CH 2 Flashcards
Why should risk management include measurements of benefits
This should be done so as to justify the use of resources and budgets
An large organizations common objectives are shared to various stakeholders and other people with interest in the organization’s performance including
-Shareholders
-Employs
-Customers
-Suppliers
-Banks
-Trade Unions
-Relevant government departments
What is a stakeholder
This is any individual/group/organization that can affect or be affected or perceive itself to be affected by a risk
What happens after objectives are set out
The organization will develop strategies and plans to demonstrate those objectives can be met
Strategic plans should not be adopted without considering risks involved, published plans only indicate some of the risks assessed because
The organization will not want to highlight its perceived weaknesses thus attempt to limit public discussions to well known documented concerns and usually only broad categories of risk will be mentioned
in pursuing their objectives, orgs will have a wide range of dependancies including
It could be other organizations, resources or markets they rely on
Why will the continuation of the dependencies be crucial
It will be crucial to avoid losses, weaknesses emerging and some cases survival of the organization
What does risk have the potential of threatening
Risks are anything with the potential to threaten the operations, assets and other responsibilities of an organization
What are some of the risks that the directors of an organization will consider
-market factors and trends
- potential competition moves
-possible technological change
-developing the need of the customer they serve
How can government affect achievement of a business plan
-They can take over business
Introduce regulatory legislation
impose financial controls
change taxation requirement
In what things do employees have legal rights on
-Maternity leave
-Sick pay PEnsions
Dismissal procedures
Minimum Pay
Holiday entitlement
How do organizations reduce the risk of costs arising from employee disputes
Careful attention to employment contract, rules of conduct, written clarification of responsibilities and suitable management training
What legal obligations do organizations have in respect to hiring
They must obtain and examine appropriate documents from prospective employees because the Immigration Act 2016 made it unlawful to employ anyone not legally entitled to wok in the UK
Anything that dissatisfies the employees is viewed as
It is viewed as a risk that threatens efficient operation and achievement of objectives
What does systematic racism affect
the individual performance and threaten achievement of organization objectives
what is a sound basis for effective assessment of racial discrimination risk
what is a sound basis for effective assessment of racial discrimination risk
The Race at Work Charter
What other risk regarding employees must the organisation consider
Behavior of employees, thus risk of fraud and general negligence should be considered and precautions taken against willful damage being caused by is gruntled staff
Why are organizations and their suppliers interdependent
This is because each must have confidence that the other party will perform
What does the organization require from the supplier
Good quality, on-time deliveries from the supplier
What does the supplier require from the organization
They require dependable payment from the organization
With supplier and Organization where does the risk lie in respect of perceived defaults
It will depend on the wording of the legal agreement between the two, thus organization must not assume that risk is automatically subcontracted with a task
Where does risks arise in the supply chain
Where goods and services need to be competetively priced
What does the Modern Slavery Act 2015 do
They make large organizations legally responsible for ensuring that slavery or human trafficking are not taking place in their organization or any of their supply chains
What are distributors known as
They are in effect wholesale customers
What could damage the distributor
Failure of one or more source of supply could damage the distributor in various ways, and can lead to the distributor failing altogether if an adequate replacement supplier is not found
What happens to an org if they fail to satisfy the statutory and other requirements set by regulators
This could lead to imposing of substantial fines, restricting business or closing down a business altogether
What would an adverse regulator comment do to an organization
It will invariably damage reputation
What can the media be viewed as
It can be viewed as wholesale distributor of the reputation of an organization and its officials
Why are Private investors more exposed to devastating loss than stock market investors
This is because stock market investors have more opportunity to spread their investment, thus their risks across different companies and markets
How can investors who have non monetary stake in an organization be at risk
This is because they stake their professional and personals reputations alongside that of an organization, they can too suffer loss together with any damage to the organization itself. It’s difficult and long process to rebuild this type of asset
To whom to banks and investor finance companies have interest with
They have interest in those organizations they have provided money too, and if the money is perceived to be a greater risk due to unexpected downturn in the org’s strength then the cost of borrowing can increase drastically
What happens if financier believe their is sufficient cause for concern with an organization
They can demand that assets that are security for loans be sold immediately and loans repaid
Under relationship between financier/bank and an organization(borrower) the decision to sell mortgaged asset lies on
The decision will be based on the interest of the financier and not the long term interest of the organization and its other stakeholders
