Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CIPS - Chartered Institute of Procurement and Supply > AD2 - Managing Risks in Supply Chains > Flashcards

AD2 - Managing Risks in Supply Chains Flashcards

1
Q

What is a risk?

A

Uncertainty around events and there outcomes which may effect, enhance or inhibit:

  1. Operational performance
  2. Achievement or aims or objectives
  3. Meeting stakeholders expectations
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What elements are involved in risk management?

A
  1. Hazards
  2. Uncertainty
  3. Exposure
  4. Risk assessment
  5. Risk mitigation
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Define “hazard”

A

A source of potential harm or damage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Define “uncertainty”

A

A situation in which an event might happen but there is limited information about the probability of the event occurring

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Define “exposure”

A

The impact on the business of a risk occuring

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Define “risk assessment”

A

The overall process of hazard identification, risk estimation and risk evaluation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Define “risk mitigation”

A

All actions which can prevent the risk from occurring or reducing the impact, costs or likelihood of such risk. (usually targeted around reducing the impact)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

An organisation or persons desire to take risks in order to achieve benefits is often called their risk appetite. What different levels of risk appetite are there?

A
  1. Risk Averse - are uncomfortable with uncertainty and seek security and resolutions where faced with risks.
  2. Risk Tolerant - are comfortable with most uncertainty.
  3. Risk Seeking - are not afraid to take action and have a casual approach towards threats.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

If a risk occurs, what two types of loss can it cause?

A

Direct Loss - the cost of putting right or sourcing elsewhere

Consequential Loss - the finished products failed as a result of a quality defect causing loss of revenue, warrants claims or damaged reputation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What different types of loss are there (created by hazards)?

A
  • Financial
  • Distributional (loss of customers)
  • Environmental
  • Reputational
  • Safety
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What causes of internal risks are there?

A
  • Health & Safety (Unsafe working practices)
  • Management Control (Unsuitable supervision)
  • Human Resources (Poor recruitment processes)
  • Procurement (Low quality supplier selected)
  • Project Management (Failure to meet milestones)
  • Individual (Fraud / theft)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

How can you prioritise risk?

A

Score each risk using:

Risk Score = Impact * Likelihood

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What should you do with high priority risks?

A

Risk Manager - Assign an owner who is best placed to mitigate the risks

Risk Plan - Create a plan for managing the risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What categories of risk likelihood can be used to prioritise risks?

A

1 - Very Unlikely
2 - Improbably
3 - Quite probable
4 - Very probable

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What categories of risk impact can be used to prioritise risks?

A

1 - Insignificant
2 - Minor
3 - Serious
4 - Catastrophic

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What should be in a risk plan?

A
  • Risk Minimisation: Anything that can be done to reduce the probability (and what it might cost)
  • Risk Mitigation: Anything which can be done to reduce the impact (and what it might cost)
  • Risk Prioritisation: How important is it and what benefits will it bring?
  • Risk Avoidance: Are there any alternatives and how great is the risk associated with alternatives?
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is a risk register used for?

A
  • Documenting the results of the risk assessment process (identification and mitigation strategy). It captures all assessments and decisions of risks which have been identified.
  • Sharing information with stakeholders.
  • Seeking and acting on feedback
  • Systematically recording risk information in one place
  • Provides a resource for risk monitoring, management and review
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What headings might be in a risk register table?

A 
Risk title
Risk probability
Risk Impact
Risk score
Risk Owner
Summary of mitigation actions
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What is a RMAP and what is it used for?

A

A risk management action plan which is used for providing details beyond what can fit into the risk register.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

How should an organisation handle risk?

A
  • Create a risk policy identifying ways to reduce risks to levels in line with the organisations risk appetite
  • Assign clear responsibility and authority to certain staff to manage risks
  • Set up governance rules in the area
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Risk management is a continuous process known as the risk cycle. What steps are in the risk cycle?

A
  1. Identify risk
  2. Assess and prioritise
  3. Plan actions
  4. Take actions
  5. Monitor, report and adjust
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What 4 methods are there for addressing risk?

