13.2 Common applications of risk management practice

Question 1

What are the four risk management disciplines discussed in chapter 13?

Answer 1

Operational risk management
Cyber risk management
Project risk management
Supply chain risk management

Question 2

Where specialists exist for risk sub-disciplines, care must be taken to avoid a s___-based approach to risk management.

Answer 2

silo

Question 3

What is one method for avoiding a silo approach to risk management?

Answer 3

Enterprise Risk Management

Question 4

List three possible adverse affects caused by a loss event.

Answer 4

Increased costs, e.g. replacing machinery
Loss of operational efficiency
Business interruption
Customer complaints
Reputations damage
Compliance breaches

Question 5

What is the purpose of operations risk management?

Answer 5

To reduce the probability and impact of operations related loss events.

Question 6

What type of risk is an organisation exposed to when it uses IT equipment, especially the internet?

Answer 6

Cyber risk

Question 7

What is the term for the practice of assuring that an organisation’s information and technical resources are secure, only accessible to authorised personnel, used only for the intended purposes and are complete and intact?

Answer 7

Information Assurance (IA)

Question 8

Information Assurance is broken down into distinct areas:

I\_\_\_\_\_\_\_\_
Availability
Authenticity
Non-R\_\_\_\_\_\_\_\_\_\_
C\_\_\_\_\_\_\_\_\_\_

Answer 8

Integrity
Non-repudiation
Confidentiality

Question 9

How has cyber risk evolved in recent years?

Answer 9

Cyber risk used to be primarily about protecting information, but is increasingly concerned with how employees communicate online.

Question 10

What are the five types of cyber controls listed by Ashby?

Hint - TPPPL

Answer 10

Technical controls
Physical controls
Procedural controls
People controls
Legal controls

Question 11

Ward provides a 9 step process for managing risk within projects:

1 D_____ - scope of the project
2 Focus - agreed risk management objectives
3 I______ - risks and opportunities
4 Structure - according to type, severity
5 O________ - assigns risks to owners
6 Estimate - continue to estimate risk exposure
7 E_______ - project risk management
8 Plan - project/risk management plans
9 M______ - control project through its lifetime

Answer 11

Define
Identify
Ownership
Evaluate
Manage

Question 12

What is the name of the formal methodology for managing projects, including the risks associated with projects?

Answer 12

PRINCE2 - PRojects IN Controlled Environments

Question 13

Within the PRINCE2 approach, risks are captured in i____ registers and q______ registers.

Answer 13

issue

quality

Question 14

What is a supply chain?

Answer 14

A network of organisations and people that work together to produce a good or service.

Question 15

Give 2 examples of supply chain loss events.

Answer 15

Upstream suppliers late delivering (or don’t deliver)
Reputation events, such as issues with slavery
Cost of upstream supplies increases unexpectedly
Payment and other legal disputes
Environmental risks due to pollution

Question 16

Give two examples of CAUSES of supply chain loss events.

Answer 16

Banktruptcy of an upstream supplier
Change in specification of an order not yet fulfilled
Cyber risks such as hacking
Financial risks affecting costs and prices
Human error
Socio-political factors such as importing
Weather events such as flooding

Question 17

Why is it importantthat governance and compliance arrangements upstream and downstream work within the supply chain?

Answer 17

To avoid contagion risk and supply chain disruption

Question 18

How did Toyota avoid disaster when a key brake supplier halted production following a fire?

Answer 18

By rescuing equipment and otsourcing to another supplier at short notice.