4.2 Contents of a risk management framework Flashcards
The ISO distuinguishes between a risk management f________, p_________ and p______. However, this does not mean that these elements are independent
framework, principles and process
At a minimum, a risk management framework for a typical organisation will include mechanisms for:
- i________ of risk
- a__________ of significant of risks
- m_________ to detect changes in risk exposure
- c___________ identified risk exposure
identification
assessment
monitoring
controlling
What four verbs make up the risk management process?
Identifying, assessing, monitoring, controlling
The ISO 31000 standard talks about three core elements of risk management. What are these?
Architecture (Committees, reporting etc.)
Strategy (policies, appetite, etc.)
Protocols (processes and procedures)
An organisation will usually have a risk management policy outlining the following:
- aims and objectives for risk management
- processes, procedures and activities comprising risk management f________
- g_________ arrangements, such as use of a risk committee
- allocation of r______ and responsibilities for risk management.
framework
governance
roles
A large, complex organisation may have m________ risk management policies.
multiple
Dedicated risk management procedures may be used by organisations to control certain types of risk, such as building evaciations, systems r________ or suspicious f____________ transactions.
recovery
financial
Organisations may use technology systems to support their risk assessment. These are known as r____ m__________ i__________ s_______ (RMIS).
risk management information systems
Many organisations use r____ r______ to provide feedback on risk exposure. Reporting may be real time, or monthly, quarterly, etc.
risk reports
What is the name of the statement that outlines the types and levels of risk that an organisation is willing to take in pursuit of its objectives, and the risk is will not tolerate in certain circumstances.
Risk appetite statement
Why are training courses an important element of risk management?
These help explain the importance of risk management for risk management, and the associated benefits. Courses also reinforce the content of policies and procedures.
Risk governance and compliance arrangements exist to ensure compliance with p_______ and p______, as well as laws and regulations imposed by e________ agencies or customers wo have specific requirements (e.g. meeting a certain standard).
policies
procedures
external
Larger organisations will often recruit s__________ staff to support the operation and improvement of risk management.
specialist
Give three examples of a specialist staff member who may support risk management.
Health and safety officer Information security officer Data protection officer Business continuity manager General risk manager Conduct risk manager Auditors Governance professionals
The purpose of which committee is to oversee and coordinate the design and operation of an organisation’s risk management framework?
The risk committee.