A
  1. Transfer (dual-sourcing, insurance)
  2. Terminate (end project)
  3. Tolerate (not allocating resources to)
  4. Treat (reduce impact and/or likelihood)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What steps are involved in risk mitigation?

A
  1. Identifying the resources required
  2. Allocate responsibilities for managing the risk
  3. Develop action plans
  4. Obtain management / stakeholder approval for the plan
  5. Implementing the plan
  6. Monitoring the risk
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What is the British standard around risk management? What does it recommend?

A

ISO 31000: 2009 - Organisations should have a framework that integrates risk management into the organisations overall governance, strategy and planning, management, reporting processes, policies, values and culture.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
What steps are in the ISO31000 risk process and what do they entail?
1. Establish the context (Objectives, stakeholders, criteria, define key elements) 2. Identify the risks (What can happen? How can it happen?) 3. Analyse the risks (Review controls, likelihoods, impacts, level of risks) 4. Evaluate risks (Evaluate risks, rank risks) 5. Treat the risks (Identify options, Select the best responses, develop risk treatment plans)
26
What key principles are listed as essential qualities for risk management to be effective in ISO 31000?
Risk Management: - Creates value - Is an integral part of organisational processes - Is part of decision-making: helping managers make better decisions - Explicitly addresses uncertainty - Is systematic, structured and timely - Is based on the best available information - Is tailored to each unique organisation - Takes human and cultural factors into account - Is transparent and inclusive - Is dynamic, iterative and responsive to change - Facilitates continual improvement
27
What elements are in the framework that ISO 31000 puts around the risk process?
1. Mandate and commitment 2. Design of framework to manage risk 3. Implementing risk management 4. Monitoring and review 5. Continual improvement
28
What is meant by “Mandate and commitment” from the ISO 31000 risk framework?
The risk management process must be mandated from the board and management
29
What is meant by “Design of framework to manage risk” from the ISO 31000 risk framework?
Implementation needs a framework which formulates a risk management policy, embeds processes into practice, assigns resource, determines responsibilities and planning for periodic communication and reporting to stakeholders
30
What is meant by “implementing risk management” from the ISO 31000 risk framework?
This involves communicating and training to ensure the risk management process is understood by risk owners; risk assessments to ensure that risk management activities actually take place; and ensuring that decisions and business processes factor in risk thinking.
31
What is meant by “monitoring and review” from the ISO 31000 risk framework?
This is checking the planned risk management elements are working in line with expectations. If not, identifying and dealing with shortfalls.
32
What is meant by “continual improvement” from the ISO 31000 risk framework?
Continual fine tuning and improving the process over time.
33
What should be considered when deciding how to deploy resource on risk management?
- What are the estimated costs of developing and maintaining risk management? - What are the quantifiable and qualitative benefits of risk management, along with the estimated costs of not implementing risk management systems. - Management time - how much management time is available? - Risk management skills - the skills available, potential and existing risk managers? - Monitoring and control information - the availability of existing monitoring and control information.
34
What resources are required to deliver effective risk management?
- Human resources - people, management, audit teams - Technology resources - automatic alarms, automation of dangerous tasks - Physical resources - safe plant, machinery, vehicles, safety equipment - Good information
35
Contracts sometimes fail due to a party failing to meet the expectations of another party when placing the contract. What methods are there for establishing a legally binding contract?
- In Writing - Orally - Through Behaviour
36
What two reasons are there for contractual problems arising?
Contract related (did we agree, what terms were agreed etc) Performance related (quality issues or late delivery)
37
A major occurrence of risk is financial risk. How can these be categorised and what examples can be given?
Internal: poor cost control leading to excessive costs, weak financial controls leading to fraud, high prices being paid due to poor research, poor returns on capital investments External: macro-economic factors such as recession leading to low demand, fluctuating exchange rates, fluctuating commodity prices, supplier cash flow issues, supplier insolvency
38
One test for financial strength is the Springate model. What is this model?
