5 - Tools and techniques 2: Assessment and measurement of risk

Question 1

If all claims payments must be authorised by the claims manager before being paid, this is an example of what type of risk control?

Answer 1

Preventive

Question 2

When designing a risk register, what way must info be stored?

Answer 2

information must be stored in a way that is easy to extend and change.

Question 3

Is a small charity which relies on local publicity for its fundraising exposed to the risk of closure in the event of damage to its reputation?

Answer 3

Yes

Question 4

A haulage firm has identified an accident rate of 10 per 500 drivers employed per year. Assuming unchanged circumstances, what is the probability of a driver having an accident in the coming year?

Answer 4

0.02.

Question 5

A property rental firm lets out a mill building to a variety of tenants. The building has four floors and is fitted with a sprinkler system throughout. What is the maximum possible loss as a result of fire?

Answer 5

100%.

Question 6

As part of a risk assessment process, an engineering firm has identified the risks faced by the organisation. When categorising these risks, typically the MOST suitable method is by:

Answer 6

events

Question 7

What is the MAIN benefit to an organisation of allocating risks to numerical bandings of probability and impact?

Answer 7

Risks can be compared internally in an objective and consistent manner.

Question 8

What type of risk is NOT covered by the Basel II banking regulations?

Answer 8

Reputational risk.

Question 9

The exposure of an organisation to a particular risk is measured through a combination of:

Answer 9

impact and probability.

Question 10

The process of comparing different risks and presenting them in an order of priority for the use of resources is typically known as risk:

Answer 10

ranking

Question 11

Often there is a time delay between cause and effect of a risk. How does this timescale help us with risk classification?

Answer 11

Risks with long timescales (years) are generally related to strategy, having the
potential to undermine fulfilment of strategic: objectives. Medium-term risks (months) are generally associated with projects, processes, change programmes, acquisitions and the like. Risks with immediate potential to disrupt current operations are clearly operational risks. Long-term risks may relate to opportunity as well as threat.

Question 12

Checklists, worksheets and test schedules are widely used directive controls. Why are they so important?

Answer 12

They are designed to ensure all critical aspects of a task have been properly addressed and completed. Such instructions are particularly important in assembly, maintenance, testing and repairs of components of systems where utmost reliability is essential, e.g. aviation, aerospace, nuclear power, oil and gas exploration.

Question 13

Why are risk categorization systems important?

Answer 13

Risk categorization systems are important because they allow an organisation to consider where similar risks may lie: within and outside its operations. It will also clarify potential for applying generic risk control strategies across similar risks.

Question 14

List the four types of risk that might threaten business survival.

Answer 14

• High monetary value incidences of common risks such as physical damage, fraud or misuse of funds.
• Loss of confidence.
• Credit, solvency and liquidity risks.
• Third party damage.

Question 15

Risk appetite can be reflected in a probability/impact matrix by introducing a tolerance line. What purpose does it serve?

Answer 15

The purpose of a tolerance line is to separate those risks which are acceptable and need no action from those that are not acceptable and require attention.

Question 16

What are the four main types of risk control?

Answer 16

Risk controls can be classified as preventive, corrective, directive and detective.

Question 17

What information does a risk register contain?

Answer 17

A risk register contains various information which an organisation needs to manage risks.

Question 18

Why are financial risk models commonly used for stress testing?

Answer 18

Financial risk models are used because concepts such as profit, solvency and liquidity are mathematically related to sales, costs, liabilities and asset values, so stress tests can explore the effect of variations in individual parameters.

Question 19

What is the objective of producing risk reports?

Answer 19

The objective of risk reports is to provide accurate and concise information in a format that the recipient can understand.

Question 20

It is only when we understand all possible consequences of an incident that we can decide how to manage the …

Answer 20

underlying risk.

Question 21

The purpose of examining threats is to stimulate decisions as to how those threats are to be …

Answer 21

Managed

Question 22

To collect and present a clear picture of risk to assist management decisions we first need to understand and describe risks, both …

Answer 22

both qualitatively and quantitatively. We need
to compare risks so we can rank them in order of importance.

