6. Advisory risk frameworks Flashcards

1
Q

Describe the “Orange Book” on risk management

A
  • Aimed at providing broad-based general advice on principles of RM in public & private sectors
  • Describes risk management process
  • Includes horizon scanning- systematic activity to identify indicators of changes in risk
  • Examines how org’s RM activities relate to wider environment it operates in
  • Developed by UK Treasury
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Outline the principles of RM in the “orange book”

A
  • Importance of linking risks to objectives
  • Distinction between risk and its impact
  • Need to distinguish between inherent and residual risks
  • Prioritisation of risks is more important than quantification
  • Risk appetite must be subdivided into corporate, delegated and project
  • Importance of reviewing and reporting regularly
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Describe the Treasury Board of Canada Risk Managment Framework

A

Description
* Decision-making framework for public-sector employees
Principles
* Importance of establishing a comprehensive understanding of org’s risk profile, appetite and tolerance
* Focus on RMF and integration of RM activities
* Value of continuous and supporting learning environment
* Need to establish “relationship between org and it’s operating environment, revealing interdependence of individual activities and horizontal linkages”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the 4 elements of the Treasury Board of Canada Risk Managment Framework

A

Element 1: Developing corporate risk profile
Element 2: Establishing an Integrated Risk Management Function
Element 3: Practising Integrated Risk Management
Element 4: Ensuring continuous risk management learning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Describe the AS/NZ 4630:2004

A

Description
* Best practice RM Standard published by Standards Australia
Principles
* Detail on risk analysis for non-financial orgs (can be useful for considering operational risk for financial ones)
* Recommends that RM process is formulated into a risk management plan
* Stresses importance of senior management buy-in
* Need for adequate resources allocated to RM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are the elements of the S/NZ 4630:2004

A
  • Establish internal and external context (incl SWOT factors)
  • Identify risks
  • Analyse risks
  • Evaluate risks
  • Treat risks
  • Monitor and review
  • Communicate and consult
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Describe the ISO 3000:2009

A
  • Risk Management Guidance Standard
  • Aims to provide generic guidelines for principles underlying best practice RM instead of specific risks or sectors
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Outline the principles of ISO 3000:2009

A

Risk management:
* Creates and protects value
* Is integral part of all organisational processes
* Part of decision making
* Explicitly addresses uncertainty
* Is systematic, structured and timely
* Based on best available information
* Tailored to specific nature of company
* Takes human and cultural factors into account
* Is dynamic, iterative and responsive to change
* Facilitate continual improvement of organisation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Deacruve Risk Assessment and Management for Projects (RAMP)

A
  • Concerned with capital projects and not ongoing business activities
    Principles/stages
  • RAMP launch
  • Risk identififcation
  • Risk analysis
  • Financial evaluation
  • Risk mitigation
  • Go/no-go decision
  • Risk control
  • RAMP closedown
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are some differences between RAMP and AS/NZ

A

RAMP:
* Has launch and closedown
* Has go/no-go step

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Describe IRM / AIRMIC / Alarm Risk Management Standard

A
  • Proposes methodical approach to RM and structured approach to risk reporting
  • Strong focus on role of a risk management champion, CRO, in an org
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Principles of IRM / AIRMIC / Alarm Risk Management Standard

A

In addition to those in COSO framework
* In-house approach to RM is preferrable
* Internal audit is an important control
* Clarity over roles of stakeholders is important
* Highly structured approach to risk is beneficial

How well did you know this?
1
Not at all
2
3
4
5
Perfectly