2 - The purpose and process of risk management Flashcards
What would be an example of an insurer’s ‘off balance sheet’ asset?
Intellectual property.
A large international organisation has a written policy that states that no more than two board members can travel together by plane. What method of risk treatment is it using?
Non-physical risk control.
Why do large organisations formally document their objectives in a strategic plan?
So that they can be communicated more clearly to employees.
Mass travel is one example of a:
global social risk.
The three KEY stages of the risk management process are:
identification, analysis and control.
The reputational risks of an organisation are MOST influenced by which stakeholder group?
The media.
Having developed a risk management philosophy and recorded this in a formal risk policy document, what is the next step in the risk management process?
Risk identification.
An organisation’s structure for reporting and monitoring risks is called its risk:
architecture
Is failure to continue service delivery is MOST likely to become business critical within minutes for an online travel company whose website goes down?
Yes
A large insurer sells insurance directly to customers through its contact centre. If it has well established and effective risk management processes, the potential benefits to the company are:
quicker recovery in the event of a major fire in the contact centre.
What are the four ways in which an organisation can transfer risk to another party?
Insurance, creating a separate funding mechanism, use of financial instruments and appropriate contract wording.
Why does an organisation need to plan and manage risk management communications?
Planning and management are needed because various stakeholders require information about aspects of the organisation in different formats, if the risk of alienating them is to be avoided or reduced.
If we completely understand a risk and its implications, what can we do
we can take steps to prevent causes, mitigate effects or break a link in the cause, events and effects chain.
Risk management also includes
assessment of risks to decide which risks are worth management attention and to balance risks against corresponding opportunities.
Does risk management processes remain the same even if organizations have different structures?
Yes
Once a risk has been evaluated, how can it’s consequences be classified? (tol)
its consequences can be classified according to whether they can be tolerated, tolerated with financial compensation (insurance), or are totally unacceptable.
Should Benefits and the value of risk management be felt at all levels and within all functions of an organisation.
Yes
What should risk management activities include? The measurement of what?
the measurement of benefits, if possible in financial terms, to justify the use of resources and budgets.
Do Organisations need to specify their objectives and communicate this to employees and stakeholders.
Yes
Strategies and plans show how objectives are to be met. Risks must be considered at this stage to allow stakeholders to form an opinion of the likelihood that anticipated results will be achieved.
True
Risks include anything with potential to threaten …
operations, assets and other responsibilities of an organisation.
Risks arise from a variety of sources - all stakeholders are a source of risk. True?
True
Organisations must protect themselves from damage or loss. This includes
safety of people, safety of assets, revenue and cash flows, legal obligations and delivery of promised goods and services.
Do Organisations need to consider new and emerging risks
Organisations need to consider new and emerging risks
Do International organisations have to manage global and political risks
Yes
Risks with potential global impact can arise from
large-scale economic, environmental, social, technological or political events.
Technology opens up new possibilities, but carries inherent risks, e.g.
data security. Cyber criminals have developed sophisticated tools.
A clear, organisation-wide, risk management philosophy enables individual risk work to …
be done within a framework of long-term objectives and provides an effective
benchmark for local decisions and activity.
A risk policy statement may be restricted to strategic objectives and policies or it may … (method)
go on into detail about methods and actual levels of risk acceptance.
Risks must be formally identified and analysed in terms of their likely …
Frequency and potential impact
Organisations have a number of choices available when setting out to control an unacceptable risk. …
They can retain the risk, reduce the risk down to acceptable levels or transfer the risk to insurers or other parties.
Continuity planning is a process where
an organisation will anticipate an incident and prepares a plan to manage the consequences so that the incident does not threaten the survival of the organisation.
Continuity plans can prepare for a whole range of incidents, such as
computer failure, product recalls, kidnap, terrorism, fire, weather damage, major fraud, aggressive media attention.
Organisations do not stand still and neither do the environments they operate in. Consequently,
all our risk management processes must recognise and plan for change.
Organisations must identify and adopt procedures for regularly updating …
regularly updating information and reviewing assessments and recommendations.
All organisations must adopt some form of quality …
Control
Organisations must establish effective internal controls to satisfy …
stakeholders of their ability to manage risk.
What is the purpose of classifying risks? (tol)
To see whether they can be tolerated, tolerated with financial compensation
(insurance), or are totally unacceptable. This will lead to recommendations for
appropriate management action.
List six benefits of effective risk management.
• compliance with legislation and iregulation;
• improved corporate governance (top management control);
• understanding (and therefore avoiding or reducing) operational risk;
• understanding risks associated with opportunities (and therefore better choices);
• improvements in both internal and external risk reports and communications
(increase in stakeholder satisfac:tion and possible decrease in cost of borrowing);
• avoidance of disasters;
• reduction in frequency of incidents;
• reduced cost of incidents;
• reduced insurance costs;
• increased likelihood of meeting organisation objectives;
• preservation of reputation;
• improved health and safety;
• quicker recovery from emergencies.
When operations are outsourced, what risk question must be asked?
It is crucial to be clear whether risks inherent in the outsourced operation have been transferred or retained.
What issues need consideration to protect an organisation against damage or loss?
• safety of people;
• safety of assets;
• revenue and cash flows;
• legal obligations;
• delivery of promised goods and services.
What are the key elements of the risk management process?
• establish the context;
• identify risks;
• analyse risks;
• evaluate risks;
• treat risks;
• communicate;
• monitor and review.
What are we looking for when we set out to analyse identified risks?
• Could it happen?
• How bad would the loss or damage be?
• How often could it happen?
What choices are available to control unacceptable risks?
• retain the risk;
• reduce the risk down to acceptable levels; or
• transfer the risk to insurers or others.