Four financial ratios: A: Working capital / Total assets, Working capital is current assets - current liabilities B: Net profit before interest and tax / Total assets C: Net profit before tax / Current liabilities D: Sales / Total assets These 4 ratios can be used to create an Indicator of financial strength: Z Z = 1.03A + 3.07B + 0.66C + 0.4D The higher the financial score the better. Anything below 0.862 is classed as failed and you are advised not to do business with them as financial risk is too high.
39
Quality failures can result in both reputational damage to your organisation as well as direct financial costs. How can they be categorised?
External failure: poor quality delivery items supplied by your suppliers Internal failure: problems created within your own organisation
40
How can you prevent external quality failures?
Work with supplier to improve design (designing quality in) Working better with suppliers to help them develop better production processes (better quality management) Ensuring suppliers check every component supplied and reject any non-conforming items.
41
How can you prevent internal quality failures?
- Putting in place 100% inspection - Testing in-bound products on a sampling basis - Re-designing products and processes to make it easier to produce quality - Developing organisational culture by using - - TQM (Total Quality Management). The organisation wide quality improvement.
42
What legislation is there around product safety relating to product liability and what is contained within it?
In Europe, the revised directive on general product safety which standardises product liability throughout the EU. - The directive applies only to consumer products and obliges producers only to sell safe products. - When the manufacturer is based out of the EU, this obligation applies to the EU representative or the importer. - Producers must also inform consumers of the risks associated with products they supply. - Producers must take measures to be informed of the risks posed by products they supply and take appropriate action to prevent the risks. - They must be able to trace products identified as dangerous. - Obligations apply to manufacturers and any professional in the supply chain who affects the safety characteristics of a product
43
Supply Risks are risks arising from suppliers who are unable to supply or supplying goods of inadequate quality. What different ways might supply risks arise?
- Poor Procurement Practices (Allowing weak suppliers to be selected) - Poor Contract Management (Allowing suppliers to become complacent) - Disruption to Deliveries (Weather, congestion, political instability, industrial action) - Unforeseen Increases in Demand (Which suppliers then can’t meet) - Disasters (Flood, fire, explosion affecting production)
44
If as part of your contract management you notice a drop in performance or service and this may be because of financial health, you need to develop a contingency plan. What options are there?
- Re-design (So you no longer need to use the supplier) - Dual-sourcing (Can you quickly transfer some business to another supplier?) - Alternative sourcing (Can you change supplier at a later date?) - Acquisition (Can you take on the failing suppliers responsibilities)
45
Another risk is the risk associated with technology such as losing or stolen hardware. What can be done to prevent theft or loss of hardware?
- Physical locking (Padlock pc’s to desks) - Security labelling (Non-removable labels making it less saleable) - Displays warning (notes on the hardware such as “the operating system is encrypted”, “this system contains traceable radio bleeps”, “this computer is registered on a national database”)
46
How can you prevent cyber crime such as hacking of data stored on technology?
- Always use a firewall - Use anti-virus software - Restrict access using different passwords for confidential information - Keep some computers off the network - Use a standalone PC for confidential information - Limit the number of attempts at a password
47
In the contexts of technology risks, what ISO should organisations consider? What is contained in the ISO?
ISO 27001 which specifies the requirements for establishing, operating and improving a documented information security management system. The ISO is designed for: - Ensure security risks are cost-effectively managed - As a process framework to ensure security objectives can be met - To enable managers to determine the status of information security - To provide information about Information security
48
What does outsourcing mean?
Transferring to a third party, under contract, the responsibility for activities which used to be performed internally.
49
What does offshoring mean?
Outsourcing business processes to a lower cost location, in a different country. Additional risk management must be considered when offshoring.
50
Outsourcing carries risk. There is a chance that you may be tied into a supplier who starts escalating costs or doesn’t understand your business. What things should be considered before outsourcing?
