All Flashcards
The decision to make a financial investment is an example of what type of risk?
Speculative.
When considering an emerging risk, what typical outcome will always be in evidence?
Uncertainty.
Rafiq chooses to accept the risks associated with his favourite pastime of deep-sea diving. This choice is an example of
risk voluntariness.
NOT
Risk perception
When applying probability theory to a specific period of time, a measurement of 1 indicates that the event
will occur.
One of the levels of Renn and Rohrmann’s structured framework on risk perception is
emotional factors.
What form of risk is most likely to have a positive influence on an individual’s perception of driving a car?
Controlled risks.
What is a key difference between pure and speculative risks?
Speculative risks may result in a benefit to the risk-taker, whilst pure risks will only result in a loss
or a break-even position.
When considering the likelihood that a risk event may occur, a risk manager should primarily review the probability of its occurrence alongside
frequency.
What must a Chief Risk Officer do, if anything, when identifying a significant new and emerging risk to the business?
Report details of the new risk to the Board of Directors in a timely manner to agree additional budgets and actions.
Within a large organisation, the responsibility for monitoring and advising on the effectiveness of risk management decisions is primarily the responsibility of the
internal audit function.
A key development of the evolution of risk management theory in the fifteenth century was the (share)
invention of the printing press to share ideas and information.
NOT
development of mathematical models.
introduction of probability theory.
A key benefit of effective risk management to a manufacturing company is likely to be
a reduction in insurance costs.
A key factor that an audit team will consider when assessing a large global organization’s enterprise (timing)
relevant risk information is captured and communicated in a timely manner across the organisation.
Where an organisation is unable to assess a risk impact in financial terms, it may typically
measure the risk in qualitative terms.
In a risk management context, internal control activities within an organisation typically relate to
policies and procedures that help ensure that risk actions are taken.
For a risk committee to function effectively within a large organisation, it must
have unrestricted access to accurate risk information.
Succession planning for senior management within an organisation is an example of
risk reduction.
A key disadvantage of relying on risk registers for effective risk management controls within an organisation is that they
may fail to take account of correlations between risks.
NOT
are based on risk models that do not consider all circumstances.
Where a simple risk description table is contained within a risk register, ‘scope of risk’ relates to
a description of associated possible events that might materialise.
The ISO 31000 risk management standard contains a process section which covers
risk identification, assessment and management.
Published international risk management standards should always aim to
establish a benchmark of best practice in the main areas of risk management.
NOT
provide detailed guidance on the effective implementation of enterprise risk management
frameworks.
ensure risk management laws and regulations are fully adhered to.
Where an organisation adopts an internal control approach to risk management, it means that it will always
concentrate on reducing the uncertainty of outcomes by controlling risks.
1
1
When an organisation is looking to expand into a new business market, the emergency services may be able to provide the organisation with useful information on
identified risks and risk trends.
When an organisation is reviewing its risk management concerns, a key limitation of a physical survey is that it is typically
focused narrowly on one specific aspect of the risk.
What method is the insurance risk manager of a large commercial airline most likely to use when categorizing all risks faced by the organisation?
The airline’s own classification system.
NOT
The standardised global classification system for all risks.
A risk manager is analysing the cause and effect of a recent risk event which has occurred within the organisation. The risk manager should consider that (connections)
there may be multiple unconnected causes.
When operating within a risk management framework, identifying risks that are unacceptable to an
organisation is known as risk …
evaluation.
In an organisation, operational risk is typically defined as a risk of loss resulting from
inadequate processes and systems.
Within a large manufacturing company, financial risks are most commonly associated with
liquidity and profitability issues.
NOT
loans and consumer credit defaults.
Within a large organisation, why might a risk manager find it difficult to categorise risks?
There is no universally accepted definition of individual risks.
NOT
There is never a clear purpose for such risk categorisations.
A car dealer is arranging insurance cover for the majority of the risks it faces to protect itself against identified potential losses. The dealer will typically NOT be able to arrange insurance for
losses from reputational damage.