Who are quoted shareholders
They come to an organization through stock markets in various forms
What does failing stock values lead to
It will increase the cost of borrowing capital
How does the failing stock values lead to increased cost of borrowing capital
If lenders perceive that relationship between total borrowings and net value of the company is narrowing they will demand higher interest rates and security
What else can affect shares
Single points of influence like credit rating agencies
Public and statutory interest regarding the quality of the environment will cover a very wide range including
It will cover pollution of physical environment, renewable sources of materials, water disposal, energy ,and water conservation, waveband utilization and fair trade issues
What are some examples of individual organization having their own stakeholder pressures
- Political organisation have their own dependencies to protect
-Industry pressure groups/ industry associations
Who else are a form of stakeholders
Competitors, if an org is weakened by an unexpected event then their might be competitors who will see this as an opportunity for themselves
AN organisation needs to consider the below that it needs to keep safe from damage and loss
-Safety of People
-Safety of assets
-Revenue and cash flows
-Legal obligations
-Delivery of promised goods and services
What does safety of people entail
Organisation needs to ensure that they provide employees with a safe working environment and provide them with the necessary resources they need to carry out their duties effectively
Main operational objective of an organisation is
To deliver the services and goods it has promised
One of the challenges of Risk Exposure are
The identification of new types of risk
How might impact of a present risk change
They might change as circumstances change, and new risks and types of risks continually emerge
What are some of the risks present today that would not have been recognized 100years ago
-New Health Risk i.e Covid
-Technology Risks-Cyber crime
-Developments in Genetic engeering and stem cell research
-Effects of high density electromagnetic fields and solar flares
-Increase risk and changing methods of terrorism
What is the emerging risks with the highest profile
Climate change
What must risk managers incorporate in their reports to directors
specific climate change analysis due to the adverse effect climate change has to the world
What implications have most far-reaching implications
Decisions taken to address climate change
The institute of Risk Management established a special interest working group in 2019 published a guidance report on
The guidance report is focused solely on climate change to help risk managers see that climate change risk mitigation measures are built into their organization’s business plans
Due to uncertainties in climate changed, organizations are recommended to look at climate change implications in how many horizons
In 3 horizons, which are short term 1-3 years, medium term 3- 10 years and longer term over 10 years
What can happen due to lack of management control and ineffective administration
This can bankrupt large companies if policies and procedures designed in head office are not implemented abroad
What are global risks
These are events and trends that have potential global impact
What do global risks affect
They affect organizations with international operations and home organizations with international suppliers or market
Global risks are divided into 6 general categories, which are
-Global economic risks
-Global environmental risks
-Global social risks
-Global technology risk
-Geopolitical Risks
-Political Risks
What are global economic risks
These are financial issues that affect a particular market sector or global trading environments
What are some examples of global economic risks
- Oil price fluctuations
-reduction in Chinese economic growth
-the world banking crisis
What does an attempt to manage global economic risk lead to
This causes government to alter their fiscal policies, organizations to reassess markets and price structures and consumers to alter their spending pattern
What are global environmental risks
These can be natural phenomena, weather related or consequences of man made activity
What are some examples of global environmental risks
Earthquakes,
Air pollution
Biodiversity loss
Hurricanes,
Tsunamis
Floods d
Draught
They have the impact of destroying assets and economic implications that can last for years
What are global social risks
They arise from the ease with which people and ideas move around the world
How are organizations affected by the global social risks
They may be affected by local government regulations attempting to mitigate various social risks by imposing penalties or censorships
What are global technology risks
This describes events like internet or satellite failure leading to the breakdown of commercial distribution and customer service facilities
What are examples of global technology risks
-Data fraud on a global scale
-Data loss on a global scale
-technological risks from new developments or
-technological risks from better understanding of current developments
Geopolitical Risks
This arises when several nations disagree and in return causes tension and the risk of armed conflict, where a particular nation’s philosophy and behavior is seen as a general threat to others
How are geopolitical risks managed
They are are usually addressed by diplomacy, reinforced by threats of economic or physical intervention, using either sanctions will affect any organisation with operations in the concerned area
What are political risks
These are risks that stem from political activity by governments, but are not likely to provoke widespread immediate and united opposition
Political issues mainly arise from
