Block 11

Question 1

Define Decision Making: (2)

Answer 1

Decision making is a complex process that entails choosing to act/not act in a deliberate manner, that lends itself to the pursuit of organisational goals.

Question 2

Define and explain the conditions for decision-making: (6)

Answer 2

• Decision under certainty: Exists when information is sufficient to predict the results of each alternative in advance of implementation. Certainty is the ideal problem-solving and decision-making
  environment.
• Decision under Risk: Exists when decision-makers lack complete certainty regarding the results of various courses of action, but they can assign probabilities of occurrence. Probabilities can be assigned through objective statistical procedures or personal
  intuition.
• Decision under Uncertainty: Exists when managers have so little information that they cannot even assign probabilities to various alternatives and possible results.

Question 3

How does risk affect objective achievement? (2)

Answer 3

Risk creates uncertainty for the achievement of strategic objectives due to changes in circumstances or consequences of events.

Question 4

Define “Risk” according to the COSO definition, and what does that highlight? (3)

Answer 4

Risk is the possibility that events will occur and affect the achievement of strategy and business objectives.

This definition highlights the relationship
between risk and organizational strategy, focusing on the impact that potential
events may have on achieving desired outcomes.

Question 5

How does the ISO 31000 define risk? (1)

Answer 5

Risk is the effect of uncertainty on objectives.

Question 6

Give the business dictionary’s definition of risk: (2)

Answer 6

Risk is a probability or threat of damage, injury, liability, loss, or any other negative occurrence that is caused by external or internal vulnerabilities, and that may be avoided through preemptive action.

Question 7

Explain the difference of traditional vs. contemporary Risk perspectives: (4)

Answer 7

*Traditional definitions of risk deal with
loss, injury, or other undesirable
impacts.

*Risks have therefore been generally
viewed as being negative.

*When an enterprise engages in its
activities, it accepts some measure of risk.

*The notion or understanding of risk
should therefore explicitly consider
possible outcomes ( positive/negative)

Question 8

Define ‘Risk management’: (2)

Answer 8

Risk management is a continuous process of identifying and determining the extent of risks and putting in place strategies to reduce or eliminate risks that may influence business strategy, objectives, and implementation of strategies.

Question 9

Name and explain the major risk categories: (6)

Answer 9

*Business risks: this relates to the possibility
that an organisation will / will not compete
successfully in its operations.

*Financial risks: this relates to the possibility
that an entity will not / will have adequate
funds for its operations.

*Hazard risks: this is concerned with
exposures that can cause loss without the
possibility of gain.

Question 10

Explain the role of risk management in strategic performance: (2)

Answer 10

• Successful strategic management is dependent on how well an organisation can determine and manage risk.
• Robust risk management is necessary to ensure operations are effective and efficient, Risk management is essential for business continuity and for the creation and protection of value.

Question 11

Define Enterprise Risk Management (ERM): (4)

Answer 11

ERM is a process that is effected by an entity’s board of directors, management and other personnel,… applied in a strategy setting and across the enterprise,… designed to identify potential events that affect the entity and manage risks to be within its risk appetite,… to provide reasonable assurance regarding the achievement of entity objectives.

Question 12

Explain COSO’s frame of the internal environment: (2)

Answer 12

*It encompasses the “tone at the top” of the enterprise and influences the organisation’s governance process and the risk and control consciousness of its people.

Question 13

What are the four focus points of the COSO’s framework?

Answer 13

• Corporate governance
• Internal control
• Risk
• Business Ethics

Question 14

Name COSO’s Framework components: (7)

Answer 14

1. Objective Setting
2. Event Identification
3. Risk Assessment
4. Risk Response
5. Control Activities
6. Information Communication
7. Monitoring

Question 15

Explain ‘Objective Setting’ as a COSO framework component: (2)

Answer 15

Objectives are aligned with the entity’s strategy and risk philosophy,
which then drives event identification, risk
assessment and risk response.

Question 16

Explain ‘Event Identification’ as a COSO framework component: (2)

Answer 16

Potential negative/Positive events
represent risks that provide a context for
assessing risk and alternative responses
and/or upside to strategy.

Question 17

Explain ‘Risk Assessment’ as a COSO framework component: (2)

Answer 17

Management considers qualitative and
quantitative methods to evaluate the likelihood and impact of potential
events, individually or by category within a time horizon.

Question 17

Explain ‘Risk Response’ as a COSO framework component: (2)

Answer 17

Alternatives risk response options and
their effect on risk likelihood and impact as
well as the resulting costs versus benefits.

Question 18

Explain ‘Control Activities’ as a COSO framework component: (2)

Answer 18

Implements policies and procedures
throughout the organisation, at all levels
and in all functions, to help ensure that
risk responses operate effectively.

Question 19

Explain ‘Information Communication’ as a COSO framework component: (2)

Answer 19

Capture and communicate pertinent
information from internal and external sources in a form and timeframe that
enables personnel to carry out their
responsibilities.

Question 20

Explain ‘Monitoring’ as a COSO framework component: (2)

Answer 20

Ensure that the ERM activities are functioning as intended and to identify any
necessary modifications or improvements.

Question 21

Name the ERM components and the principles of each component: (5)

Answer 21

1. Governance & Culture: Board exercises risk oversight, establishes structures,
   demonstrate commitment to values.
2. Strategy and objective setting: analyse context, define risk appetite
3. Performance: Identify risk, assess the severity of risk, prioritize risk.
4. Review and revision: Assess substantial change, review risk and performance.
5. Information communication and reporting: Leverage IT, Communicate risk
   information

Question 22

Define and explain the purpose of the ISO 31000: (4)

Answer 22

• ISO 31000 is the most popular risk management standard used by organisations.
• ISO 31000 caters for any organisation regardless of size, activity or sector.
• ISO 31000 allows organisations adopting ISO 31000 to compare their risk management strategies with an internationally recognized benchmark so as to provide sound principles for risk management and governance.
• ISO 31000 provides detailed guidelines on the planning, implementing, measuring,
  and learning features of a risk management system, but less explicit information on
  the context, leadership and support features required of a management system
  standard.

Question 23

Study ISO Risk Management Process on slides: p. 29/31

Answer 23

Use this card to rate how well you know the ISO 31000 Risk Management Process graph.