9. Embedding And Monitoring Of Risk Management

Question 0

What does Neher identify as the primary functions of communication in organisations?

Answer 0

Compliance-gaining
Leading, motivating and influencing
Sense-making
Problem-solving and decision-making
Conflict management, negotiation and bargaining

Question 1

C— is integral to effective risk management

Answer 1

Communication

Question 2

What are the three distinct models of communication?

Answer 2

Technical
Contextual
Negotiated

Question 3

TECHNICAL models of communication note that — can corrupt or dilute a message

Answer 3

Noise

Question 4

According to the technical model of communication, in what four ways can noise be minimised?

Answer 4

Use language relevant to audience
Keep message simple
Use repetition
Elicit feedback

Question 5

Contextual models of communication suggest — factors will influence how the message is delivered and understood

Answer 5

Contextual

Question 6

In the contextual model of communication, what are the main contextual factors?

Answer 6

Internal environment
Wider external factors (such as national culture and global risk climate)
Perceptions of groups and individuals

Question 7

— models of communication suggest communication is always evolving and adapting in the light of feedback and experience

Answer 7

Negotiated

Question 8

Communication may be distinguished by the level at which it takes place. What are the three levels?

Answer 8

Micro (interpersonal)
Meso (group, organisational and inter-organisational)
Macro (mass communication)

Question 9

Give three examples of communication at the micro level

Answer 9

Job descriptions detailing risk management responsibilities
Performance review of risk management
Individual reports to line manager on risk management performance

Question 10

Give three examples of communication at the meso level

Answer 10

Functional risk registers
Team meetings where risk performance measures reported and assessed
Cross functional risk workshops

Question 11

Give two examples of communication at the macro level

Answer 11

Annual report detailing risk management performance on internet
Organisation’s risk management strategy and policy on internet

Question 12

For what three reasons should risk management activities be monitored?

Answer 12

Assess whether risk profile changing
Provide assurance that risk management effective
Identify when further action necessary

Question 13

In an effective risk management system, monitoring and reporting mechanisms should be part of the organisation’s — —

Answer 13

Routine processes

Question 14

From what three generic sources can senior management obtain assurance that risk management processes are working effectively?

Answer 14

Routine process within system, process or activity
Non-routine process within system, process or activity
Process independent of system, process or activity

Question 15

In the risk management process, what should be monitored, reviewed and reported on?

Answer 15

Whether risks still exist
Whether new risks have arisen
Whether likelihood and impact of risks has changed
Whether risk priorities should be adjusted
Whether risk responses are effective
Regular review of the risk management PROCESS

Question 16

When providing assurance on the effectiveness of the whole risk management system, what activities should be objectively reviewed?

Answer 16

Organisational strategy and objective setting
Risk identification, evaluation and analysis
Setting and communication of risk appetite
Adequacy and effectiveness of risk responses
Accuracy and ease of monitoring
Response to issues shown up by monitoring
Responses to critical incidents and near misses

Question 17

What are the key objectives of the risk management process?

Answer 17

Identify and prioritise risks arising from strategy and activities
Management and board have determined level of risk acceptable to org
Risk mitigation activities designed and implemented to manage risk down to an acceptable level
Ongoing monitoring activities conducted periodically
Board and management receive periodic reports of results of risk management process

Question 18

List activities that may be used to provide the necessary evidence for assurance over an organisation’s risk management processes

Answer 18

See ithoughts note CGRM 001

Question 19

What other terms may be used to refer to a risk “incident”?

Answer 19

Issue
Event
Materialised risk

Question 20

What term is used to describe the occurrence of unpredicted high-impact incidents?

Answer 20

Black swan events

Question 21

Organisations should have — — in place in the event that risks to the achievement of key objectives materialise

Answer 21

Contingency plans

Question 22

Ideally, the organisation should be able to activate its contingency plans — the incident is recognised

Answer 22

Immediately

Question 23

Since there are often significant costs associated with developing contingency plans, a — - — analysis will need to be undertaken

Answer 23

Cost-benefit

Question 24

Following a risk event, the organisation should review the elements of the risk and response activity to…

Answer 24

Decide whether further risks should be identified
Decide whether further responses are needed
Decide whether costs would outweigh benefits and no further action should be taken

Question 25

In risk management, — — refers to the process through which organisations seek to improve the capacity of their members to understand and manage risk

Answer 25

Organisational learning

Question 26

In organisational learning, at what four levels should learning systems and processes operate?

Answer 26

Individual
Group
Organisational
Inter-organisational

Question 27

Organisations should aim to — risk management so it becomes part of the organisation’s culture and routine processes

Answer 27

Embed

Question 28

What eight factors will help an organisation embed risk management?

Answer 28

Top management support
Inclusion in organisational policies and processes
Common risk management language
Identify benefits to all
Momentum
Clear roles and responsibilities
Flexibility
Internal audit approach

Question 29

In what ways can senior management demonstrate support of risk management?

Answer 29

Allocate time at regular meetings to discuss RM
Call on senior managers to make presentations on key risks and responses in their area
Decide on and support risk management policy
Use risk terminology in everyday discussions
Ensure all papers and proposals to them include analysis of key risks and how they will be handled

Question 30

—, rather than risk management functions, should be responsible for embedding risk management in policies, processes and procedures

Answer 30

Management

Question 31

To facilitate embedding of risk management, effort needs to be put into demonstrating how risk management will…

Answer 31

Benefit staff personally as well as the organisation as a whole

Question 32

To facilitate the embedding of risk management, internal audit should…

Answer 32

Adopt a risk based approach to its audit work

Question 33

List five tools and techniques for embedding risk management

Answer 33

Performance objectives
Staff training
In-house expertise
Risk identification or CRSA workshops
Ready made framework

Question 34

List five benefits of embedding risk management

Answer 34

Less bureaucracy
More informed decision making
Speedier risk identification
Proactivity rather than reactivity
Improved change management

Question 35

List five key success factors that would demonstrate risk management has been successfully embedded

Answer 35

Inclusion in other processes and procedures
Part of regular management discussions
Regular updates
No unexpected risks
No unexpected impacts or probabilities