They arise from economic or social decisions, at times the effect are local and at times repercussions are felt in particular activities/b’ness sectors around the world
How is a single point of failure created
Its created by concentrating information in a central computer system with a common communication system servicing both internal and customer -facing staff
What does concentration of data also cause
This causes communication problems e.g loss of communication with call center could deprive an organisation of its customer information
What are first line defense for cyber crime
Using the latest operating system, installing security software from a reputable source, making sure available security related software updates are installed, and encrypting data streams
Why is staff training essential in cyber crime
This is essential as malicious software is often sent as attachments to seemingly harmless messages or emails
New technology offers unlimited opportunities like
-flexible operation and application
-speed of data sorting and distribution
-worldwide connectivity through internet and mobile phone networks
What is the downside of new technology
- the need for increased physical security
-Protection from human interference
Terrorrst risk identification, assessment and prevention is the responsibility of
This is the responsibility of the police and intelligence services, sifting information from a variety of UK and overseas sources
What do risk professionals need to identify emerging risks
-Knowledge
-Imagination
Risks professional need to keep up to date with
-current development
-proposals for change in their local environment
-information about their stakeholders
-their expectation
-new legislation and regulations
-current affairs
-professional best practice guidelines
The risk management process involves
-Establish the context
-Identify risks
-Analyze Risks
-Evaluate Risks
-Treat Risks
Good Risk Management will avoid
It will avoid unpleasant surprises by recognizing and managing risks before unexpected damage occurs. And also examine business opportunities that lie in careful understood risk taking
In the risk management process, what does the “establish the context entail”
This will assist with a creating a clear understanding of the objective, structure and culture of an organisation before identifying risks
The process of establishing the context results in
The development of a risk management philosophy on which all future risk management decisions will depend
In the risk management process, what does the “Identify Risks “entail
Here the organisation understands what threats there are, what might make it more difficult to achieve stated objectives or prevent achieving them altogether
In the risk management process, what does the “Analyze Risks “entail
This entails understanding the potential within those threats for damage to the organisation and its stakeholders
What are the three questions asked during analyze risks in the risk management process
-Could it happen?
-How bad would the loss/damage be?
-How often could it happen?
In the risk management process, what does the “Evaluate Risks “entail
This decides what risk levels (single and cumulative) are acceptable and thus identify those risks that are at a level or frequency that are unacceptable to the organisation
In the risk management process, what does the “Treat Risks “entail
This entails steps that must be taken to control or limit the impact of those risks deemed unacceptable
Under Treat risks in the risk management process what are some appropriate actions that may be appropriate
-reduce likelihood/frequency
-reduce impact ,whether it’s human/operational/financial
-transfer the risks to another organisation
-prepare for the incident by continuity planning
What are some of the on going activities at all stages of risk management process
-Monitor and Review
-Communicate
What does monitoring and reviewing entail in the risk management process
This involves updating and maintaining the agreed risks levels, risk analysis and evaluation a the organisation changes and evolves
Risk management procedures are essential ingredient of
Essential ingredient of effective quality control
Risk management procedures are assessed for
They are assessed for quality and quality control procedures assessed for risk
Information on risk and risk changes is essential for
It’s essential for a wide range of planning, investment and management activities
Communication of risk must be
-properly organized
-effectively controlled
What is the highest level of any organisation
The board of directors, who has legal responsibilities for the welfare of their organisation and its stakeholders
What does the directors’ statement of risk philosophy define
IT defines the different levels of perceived threat, likelihood and impact of each requiring different responses, this statement can embrace how risk is monitored and reported
The directors’ statement of risk needs to be communicated through
It needs to be issued formally and communicated across the organisation as a base point for individual risk work
The organisation structure is also described as
The risk architecture of an organisation
The risk architecture of an organisation defines
This specifies the roles and responsibilities of key people involved together with communication and risk reporting structure
Why are anecdotes in informal discussions dangerous
They are dangerous as they can miss key exposures
Who are best able to understand the threats anecdotes carry
Individual function Managers
How does process of identifying risks starts
The debate starts with clear objectives, with a definition of the tasks and contributions from all those that can add to the debate
When do we decide on risk levels
Once risks are thoroughly understood then we decide on which risk levels whether single or cumulative are acceptable
Decision on acceptability must be in line with
The must be in line with risk appetite and risk tolerance levels set by senor management of the organisation