- What makes the external provider more responsive to needs that an internal department? - Is the market changing and will the best providers be different? - Are we doing this to save money? will it definitely be cheaper? - Can expertise be gained by external providers?
51
What additional risks are associated with off-shoring?
- Transport and logistics (Further locations to deliver from) - Reputational and compliance (Arise from cultural, legal or linguistic differences e.g. lower H&S standards) - Exploitation (Workers may be exposed to exploitation and this will affect reputation) - Misunderstandings (Language, cultural and time zone difficulties increase the chance)
52
Define fraud.
An act of deliberate deception, with the intention of gaining benefit
53
What are the two main types of corporate fraud?
Diversion of assets - into the fraudsters possession Misrepresentation - of the financial position of a business in order to mislead stakeholders, taxation or regulatory authorities.
54
What methods might fraudsters use to divert an organisations assets?
- Theft - employees with the opportunity to steal physical property - Misuse of assets - for example selling information for personal gain - Invoice scams - fake invoices suggesting payment is due. They may threaten further action or that non payment will affect credit rating. - Payment fraud - any fraud which involves falsely creating or diverting payments - Procurement fraud - not following tendering processes or offering higher payments and sharing profits - Payroll fraud - falsifying timesheet for overtime payments - Office supply scams - tricked into over ordering equipment by claiming an order hasn’t gone through.
55
What are the 4 main conditions required for fraud to be committed?
1. They must have motive 2. There must be something worth stealing 3. There must be opportunity for them to remove the assets and derive gain 4. There must be a failure of control or fraud risk management
56
What mechanisms are there for preventing fraud?
- Strong internal controls - Effective budgeting and monitoring of procurement spend - Controls over individual financial authority levels - Authorisation for procurement or expenditure - Rigour in checking transactions - Clear audit trails - Segregation of procurement duties - Controls over preferred suppliers / single sourcing deals - Use of e-procurement tools (reduce human involvement) - Use physical security measures - Internally audit procurement processes, decisions and controls.
57
Define corruption.
The abuse of position for private gain.
58
Give examples of corruption.
- Buyers given inducement to favour a particular supplier - Buyers awarding a contract to a supplier in which they have financial interest threatening objectivity - Firms paying influential external stakeholders (e.g. government officials) to support corporate plans or projects
59
When are gifts and hospitality a potential source of corruption?
If the gift is deemed to induce a favourable sourcing decision or there is obvious collusion.
60
There is usually no corruption when a supplier offers a small gift to show a token of appreciation. What factors might deem a case to be considered corruption in court?
Value - the value of the gift is excessive Secrecy - surround the provision of the gift Presumed intentions - of both parties
61
What steps are in the CIPS code of ethics which all members are expected to uphold?
1. Understanding and commitment 2. Ethical practices 3. Professionalism 4. Accountability
62
What is involved in the "Understanding and commitment" section of the CIPS code of ethics?
- ensure understanding of business ethics across the whole organisation - continually enhance knowledge of all relevant laws and regulations - commit to eradicating bad business practice e.g. bribery, fraud, corruption
63
What is involved in the "Ethical Practices" section of the CIPS code of ethics?
- conduct business relationships with respect honesty and integrity - treat all stakeholders fairly and without discrimination - promote and support CSR - avoid business practice which may bring procurement professionalism into dispute
64
What is involved in the "Professionalism" section of the CIPS code of ethics?
- drive unethical behaviours out the supply chain - ensure procurement decisions minimise negative impacts on human rights and the environment - put ethical policies and procedures in place and update regularly - mandate education of all staff on those principles - practice due diligence
65
What is involved in the "Accountability" section of the CIPS code of ethics?
- accept accountability and take ownership of business ethics - foster a culture of leadership by example - prevent, report and remedy unethical practices - provide a safe environment for the reporting of unethical practices
66
CSR is used to define an organisations ethos, its personality, philosophy and character. What 8 principles are advocated by CIPS to observe in relation to CSR and individual behaviour?
1. Environmental responsibility 2. Human rights 3. Equality and diversity 4. Corporate governance 5. Sustainability 6. Impact on society 7. Ethics and ethical trading 8. Biodiversity