WRONG
credit losses.
Correlated losses
Loses from fraud
A financial services organisation has reviewed its decision-making processes and has found risk management failings relating to data protection and anti-money laundering policies. As a result of … (what sort of risks are these)
Compliance and regulatory risk.
NOT
Legal and operational risk.
A risk manager is reviewing two separate risks within the organisation. She believes that they could
be interrelated, which could result in greater damage than if the risks had remained completely
separate. She is therefore most likely to be considering the concept of
aggregation and correlation.
The Compliance Director within a large organisation is considering implementing a governance, risk and compliance framework. The primary objective she would be seeking to achieve is to
eliminate inherent conflict between the compliance, risk and audit functions.
Enterprise Risk Management within a large financial organisation is regarded as
a holistic approach to risk management.
In a large international bank, to whom would the Chief Risk Officer typically report to in respect of an assessment of risks for the bank?
The Chief Executive Officer, the Board of Directors and appropriate senior management committees.
As a result of recent flooding, a delivery company’s vehicles have all been destroyed. The company now faces losses in respect of its vehicles, revenue and reputational damage. These are examples of
aggregated losses.
NOT
Correlated losses
The main way in which governance, risk and compliance improves operational efficiency within a
manufacturing organisation is by
aligning strategy, processes, technology and staff.
What method of risk retention involves setting up a separate company which is owned and controlled by the parent organisation?
Captive insurance arrangement.
A small plant hire company is seeking to protect itself against responsibility for the legal liability incurred as a result of bodily injury to third parties. In terms of risk transfer, the organisation is most likely to
purchase public liability insurance.
A large global organisation has employed an insurance intermediary to assist the organisation in achieving its risk management objectives. The organisation will therefore most likely require the intermediary to advise an insurer on
facilitate risk surveys, advise on insurer selection and implement appropriate insurance arrangements.
A global organisation has established a captive insurance arrangement rather than transferring all insured risks externally. A key disadvantage of this course of action is
increased risk retention.
NOT
increased short-term cashflow requirements.
reduced margin from insurance programmes.
A motor insurer has established processes to assess a commercial insured’s dependency on the insured’s suppliers and how it achieves safe and appropriate fleet risk management. The insurance broker, acting on behalf of the insurer, will typically attain these through the use of
business interruption reviews and a check of the driver handbook.
A risk manager is considering the likelihood that the risk management systems employed within his
organisation might fail. He should be aware that
risk management systems will typically fail because of human behaviour.
When considering the likely consequences of the failure of an organisation’s risk management systems, the organisation should be aware that the (secondary)
secondary consequences may be far more severe than primary consequences.
NOT
secondary consequences will be reduced if the appropriate governance risk and compliance
framework is introduced immediately after the risk event has occurred.
A large company is considering its risk management standards following an extensive risk management review. What is the company most likely to utilise to assess whether its risk management processes will fail?
Key control indicators.
NOT
Key risk indicators.
Fault trees.
What is the key consideration by a large international bank when assessing global risks using computer-based risk modelling?
Assumptions used may not be correct and outcomes may not be correctly interpreted.
For what key reason may risk management systems typically fail in a large organisation?
The attitudes of key personnel.
The Chief Risk Officer within a large manufacturing organisation has been asked by the Board of
Directors to provide an example of a pure risk. A suitable example would be
a fire occurring in a new manufacturing process line.
Within an organisation, when attempting to manage and control risk, the organisation should be aware that
uncertainty must be taken into account.
When applying probability theory to a specific period of time, a measurement of 0.85 indicates that the event
is very likely to occur.
Which type of risks are characterised by a perceived lack of control and catastrophic potential?
Dread risks.
An organisation following the Renn and Rohrmann structured framework should be aware that an individual’s risk perception is influenced by common sense, which is also referred to as
collective reasoning strategies.
How can the perception of risk by senior management have a fundamental effect on the future direction of a manufacturing organisation?
