13. Risk identification Flashcards
What are the 3 main sources of risk?
- Stakeholders
- Governance
- External events
How do stakeholders give rise to risks
- Counterparty risk
- Litigation risk
- Misalignment of incentives risk
- Adverse selection risk
- Moral hazard risk
- Reputation risk
- Market conduct risk
- Operational risk
- Key person risk
How does governance give rise to risks
- If not sufficient RM process, then absence of sufficient processes is a source of risk
How do external events give rise to risks
- Natural disasters
- Utility failure e.g. loadshedding
- War
- Crime
- Corruption
- Political instability
- Resource
- Pollution
- Climate change
- Demographics
- Changes in tastes
- Foreign affairs
- Technology and economic risks
List some economic sources of risk
- GDP
- Sovereign credit rating
- Unemployment rate
- Interest rate
- Inflation rate
- Balance of trade (export more than import else debt»_space; sovereign rating affected)
- FX rates
- Tax rates
- Foreign investment flows
- Value of commodities
- Business confidence
Outline propertis of emerging risks
- Either new risks or changes in already known risks (or the effectiveness of their controls)
- Subject to high levels of uncertainty and ambiguity
- Difficult to quantify with traditional risk assessment techniques
- Important as could be new opportunity / have major impact on profitabilitt, operations or strategy
Emerging risk trends giving rise to risk management challenges
- Globalisation
- Technology
- Changing market structures
- Restructuring business
What is cyber crime?
- Financial loss, disruption or damage to reputation from some failure of IT systems
Give examples of cyber crime
o Hacking
o Security breaches
o Espionage
o Data theft
o Extortion
o Privacy breaches
o Cyber terrorism
How would you identify and control cyber crime
Identification
* Horizon scanning with experts and external info
Controls
* Strong IT security (e.g. firewalls, malware protection)
* Clear policies and incident management process
* Regular monitoring
* Cyber risk insurance
What is climate change?
- Risk arising from adverse changes in physical environment and secondary impacts in the economy at a regional or global scale
What are the 3 classification effects of climate risk?
o Physical – relates to first-order effects of environmental changes
o Transitional – arises from shift to low carbon economy
o Liability – arises from injured parties wanting compensation
How would you assess climate risk
o Forward looking techniques allowing for constraints and dynamic interactions
List emerging risk
- Cybercrime
- Climate change
- Cloud computing
- Social media
- Fake news
- Legacy systems
- Automation
- Unknown risks
What is the difference between inherent and residual risk
- Inherent risk- risk to org without any risk management actions to change likelihood/impact
- Residual risk – remaining risk after management has taken action to alter likelihood/impact
o May be secondary risk from take another risk response action