67
Give examples of risks associated with sustainability and sustainable procurement.
- Pollution - Poor quality suppliers (reduced local image from using cheap suppliers) - Breaches (fines if statutory environmental requirements are breached) - Child labour (negative reputational impact of using suppliers found to be using child labour)
68
What codes of practice are there around sustainability?
- UNGC (United nations global compact) 10 universally accepted principles - Earth Charter gives principles for building a just and sustainable 21st century - ILO (International labour organisation) gives standards on human rights - ETI (Ethical trading initiative) base code gives 9 clauses on labour best practice - ISO14001 gives environmental management principles
69
What are the 7 key characteristics of a project?
1. Importance (special task force outside routine) 2. Performance (aimed to specific outcomes) 3. Life Cycle (defined start/finish dates) 4. Interdependencies (requiring complex scheduling) 5. Uniqueness (one-off activities) 6. Resource (defined resource budgets) 7. Conflict (stakeholders may have conflicting goals)
70
What 5 categories of projects are there?
1. Construction (Building tunnels/bridges/buildings) 2. Manufacturing (Installing a new machine or developing a car) 3. Management (Restructuring a department or office) 4. IT (Installing new hardware or software) 5. Research (Expansion of knowledge)
71
What constraints do most projects have? (Known as the iron triangle due to their interdependency)
Cost Time Quality
72
What are causes of risk when managing projects?
- Unrealistic objectives - Complex requirements - Poor technology used - Poor project organisation - Multiple stakeholders with different objectives - The socio-political environment changing - The physical environment may be hazardous - The commercial environment may be under threat - Unsuitable contract conditions - PM may be inexperienced or incompetent - The project team may lack the necessary skills
73
How can risks be categorised in projects?
- Individual risks: Each party in the project may incur loss e.g. job risk if failure, reputation risk if failure - Fundamental risks: Threatens the prime objective e.g. failure to achieve the basic objectives or the required return on investment - External risks: Outside the control of the project e.g. trade shut down with country of trade - Internal risks: Under the control of the project e.g. the chosen technology fails to perform
74
What are the 14 principles for project success?
1. Focus on three dimensions of success 2. Planning is everything 3. Managers must transmit a sense of urgency 4. Use a proven project life cycle 5. Communicate in vivid detail 6. Deliverables must evolve gradually 7. Obtain clear sign-offs from sponsors 8. Insist on a documented business need 9. Fight for time to do things right 10. Match responsibility with authority 11. Involve the sponsors and stakeholders 12. Sell and re-sell the project 13. Acquire the best people possible 14. Top Management must actively set priorities
75
The PM should appoint a risk owner for each risk. What can the PM use as a checklist when allocating risks?
- Have all risks, including future risks, been allocated? - Have suppliers been tasked with risk ownership as part of their contracts? - Are the risk owners responsibilities well defined? - Do risk owners have the authority? - Have all risk allocations been communicated and understood? - Are nominated owners appropriate? - Could ownership quickly be reallocated?
76
Explain the 4D model designed to help with project risk management.
# Define it: Set aims & objectives, budgets and timescales Design it: Modelling, planning, estimating, timetabling and resource analysis Do it: Leadership, action, decision making and problem-solving Develop it: Review stage, lessons learnt
77
What is the five phase life cycle to project risk management?
``` Organisation Control Design Do Develop ```
78
Explain the flow chart PRINCE 2 use for effectively breaking down a project.
``` Step 1. Starting up a project Step 2. Initiating a project Step 3. Controlling a stage Step 4. Managing a stage Step 5. Closing a project ``` Feed in from Corporate / programme management, Project Directors, Planning and Managing Product Delivery.
79
What is involved in the “starting up a project”, step 1 of PRINCE 2 project management flow and how does the information feed?
- Appointing project management team - Preparing project brief - Defining the project approach - Planning the next stage (initiation) With feed in from the corporate / programme management the project is initiated. This will then feed into the “Directing of the project”.
80
What is involved in the “Initiating a project”, step 2 of PRINCE 2 project management flow and how does the information feed?
- Brief is developed to form a business case - Project controls / quality approach agreed - Refining the business case and risks - Setting up files and assembling a project initiation document With feed in from the planning process. Two way information feed with the “Directing of the project”.
