13. Risk identification Flashcards

1
Q

What are the 3 main sources of risk?

A
  • Stakeholders
  • Governance
  • External events
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

How do stakeholders give rise to risks

A
  • Counterparty risk
  • Litigation risk
  • Misalignment of incentives risk
  • Adverse selection risk
  • Moral hazard risk
  • Reputation risk
  • Market conduct risk
  • Operational risk
  • Key person risk
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

How does governance give rise to risks

A
  • If not sufficient RM process, then absence of sufficient processes is a source of risk
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

How do external events give rise to risks

A
  • Natural disasters
  • Utility failure e.g. loadshedding
  • War
  • Crime
  • Corruption
  • Political instability
  • Resource
  • Pollution
  • Climate change
  • Demographics
  • Changes in tastes
  • Foreign affairs
  • Technology and economic risks
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

List some economic sources of risk

A
  • GDP
  • Sovereign credit rating
  • Unemployment rate
  • Interest rate
  • Inflation rate
  • Balance of trade (export more than import else debt&raquo_space; sovereign rating affected)
  • FX rates
  • Tax rates
  • Foreign investment flows
  • Value of commodities
  • Business confidence
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Outline propertis of emerging risks

A
  • Either new risks or changes in already known risks (or the effectiveness of their controls)
  • Subject to high levels of uncertainty and ambiguity
  • Difficult to quantify with traditional risk assessment techniques
  • Important as could be new opportunity / have major impact on profitabilitt, operations or strategy
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Emerging risk trends giving rise to risk management challenges

A
  • Globalisation
  • Technology
  • Changing market structures
  • Restructuring business
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is cyber crime?

A
  • Financial loss, disruption or damage to reputation from some failure of IT systems
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Give examples of cyber crime

A

o Hacking
o Security breaches
o Espionage
o Data theft
o Extortion
o Privacy breaches
o Cyber terrorism

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

How would you identify and control cyber crime

A

Identification
* Horizon scanning with experts and external info

Controls
* Strong IT security (e.g. firewalls, malware protection)
* Clear policies and incident management process
* Regular monitoring
* Cyber risk insurance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is climate change?

A
  • Risk arising from adverse changes in physical environment and secondary impacts in the economy at a regional or global scale
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are the 3 classification effects of climate risk?

A

o Physical – relates to first-order effects of environmental changes
o Transitional – arises from shift to low carbon economy
o Liability – arises from injured parties wanting compensation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

How would you assess climate risk

A

o Forward looking techniques allowing for constraints and dynamic interactions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

List emerging risk

A
  • Cybercrime
  • Climate change
  • Cloud computing
  • Social media
  • Fake news
  • Legacy systems
  • Automation
  • Unknown risks
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is the difference between inherent and residual risk

A
  • Inherent risk- risk to org without any risk management actions to change likelihood/impact
  • Residual risk – remaining risk after management has taken action to alter likelihood/impact
    o May be secondary risk from take another risk response action
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A.I.A.E.U.R

Outline the risk identification process

A
  1. Analyse business operations and wider environment. Ensuring clear business objectives
  2. Identify key business risks in structured way
  3. Obtain agreement on risks faced, relationships between them and accountabilities of each risk and its management
  4. Evaluate risks in terms of probability, severity and interdependency, gross and net of existing controls
  5. Produce / update risk register, prioritising top risks for further analyses, quantification and risk mitigation
  6. Review risk register regularly, especially during times of change. (Ideally integrate assessments into everyday business operations)
17
Q

idea generation tools to identify risks

Give examples of risk identification tools

A
  • SWOT
  • Risk checklist
  • Case studies
  • Risk prompts lists
  • Process analysis
  • Risk taxonomy
  • Horizon scanning
18
Q

techniques to implement tools

Give examples of risk identification techniques

A
  • Brainstorming
  • Surveys
  • Delphi meetings
  • Interviews
  • Working groups
  • Gap analysis
19
Q

What is a risk register

A

Document detailing all risks faced by company

20
Q

List the desired features of a risk register

A
  • Risk numbering system
  • Risk categories for each risk- must accommodate risks that fall in different categories
  • Risk description
  • Risk source
  • Risk assessment
    o Frequency
    o Severity
    o Duration
    o Correlation
  • Risk management
    o Prioritation
    o Risk control
    o Risk response
    o Risk costs
    o Residual risks
    o Who is responsible?
  • Risk monitoring
    o Effectiveness of risk control cycle
    o Risk occurrence
    o Risk damage
    o Risk concerns
21
Q

What is a risk map?

A

illustrates effect risk may have on company by ranking risk exposures by severity on x-axis and probability on y-axis.
o May also help show results of how effective risk control is by mapping inherent and residual risks

22
Q

What is a heat map

A
  • Heat map plots severity against control effectiveness rating
23
Q

What is the problem of bias?

A

when risks are not identified, assessed or reported in a true and honest way

24
Q

Give examples of bias

A
  • Overconfidence
  • Anchoring
  • Representative heuristic
25
Q

How can you reduce bias?

A
  • Incorporating checks and balances into risk identification and assessment process, e.g.
     Independent review
     Referencing similar projects
  • Introducing optimism bias, where capital cost is increased by % based on past cost over-runs