Question 23

We need to quantify the damage that could result if each risk materialised. We also need to estimate how often a particular incident is …

Answer 23

likely to occur.

Question 24

Combining impact and frequency gives us the basis for …

Answer 24

risk comparison and ranking.

Question 25

We first must put risks into categories and then look within each category to determine which risks are important, and which risks can …

Answer 25

Be ignored

Question 26

Risk categorization systems are important because they enable an organisation to …

Answer 26

identify accumulations of similar risks and clarify potential for applying common risk control strategies.

Question 27

We can design our own risk classification system or use one of the …

Answer 27

published industry standard suggestions as a base.

Question 28

Losses or gains due to an incident cannot always be measured simply in …

Answer 28

financial terms.

Question 29

Risks that threaten the survival of the organisation might be allocated a code that ensures they come top of any comparison analysis. The codes could allow for broad categories of assessment, …

Answer 29

such as intolerable, high, medium and low or red, amber and green.

Question 30

Organisations must decide which definition of monetary value is …

Answer 30

best suited to their needs.

Question 31

Losses must be aggregated when a risk results in …

Answer 31

simultaneous multiple incidents of damage.

Question 32

Aggregation of different types of risk can be accomplished by …

Answer 32

defining a generic risk management numerical scale.

Question 33

Correlation must be taken into account in any …

Answer 33

risk assessment.

Question 34

Numerous methods and formulae exist that use historical data to analyze mathematically the …

Answer 34

probability and impact of risk.

Question 35

We cannot always use historical data to predict future trends. If nothing has changed since data was collected then historical records will be a good guide to the future, but …

Answer 35

this is very rarely the case.

Question 36

The prime use of historical data analysis in risk management is to determine …

Answer 36

expected values or ranges of value for particular ongoing risks.

Question 37

The theory of mathematical probability sets out to illustrate …

Answer 37

likelihood or probability as a numerical value. We calculate the likelihood of an incident occurring and present that exposure in mathematical form.

Question 38

Probability vs Frequency

Answer 38

Probability tells us the chance that something might happen in a chosen period of time. Frequency is an expression of how often an event may occur.

Question 39

A risk department may bring probability and impact together by multiplying the two to create …

Answer 39

an overall risk factor indicating the size of the risk. However, this hides the distinction whether the exposure is probability or cost.

Question 40

The process of comparing different risks and presenting them in an order of priority for the use of resources is generally kncwn as

Answer 40

risk ranking.

Question 41

Risk factor indices attempt to standardize risk factors so that different organisations of the same type can compare the risks they carry. For example, …

Answer 41

the Dow Fire and Explosion Index is designed to classify particular hazards that lie within a process in a factory.

Question 42

An organisation can use probability/ impact matrices to illustrate its tolerance to risk. The matrix can be used to separate, graphically, …

Answer 42

those risks that are acceptable and need no action, from those that are not acceptable and require attention.

Question 43

The objective of pictorial representations is to

Answer 43

highlight relative importance of identified risks and show the difference that risk management action can take.

Question 44

There are four categories of risk control

Answer 44

preventive, corrective, directive and detective.

Question 45

Most controls implemented in organisations are preventive controls, which are designed to …

Answer 45

reduce the possibility of undesirable outcomes.

Question 46

Sometimes, complex risks can only be managed by a combination of …

Answer 46

different types of control.

Question 47

A risk register contains …

Answer 47

various information an organisation needs to manage risk.

Question 48

Risk registers can fulfil a dual role, both facilitating practical management of risk and …

Answer 48

helping to instil or consolidate risk management culture into day-to-day operations.

Question 49

A modern risk register might be installed on a web-based distributed relational database, with front end software designed to make it easy for …

Answer 49

managers to review and update risks relating to their area of authority.

Question 50

A risk register is the heart of an organisation’s …

Answer 50

risk management process.

Question 51

Financial risk models are common because concepts, such as profit, solvency and liquidity are mathematically related to …

Answer 51

sales, costs, liabilities and asset values.

Question 52

Establishing the form of a risk register requires

Answer 52

advantages and disadvantages to be considered.