81
What is involved in the “Controlling a stage”, step 3 of PRINCE 2 project management flow and how does the information feed?
- Authorising work packages - Assessing progress - Capturing and examining project issues - Reviewing stage status - Reporting highlights - Taking corrective action - Escalating project issues - Receiving a completed work package Two way information feed with the “Directing of the project” Two way information feed with “Managing product delivery”
82
What is involved in the “Managing stage boundaries”, step 4 of PRINCE 2 project management flow and how does the information feed?
- Include planning a stage - Updating a project plan - Updating a project business case - Updating the risk register - Reporting stage end - Producing an exception plan With feed in from the planning process. Two way information feed with the “Directing of the project”.
83
What is involved in the “Closing a project”, step 5 of PRINCE 2 project management flow and how does the information feed?
- Decommissioning a project - Identifying follow-on actions - Project evaluation review Two way information feed with the “Directing of the project”
84
What is the role of “Directing of the project” in the PRINCE 2 project management flow?
- Defines controls over the project - Authorises initiation - Authorises the project - Authorises stage or exception plan - Gives adhoc direction - Confirms project closure
85
What is the role of “Managing product delivery” in the PRINCE 2 project management flow?
Places formal requirements on accepting, executing and delivering individual work packages. A work package is a subset of a project and the project comprises of the totality of the work packages.
86
What is the role of “Planning” in the PRINCE 2 project management flow?
- Using structured tools - Planning sequence - Duration and resource requirements - Associated risk assessments
87
PRINCE 2 puts emphasis on having a robust business case in the project initiation, what three aspects should it have?
- Objectives (SMART) - Scope (Responsibilities and range of project, timescales, resource) - Strategy (Link of objectives to corporate plan)
88
After completing the robust business case, what should be produced?
A PID (Project initiation document) which formally summarises everything covered by the project definition including risk assessment.
89
What should be included within an overall project plan?
- Project overview - Project objectives - General approach - Contractual aspects - Schedules - Resources - Personnel - Risk management plans - Evaluation methods
90
The overall project plan can be used to create subsidiary plans. What subsidiary plans should be produced?
- A plan for each stage - Work plans for each individual - A resource plan - A communication plan
91
The name given to the senior team which directs the team is the project board. Which groups does this represent?
- Senior management - Main contractors - Users
92
When monitoring and controlling projects (project maintenance) what continuous cycle of activities will you do?
- Measurement (Where are we?) - Evaluation (Where should we be?) - Correction (How can we get back on track?)
93
What 2 elements are key to the monitoring and control of projects?
1. Milestones (Measurable targets including dates, spends etc) 2. Reporting mechanisms (Generally around the milestones being sent to key stakeholders)
94
Why do projects need careful planning?
- Provide time and resource organisation - Create ownership and individual accountability for tasks - Help to get management buy-in
95
During project planning, what steps are involved in a risk assessment?
- Identify possible risks - Assess them for probability and impact and prioritise - Create a risk register which is regularly revisited - Allocate the high priority risks to individuals to manage - Draw up risk minimisation and mitigation plans
96
The project team needs to agree a WBS (work breakdown structure) which separates tasks out into work packages. What should the WBS allocate?
Size Duration Responsibility for each component
97
Once the WBS has been produced, what do you need to define for each work package?
Dependencies: Which other activities does this depend? Interactions: Which activities can’t run simultaneously Resources Needed: People / Equipment Durations: The time required to complete the activity
98
There are two key organising processes to ensure the needs of the personnel delivering the work packages are met. What are they?
Personnel Needs: assessing personnel needs for information resources, time and authority to implement their part of the project plan. Human resources and skills requirements: assessing the HR and skill requirements for each package. (Man hours / skill levels)
99
What is a Gantt chart?
Chart which shows critical path activities (Used on outage plan)
100
When planning is complete and you are implementing the project, you should have identified discrete work packages. What properties should the work packages have?