It will shape the organisation’s risk appetite and attitude towards risk acceptance.
As part of an organization’s risk management process, when considering risk and uncertainty, the risk team should be aware that (both)
risk can apply to both opportunities and threats to the organisation.
How does a pure risk differ from a speculative risk?
A pure risk only leads to the possibility of a loss, whereas a speculative risk may lead to a gain.
A risk manager in an organisation is calculating a risk factor. The two components in the calculation
are
probability and impact.
How did the large fluctuations in prices of many raw materials and commodities in the 1970’s influence the evolution of risk management?
The use of derivatives as a risk management tool increased.
NOT
Business continuity planning was developed.
An influence on the evolution of risk management theory in the 19th Century was based on
mathematicians collecting measurements to provide statistical data.
NOT
placing a greater emphasis on the human element of decision making.
When considering risk management within a manufacturing organisation, what is a benefit of
conducting a detailed structured analysis of the entire organisation?
It would uncover weaknesses and provide valuable information that can be used to improve
processes.
Why is it important that an organisation attempts to measure the benefits of risk management in
financial terms?
It will quantify the level of internal and external resources that are required.
Within a large global organisation, who has the primary responsibility of identifying individual risk owners and making sure appropriate risk control activities are carried out?
The Chief Risk Officer.
In relation to a large organisation’s risk management process, what does the internal audit function
typically have responsibility for?
Providing detailed assurance that risk management processes are effective.
Within a large global organisation, the compliance function is part of what?
a part of both the risk management and audit functions.
An organisation operates with separate and independent risk management, compliance and audit
functions. The organisation’s board of directors should be aware that
work will often be duplicated and costs will usually be increased.
What is typically the day-to-day responsibility of a Chief Risk Officer within a large organisation?
Ensuring that all key risks are adequately managed and reported.
A large organisation is using a typical risk management process and has just established and
identified the risks to which it is exposed. What is likely to be the next stage in the process?
Analysing risks.
One of the reasons that an organisation should monitor and regularly review its risk management process is to
consider whether lessons could be learned for future management of risks.
A risk register has been produced for a large engineering company. What is a key difficulty of using
such a register?
It may fail to take account of correlations between risks.
What is a key consideration when designing an organisational risk register? (risk profile)
The organisation’s risk profile should be captured.
NOT
All staff must receive training on updating the register.
All staff must be able to update and accept new risks.
The ISO 31000 standard separates risk management areas into
frameworks, principles and processes.
Which risk management standard is mainly concerned with the US legal requirements for reporting
accurate financial data?
COSO.
One reason for a risk manager to review an organisational chart is to
establish a decision-making route.
NOT
establish the potential impact of a possible risk incident.
In a manufacturing organisation, what is a fault tree designed to show?
It identifies the likelihood of an interruption arising.
A logistics manager for a supermarket chain identifies that there is a continual delay in the deliveries
to stores. What is the most appropriate technique to identify the cause of the problem?
Flow chart.
To comply with the UK Corporate Governance Code, to which body must all UK-listed companies provide information concerning solvency, liquidity, risk management and viability on an annual basis?
The Financial Reporting Council.
Where an insurance organisation has failed to keep up with new legislation governing its day-to-day
activities, it primarily increases its exposure to
compliance and regulatory risk.
A large organisation is assessing the financial strength of one of its customers. Which types of risk
are being assessed?
Credit and liquidity.
Within an organisation, business risk can be categorised as the
probability of a loss being inherent in an organisation’s operations and environment.
NOT
alleged or actual breach of contract between an organisation and counterparty.
uncertainty relating to the occurrence of an insured event.
Why can it be difficult for an organisation to categorise risks?
There is no universally accepted definition of individual risks.
Understanding the potential causes of risk events will help an organisation to
reduce the frequency of loss.
What advantage does a Governance Risk and Compliance framework offer when compared to retaining separate and independent risk control functions?
