Certificate in IRM Module 2 (all) Flashcards
Coca Cola - what did they say?
The world is changing all around us. To continue to thrive as a business over the next 10 years and beyond, we must look ahead. Understanding the trends and forces that will shape our business in the future and moving swiftly will prepare us for what’s to come.
Generic and Industry Specific KRI examples
Generic: Staff T/over, Accident Rates, IT downtime
Specific: % of incorrect sales, % of food contamination indidents
Risk Emphasis
e.g. PLCs = profit. Local Authority = delivery of services
This feature of risk management is often referred to as the ‘risk emphasis’ of an organisation
The nature of the business or objectives drives the primary thinking in regard to the way risks are addressed. A major retailer will have brand management as its focal point for risk management, whereas a pharmaceutical firm will have product efficacy and safety as the key risk emphasis for their risk control efforts.
Materiality - definition
Materiality of business environment changes varies in tune with the organisation’s size, resources, operations and objectives
What would a medium sized housing construction company in the UK be interested in from a Materiality perspective
medium-sized housing construction company operating in the UK will have a strong interest in:
1) economic environment as it affects employment, confidence in the strength of the market,
2) availability of funds to lend to prospective purchases and;
3) the cost of construction materials.
State-funded hospital - Materiality for them?
State-funded hospital would naturally monitor:
1) Government’s monetary policy,
2) political developments and;
3) any austerity measures that are introduced.
Body Shop - vision? Why high risk?
The Body Shop has been successful even though the vision was unproven in the retail market and the market’s acceptance of the branding style and concept uncertain.
Banks - what is their most valuable asset to protect?
Business with banks, in particular, is based on trust and banks will naturally protect their reputation as their most valuable asset.
‘risk emphasis’ - major retailer
Brand Management
‘risk emphasis’ - pharmaceutical firm
Product efficacy and safety
as the key risk emphasis for their risk control efforts.
Risk Emphasis - Regulatory Developments - applicable to who?
Regulatory developments could be sector-specific to certain industries only.
Risk Emphasis - Geographical Issues?
geographical issues may be related to such matters as the physical exposures to an organisation by, for example, earthquake or hurricane/typhoon.
Risk Emphasis - Hotel Sector?
Brand Recognition
RASP - What is the most important part?
‘The Risk Management Policy Statement’ - sets out the overall strategy of the organisation to Risk Management
p.239
What types of Risk Documentation will need to be kept?
- Admin records
- Risk response and imporvement plans
- Event reports and recommendations
- Performance and monitoring reports
AND .. the Risk Register
Where does the interaction b/.w Risk Mngmt & Internal Audit get documented?
Within the RASP
RASP - where does the Risk Management Strategy get recorded / set out?
In the ‘risk Management Policy Statement’
Should ensure that there is Risk Management input into ‘STOC’ - Strategy Tactics Operations Compliance
p.243
What is something that the Risk Management Strategy will include?
‘what the organisation is seeking to achieve wrt Risk Management’
RASP - Protocols … what are they?
Risk Procedures and Guidelines Procedures and Protocols Frequency and nature of risk reports Reviewed annually and kept up to date what activities must be undertaken
Protocols: ‘seen as the Standing Instructions relating to Risk Management in an organisation
What aspects of risk should have clear statements of responsibilities
- Setting of required Risk Standards
- Implementing Risk Standards
- Monitoring Risk Performance
ISO Guide 73 definition of a Risk Owner
a ‘person with authority & accountability to make the decision to treat, or not to treat a risk’.
What is a downside of having the Risk Mngmt Committee (RMC) report into the Audit Committee
Could impair the work of the RMC through extra bureaucracy and unhelpful emphasis on audit and compliance.
How do organisations largely structure their risk management activities?
according to the prevailing management style that applies within the wider organisation.
What is a key feature of risk architecture
The roles and responsibilities of key staff and indeed all individual employees
