risks consistently across the organization. Without it, different teams assess the same risks differently, governance gaps emerge, and communication about risk becomes imprecise. The taxonomy must cover technical, ethical, legal, operational, strategic, and reputational risks, including the novel categories that agentic AI introduces.
How COMPEL uses it
COMPEL's risk taxonomy covers six major categories and translates the Risk Appetite Statement into operational risk management during the Model stage. The Governance pillar uses the taxonomy for consistent risk assessment across all AI initiatives. The Agent Governance layer extends the taxonomy with agentic-specific categories. The Evaluate stage uses taxonomy-consistent metrics for portfolio-level risk reporting to the steering committee.
Related articles in the Body of Knowledge
Related Terms
Other glossary terms mentioned in this entry's definition and context.