It provides a consolidated risk management function.
Where a large organisation uses enterprise risk management to create a framework to consider all
risks affecting the organisation, this is known as
a holistic approach.
Which type of risk framework is expected to improve efficiency by aligning strategy, processes,
technology and people?
Governance, risk and compliance.
NOT
Corporate, governance and control.
When implementing an enterprise risk management (ERM) framework, a large organisation should be aware that ERM relies upon what?
relies largely upon the analysis and evaluation of risks against criteria that are set by the Board.
NOT
will always require assessment of risk management processes from both internal and external
auditors.
A train has crashed and is badly damaged. There have been numerous claims from injured passengers as well as a loss of revenue for the train operator. This is an example of
risk aggregation.
A requirement for successfully implementing a governance risk and compliance framework within
an organisation is for
consistent terminology to be introduced across the organisation’s risk management and
assurance functions.
An organisation will typically find that its insurance arrangements will exclude cover for (database)
the value of its computerised database.
NOT
consequential losses following natural disasters.
credit risks
Insurance policies issued by a commercial insurer operating solely in the UK are directly governed
under which Act?
Insurance Act 2015.
A broker is undertaking a business interruption review on behalf of a client. This would most commonly include an evaluation of the
effectiveness of a business continuity plan.
What is a primary benefit of a large commercial organisation self-insuring a risk?
Its short-term cash-flow position is likely to improve.
A large manufacturing organisation has renewed an insurance policy and has accepted a significant
increase in the policy deductible. What is this most likely to indicate?
Increased risk retention.
A large organisation has entered into a surety arrangement using a counterparty to guarantee certain credit agreements. The main risk to the organisation of the counterparty failing is that the organisation would
be liable for all future losses incurred on these credit agreements.
NOT
be responsible for all of the counterparty’s losses.
For what primary reason could enterprise risk management (ERM) systems fail?
Financial constraints could compromise the implementation of ERM systems.
What could a financial organisation make primary use of, to assess whether its risk management
systems are likely to fail? (indicators)
Key control indicators.
NOT
Key risk indicators
An engineering company is assessing the key risks faced within the manufacturing process. Although cover is in place for most of the potential losses that may arise, the company should be aware that
human error cannot be eliminated.
As a direct result of recent disasters in the oil drilling and exploration sector, for companies in this sector there has been an increase in
new regulations and safety controls.
An organisation is considering budgets for its risk management activities. Ideally the organisation
will understand that the benefits of such activities should
be measurable in financial terms.
Which individual within a global organisation carries out selected duties in relation to risk management and reports to the risk sub‐committee?
Risk officer.
The form of risk management typically provided by an organisation’s audit department is known as
an internal control.
The most important task of the risk sub‐committee within a large organisation is to
publish and maintain the overall risk management philosophy.
NOT
ensure that all key risks are adequately reported and managed.
Risk Officer vs Risk manager vs Chief Risk Officer
Use the term ‘chief risk officer’ to denote the most senior professional risk manager in an organisation.
Risk Manager - no definition. A risk manager could have board status in some organisations, or a middle management or lesser role in others. In some organisations the role may focus on a particular specialist area
of risk, such as operational, financial or IT risk
Risk officer is the title given to a risk management professional who carries out selected duties under the guidance and direction of the chief risk officer.
Silo based organization meaning
An organization where business goals, scope of responsibility and control systems are distributed according to the departmental divisions. In such organizations, cross-functional processes are typically not well understood, managed or controlled.
Holistic meaning
characterized by the belief that the parts of something are intimately interconnected and explicable only by reference to the whole.
Renn and Rohrmann risk perception levels
First level - covers collective and individual reasoning strategies that have evolved over the years, popularly referred to as common sense
Second level - covers knowledge of the risk, or at least what we believe from available information to be true
Third level - concerns the influence of social and political institutions that people associate with a risk or its cause
Forth level - explores cultural factors that affect risk perception and govern many of the lower levels of influence