- Sensibly sized pieces of work - Good use of resource, grouping together tasks which share resource requirements and specialist expertise - Single area of accountability, responsibility of single managers or team leaders
101
A range of methods should be used to monitor and control progress of a project. What reports can be produced to support this?
- Highlight reports: PM to the board giving brief summaries of project status - Checkpoint reports: Used more frequently (perhaps weekly) by the project team for continuous progress reviews - End stage assessments: Carried out on completion of each project stage. Summarise progress and plan for next stage
102
Routine reporting will highlight variances from the plan. What options are there for dealing with slippage?
- Challenge durations and critical path tasks - Challenge task sequencing - Authorise overtime - Increase resources - Challenge the initial scope and look for overestimates in duration
103
Expediting activities on a project can often cost money. What options are there for managing cost overruns?
- Reduce project scope and delete tasks - Reduce resources assigned to tasks - Challenge initial resource estimates to identify padding - Challenge project overheads (T&S) - Negotiate competitive rates on contracts - Extend project duration
104
When a project has been completed, it must be signed off by the client (internal or external). What other tasks are there on project completion?
- Congratulating the team - Closing all associated contracts - Communicate closure to stakeholders - Prepare final project report to provide a picture of successes / failures
105
Before the team is disbanded, a lessons learnt activity should be done, what should be covered in these meetings?
- Management sponsorship - Project objectives and critical success factors - Project plan and schedule - Project team - Client / end user involvement - Use of technology - Client acceptance criteria - Project monitoring - Project communications - Project risk assessment and risk management
106
Contractual remedies can be used to manage risks. What different types of contractual terms are there?
- Express terms: obligations explicitly included - Implied terms: not written but implied e.g. regulatory requirements will be complied with - Condition: vital terms to the contract. If these are breached the contract can be terminated - Warranty: lesser conditions which don’t have a major effect on the contract
107
What’s the difference between liquidated and unliquidated damages?
Unliquidated Damages: Aren’t included within the contract but when obligations are breached a court will decide what is a reasonable amount to pay the affected party Liquidated Damages: Explicitly states within a contract the amount to be paid in the anticipated breach of a contract.
108
What different types of IPR are there?
- Patents: grant exclusive rights to make, use and sell an invention - Copyrights: give the creator of work exclusive rights to it - Industrial rights design: these protect the visual design of objects - Trademarks: protect a sign, design or expression which identifies a particular company or organisation
109
What is Force Majeure?
- Agreement to treat unavoidable contractual breach’s differently - Usually a set list of events e.g. war, riot, explosion - Either removes or extends the obligations of the affected party
110
There are a number of firms which can help with risk assessment or management, how can these be categorised?
- Sector Specific | - Risk Specific
111
What benefits are there of using a risk specialist consultant?
- Specialist knowledge and skills - Independence - Work can be completed in a limited time frame - Potential for skills transfer, enabling the client organisation to learn from the consultants
112
What are the risks associated with using a risk management consultant?
- Specifications may be unclear or ambiguous - Specialists chosen may not be as competent or experienced as they claim - The timeframe you impose may be insufficient for the job to be complete properly - The consultant may be relied on too much to the extent that little knowledge is transferred
113
What is Hedging?
A means of protection against something, especially a means of guarding against financial loss.
114
What are 5 different types of insurance?
``` Public Liability Professional Indemnity Product Liability Employers Liability Trade Credit ```
115
What is Public Liability insurance to protect against?
Injury to a member of the public on the insured parties premises.
116
What is Professional Indemnity insurance to protect against?
Professional Indemnity helps protect consultants and other professional advisors from bearing the full cost of defending against a negligence claim made by a client.
117
What is Product liability insurance to protect against?
If a member of the public suffers injury through use of a product.
118
What is Employers liability insurance to protect against?
If an employee suffers injury or illness at work.
119
What is Trade Credit insurance to protect against?
To protect from loss due to credit risks such as protracted default, insolvency or bankruptcy.
120
What is an Indemnity? (In relation to insurance)
