73395
Description
Flashcards by helen_woolford, updated more than 1 year ago
|
Created by helen_woolford
almost 11 years ago
|
|
| Question | Answer |
| What is the IIA definition of risk? | The uncertainty of an event occurring that could impact the achievement of the objectives. Risk is measured in terms of consequences and likelihood |
| In terms of the importance of RM, list some of the ways RM can help to manage an organisation? | Variable cost or availability of raw materials Desire to deliver greater shareholder value Greater transparency required by the org Reputation becomes more and more important |
| In terms of the importance of RM, list some of the ways RM can help to manage changes in the marketplace? | Need to response more rapidly to stakeholder expectations Changing commercial and marketplace environment Rapid changes in consumer product technology Threat of influenza or other pandemics |
| What are the 8R's and 4T's of hazard risk management? | 1. Recognition of risks 2. rating of risks 3. ranking against risk criteria 4. responding to significant risks -tolerate - treat - transfer - terminate 5. resourcing controls 6. reaction planning 7. Reporting on risk 8. reviewing and monitoring |
| How does the RIMS define ERM? | ERM is a strategic business discipline that supports the achievement of an organisation's objectives by addressing the full spectrum of its risks and managing the combined impact of those risks as an interrelated risk portfolio |
| What are the levels of sophistication? | Reform- hazard management Conform- control management Perform- Opportunity management |
| What is considered as the fourth step in RM sophistication? | REGRESS |
| Draw a bow-tie representation for a fire | Left side- source Middle- Event Right side- consequences Preventative controls on left hand side responsive controls on right hand side |
| What is PACED? | PACED are the defined principles for risk management. Proportionate to the level of risk Aligned to other business activities Comprehensive, systematic & structured Embedded within business processes Dynamic, interactive and responsive to change |
| What should risk management deliver? | The output from RM should define what the organisation is seeking to achieve. This relates to CADE3 Compliance with law and regulations Assurance regarding the management of significant risks Decision-making that pay full regard to risk considerations Efficient operations Effective processes Efficacious Strategy |
| What are the several stages of RM process? | - Recognition of risks -Rating of risks -Ranking against risk criteria -Responding to risks -Resourcing controls -Reaction planning -reporting on risk Reviewing and monitoring |
| Name three RM standards which have been produced? | ISO 31000 Institute of Risk Management COSO ERM Framework CoCo (Criteria of Control)Framework |
| What is RASP | Risk Architecture Strategy Protocols What a risk management framework should look like. |
| Explain what the CoCo Framework is | The CoCo evaluates the risk culture of an organisation The CoCo framework provides a quantitative assessment of the control environment so that improvements can be identified. |
| A proactive approach to RM will achieve what for control risks? | Processes will be more effective, because consideration will have been given to selection of the processes and the risks involved in the alternatives that may be available. Also, process changes that are delivered by way of projects will be more effectively and reliably delivered. |
| By taken a proactive approach to RM, what will be achieved in terms of opportunity risks? | Strategy will be more efficacious in that risks associated with different strategic options will be fully analysed and better strategic decisions will be reached. Efficacious refers to the fact that the strategy that will be developed will be fully capable of delivering the required outcomes. |
| Hazard risk management is concerned with what? | Health and safety at work fire prevention damage to property defective products Business dependencies such as IT and other support services |
| What can risks be attached too? | -Corporate objectives & - Key dependencies of the organsation |
| Explain what the Objectives driven approach | Risk attached to corporate objectives |
| A disadvantage of the objective-driven approach? | The danger of this approach is that risks are considered out of the context in which gave rise to them. Risk that are analysed in a way that is separate from the situation that led to them will not be capable of rigorous and informed evaluation. |
| Explain the Dependencies driven approach in terms of attachment of risk? | Risks are attached to the key dependencies of the organisation rather than corporate objectives. This approach allows risks to be analysed in the situation that gave rise to them. A more robust analysis can be achieved when the dependencies driven approach is adopted. Attachment of risks to key dependencies and stakeholder expectations is becoming more common. The use of key dependencies to identify risk can be a straightforward exercise. |
| What is the Risk definition from ISO 31000? | The effect of uncertainty on objectives. Note that objectives can be positive, negative or a deviation from the expected. Also, risk is described by an event, change in circumstances or a consequence |
| An advantages of using the dependency driven approach to risk | The organisation will need to ask what are the features or components of the organisation and its external context that are key to success. This will result in the identification of the strengths, weakness, opportunities and threats facing the organisation. Having identified the key dependencies the organisation can then consider the risks that will impact these dependencies. |
| Explain the relationship between risk and reward | Draw an diagram that represents the maturity cycle of an org. |
| What is the Risk definition from the Institute of Risk Management? | Risk is the combination of the probability of an event and its consequences. Consequences can range from positive to negative. |
| Name the different types of risk and how an organisation should respond this them? | Hazard (pure) - should be mitigated to reduce the chances of disrupting operations and are within the orgs tolerance level Control (uncertainty)- should be managed to reduce the range of possible outcomes. associated with projects Opportunity (speculative)- should be embraced. Often investment in market place or commercial for a positive return. |
| What does I mean if an organisation is considered risk adverse or risk aggressive? | The organisation's attitude to risk, risk adverse is opposing to take more risk than necessary and risk aggressive is wanting to take risk to achieve a positive return. this is related to where an org is in terms of the maturity cycle |
| To understand a risk what is needed for a detailed description so the risk can be understood, identified and ownership/responsibilities may be clearly understood? | - Name or title of risk - Statement of risk -Nature of risk -Stakeholders -Risk attitude, appetite, tolerance or limits for the risk - Likelihood and consequence at the current level -Control standard required or target level - Incident and loss experience - existing control mechanisms and activities -Responsibility for developing risk strategy and policy -potential for risk improvement and level of confidence in existing controls -Risk improvement recommendations and deadlines -Responsibility for implementing improvements - Responsibility for auditing risk compliance |
| What is inherent level of risk? | The level of risk before any control have been put into place |
| Explain risks classified in terms of timescales | Long-term- opportunity risks- strategic decisions Medium term- control risks- project management Short term- hazard risks- operational in nature |
| In terms of risk classification system, what are the three categories? | - Source of the risk -Component impacted -consequences of the risk occuring |
| What are the four P's | Categories of disruption used to assess hazard risk: -People -Premises -Product -Processes |
| If a hazard risk is above the org's tolerance level what should be sought? | Insurance |
| what is control management based on? | Internal control adopted by internal auditors and accountants. the UK Turnbull report |
| How does Risk Management allow hazard risk to be improved? | Operations will become more efficient because events that cause disruption will be identified in advance and action taken to reduce the likelihood of them occurring, reducing the damage caused and containing the cost of the events that can cause disruption to normal efficient production operations |
| When is it not a good idea for an org to take proceed for an opportunity risk? | If the org does not have the risk capacity even if it has the appetite |
| What is the ISO guide 73 and ISO 31000 definition of risk management? | Co-ordinated activities to direct and control an organisation with regards to risk |
| What is the IRM definition of risk management? | Process which aims to help organisations understand, evaluate and take action on all their risks with a view to increasing the probability of success and reducing the likelihood of failure |
Want to create your own Flashcards for free with GoConqr? Learn more.