9. Embedding And Monitoring Of Risk Management Flashcards
What does Neher identify as the primary functions of communication in organisations?
Compliance-gaining Leading, motivating and influencing Sense-making Problem-solving and decision-making Conflict management, negotiation and bargaining
What are the three distinct models of communication?
Technical
Contextual
Negotiated
TECHNICAL models of communication note that — can corrupt or dilute a message
Noise
According to the technical model of communication, in what four ways can noise be minimised?
Use language relevant to audience
Keep message simple
Use repetition
Elicit feedback
Contextual models of communication suggest — factors will influence how the message is delivered and understood
Contextual
In the contextual model of communication, what are the main contextual factors?
Internal environment
Wider external factors (such as national culture and global risk climate)
Perceptions of groups and individuals
— models of communication suggest communication is always evolving and adapting in the light of feedback and experience
Negotiated
Communication may be distinguished by the level at which it takes place. What are the three levels?
Micro (interpersonal)
Meso (group, organisational and inter-organisational)
Macro (mass communication)
Give three examples of communication at the micro level
Job descriptions detailing risk management responsibilities
Performance review of risk management
Individual reports to line manager on risk management performance
Give three examples of communication at the meso level
Functional risk registers
Team meetings where risk performance measures reported and assessed
Cross functional risk workshops
Give two examples of communication at the macro level
Annual report detailing risk management performance on internet
Organisation’s risk management strategy and policy on internet
For what three reasons should risk management activities be monitored?
Assess whether risk profile changing
Provide assurance that risk management effective
Identify when further action necessary
In an effective risk management system, monitoring and reporting mechanisms should be part of the organisation’s — —
Routine processes
From what three generic sources can senior management obtain assurance that risk management processes are working effectively?
Routine process within system, process or activity
Non-routine process within system, process or activity
Process independent of system, process or activity
In the risk management process, what should be monitored, reviewed and reported on?
Whether risks still exist
Whether new risks have arisen
Whether likelihood and impact of risks has changed
Whether risk priorities should be adjusted
Whether risk responses are effective
Regular review of the risk management PROCESS
When providing assurance on the effectiveness of the whole risk management system, what activities should be objectively reviewed?
Organisational strategy and objective setting
Risk identification, evaluation and analysis
Setting and communication of risk appetite
Adequacy and effectiveness of risk responses
Accuracy and ease of monitoring
Response to issues shown up by monitoring
Responses to critical incidents and near misses
What are the key objectives of the risk management process?
Identify and prioritise risks arising from strategy and activities
Management and board have determined level of risk acceptable to org
Risk mitigation activities designed and implemented to manage risk down to an acceptable level
Ongoing monitoring activities conducted periodically
Board and management receive periodic reports of results of risk management process
List activities that may be used to provide the necessary evidence for assurance over an organisation’s risk management processes
See ithoughts note CGRM 001
What other terms may be used to refer to a risk “incident”?
Issue
Event
Materialised risk
What term is used to describe the occurrence of unpredicted high-impact incidents?
Black swan events
Organisations should have — — in place in the event that risks to the achievement of key objectives materialise
Contingency plans
Ideally, the organisation should be able to activate its contingency plans — the incident is recognised
Immediately
Since there are often significant costs associated with developing contingency plans, a — - — analysis will need to be undertaken
Cost-benefit
Following a risk event, the organisation should review the elements of the risk and response activity to…
Decide whether further risks should be identified
Decide whether further responses are needed
Decide whether costs would outweigh benefits and no further action should be taken
In risk management, — — refers to the process through which organisations seek to improve the capacity of their members to understand and manage risk
Organisational learning
In organisational learning, at what four levels should learning systems and processes operate?
Individual
Group
Organisational
Inter-organisational
Organisations should aim to — risk management so it becomes part of the organisation’s culture and routine processes
Embed
What eight factors will help an organisation embed risk management?
Top management support Inclusion in organisational policies and processes Common risk management language Identify benefits to all Momentum Clear roles and responsibilities Flexibility Internal audit approach
In what ways can senior management demonstrate support of risk management?
Allocate time at regular meetings to discuss RM
Call on senior managers to make presentations on key risks and responses in their area
Decide on and support risk management policy
Use risk terminology in everyday discussions
Ensure all papers and proposals to them include analysis of key risks and how they will be handled
—, rather than risk management functions, should be responsible for embedding risk management in policies, processes and procedures
Management
To facilitate embedding of risk management, effort needs to be put into demonstrating how risk management will…
Benefit staff personally as well as the organisation as a whole
To facilitate the embedding of risk management, internal audit should…
Adopt a risk based approach to its audit work
List five tools and techniques for embedding risk management
Performance objectives Staff training In-house expertise Risk identification or CRSA workshops Ready made framework
List five benefits of embedding risk management
Less bureaucracy More informed decision making Speedier risk identification Proactivity rather than reactivity Improved change management
List five key success factors that would demonstrate risk management has been successfully embedded
Inclusion in other processes and procedures Part of regular management discussions Regular updates No unexpected risks No unexpected impacts or probabilities
C— is integral to effective risk management
Communication