The insurer compensates the insured for loss up to a specified limit.
121
What is Insurable interest? (In relation to insurance)
The insured must directly suffer from the loss.
122
What is Utmost good faith? (In relation to insurance)
Material facts regarding the risk must be disclosed.
123
What is Subrogation? (In relation to insurance)
The insurer acquires legal rights to pursue recoveries on behalf of the insured.
124
What is Proximate clause? (In relation to insurance)
The cause of the loss must be covered under the policy, and must not be excluded.
125
What is Mitigation? (In relation to insurance)
The asset owner must attempt to keep loss to a minimum, as if the asset wasn’t insured.
126
What is an insurance broker?
Someone who links up a client with an insurance company.
127
What can insurance company do to cover their losses?
Spread its risk through re-insurance. Here they insure with other insurance companies against any single large loss or an accumulation of smaller losses.
128
In the event of a claim, what will the insuring party need to verify?
- The insured party has fulfilled its responsibilities by taking reasonable care to try and prevent the risk from happening. - The amount claimed is in line with the level of cover set out in the policy.
129
What is a loss adjuster?
An independent expert who is appointed by either party to process a claim. Usually they are appointed by the insurer.
130
What is contingency planning?
Preparing for “what if?” scenarios. This means making a plan B for high priority risks if plan A doesn’t work.
131
What is risk management?
- Estimating risk probability - Estimating risk impact - Prioritising risks - Developing a plan for high priority risks
132
For all business critical raw materials where there is no available source of supply, what should you consider?
- What could you do, at least, to keep the business operation going? - Define time periods, what needs to be done in the first hour the first day? - Understand the trigger, what will cause you to implement the plan? - Keep it simple - Communicate it (incorporate into standard operating procedures)
133
What is Business continuity planning (BCP)?
It is the further development of a contingency plan and a process that helps manage risks to the smooth running of the organisation. BCP is focussed on keeping operations running. The first step is to consider “what if?” to identify possible crisis. The organisation should nominate an emergency planning manager who is responsible for the BCP.
134
When is business continuity planning (BCP) necessary?
It is necessary in businesses which rely heavily on technology, have well-developed brands or operate in high risk environments.
135
What possible planning scenarios could organisations use when doing business continuity planning?
Social - e.g. social unrest disrupts the market Political - e.g. the government bans a raw material Competitors - e.g. competition creates an innovative new product
136
What are the 5 steps which are critical for developing an effective business continuity plan?
``` Analyse your business Assess the risk Develop your strategy Develop your plan Rehearse your plan ```
137
What different crisis may be included in a business continuity planning document?
- Product quality failure - Environmental pollution - Health & Safety accident - Fire and explosion (including loss of buildings, telephones, etc) - Security failure including kidnapping and extortion - Fraud - Financial crisis - IT or internet failure - Industrial relations problems - Business specific problems - Other unforeseen problems affecting organisational reputation.
138
Developed crisis plans should incorporate 4 main elements. What are they?
- Strategies - to prevent the event happening - Actions - to be taken in the event of the crisis including roles & responsibilities & alternative working arrangements - Communication Plan - a plan setting out who should be contacted, by whom, including dealing with press etc - Authorities to be informed - People to alert e.g. police, lawyers, insurers
139
A business continuity plan should be tested, why?
To ensure the plan works, discovering shortcomings | To rehearse the staff, training them to react in a certain way
140
What techniques could be deployed when business continuity planning?
- Renting fully equipped offices from a 3rd party - Use of mobile facilities which can be parked nearby - Use of back-up IT systems and data recovery specialists - Use of fire wardens and similar emergency staff - Provision of automatic fire detection and communication systems - Use of telephone cascades - network messages who pass on calls
141
An organisation should focus on Disaster recovery planning for catastrophic events. When should an organisation emphasise disaster recovery?
- It has a dependency on IT systems - There is recognition of the severity of an outcome - A formal process is required - There is an increased likelihood of IT and information security safeguards

CIPS - Chartered Institute of Procurement and Supply (7 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions