Ch. 5: RM Framework & Processes

Question 1

The principle underlying a risk management framework

Answer 1

Risk management should add value to the organization; it should not only reduce negative risk but also contribute to profit, reputation, and health and safety

Question 2

The four components of the framework model

Answer 2

Lead and establish accountability
Align and integrate
Allocate resources
Communicate and report

Question 3

The five steps of the process model

Answer 3

Scan environment
Identify risks
Analyze risks
Treat risks
Monitor and assure

Question 4

Risk owner (definition)

Answer 4

An individual accountable for the identification, assessment, treatment, and monitoring of risks in a specific environment

Question 5

Key performance indicator (KPI) (definition)

Answer 5

Financial or nonfinancial measurement that defines how successfully an organization is progressing towards its long-term goals

Question 6

Four techniques that can be used to establish accountability for risk management

Answer 6

Identify risk owners and their roles in the organization
Establish key performance indicators (KPI)
Establish key risk indicators (KRI) and use them to evaluate performance
Develop risk criteria to evaluate the significance of risks

Question 7

The risk management process must be integrated with organizational processes, including these six

Answer 7

Strategic planning
Performance management
Process management
Internal control
Compliance
Governance

Question 8

The six stages in designing and implementing a risk management framework and process

Answer 8

Gap analysis
Evaluation of internal and external environments
Integration into existing processes
Commitment of resources
Communication and reporting
Monitoring and improvement

Question 9

The external environment of an organization includes these six factors

Answer 9

Economic
Political
Legal and regulatory
Technology
Natural
Competitive landscape

Question 10

Two major keys to successful integration of the risk management framework and process

Answer 10

Align risk management objectives and policy with the organization’s overall objectives and risk appetite
Use existing processes

Question 11

Five categories of resources necessary for implementing a risk management framework and process

Answer 11

Technology, including equipment and systems
Administrative persons
Specialists, either internal or external
Analysts
Training

Question 12

P-D-C-A Cycle (definition)

Answer 12

The P-D-C-A Cycle, also known as the Shewhart cycle and the Deming cycle, is an expansion of an approach to process improvement. The steps include Plan, Do, Check, and Act.

Question 13

Five major steps included in the enterprise-wide risk management process

Answer 13

Scan environment
Identify risks
Analyze risks
Treat risks
Monitor and assure

Question 14

These six factors should be considered in defining risk criteria

Answer 14

Causes of risk
Effects of risk
Metrics used to measure effects of risk
Timeframe of potential effects
Methods to determine level of risk
Approach to combinations of risk

Question 15

These are the five major options available for risk treatment

Answer 15

Avoid the risk
Modify the likelihood and/or impact of the risk
Transfer the risk
Retain the risk
Explained the risk

Question 16

These are the five key purposes of monitoring

Answer 16

Determine the effectiveness of controls
Obtain information to improve risk assessment
Analyze events and their consequences to understand trends, successes, and failures
Observe changes in internal and external environments
Identify emerging risks

Question 17

Three techniques to identify hazard risk before a loss occurs

Answer 17

Inspections
Compliance reviews
Risk assessment checklists

Question 18

Two techniques to identify operational risks before a loss occurs

Answer 18

Internal control audits

Review of organizational policies and procedures

Question 19

The six steps of the risk management process

Answer 19

Step 1: identify loss exposures
Step 2: analyze loss exposures
Step 3: examine feasibility of risk management techniques
Step 4: select appropriate risk management techniques
Step 5: implement selected risk management techniques
Step 6: monitor results and revise the risk management program

Question 20

The four dimensions along which loss exposures are analyzed

Answer 20

Loss frequency
Loss severity
Total dollar losses
Timing

Question 21

Risk control (definition)

Answer 21

A conscious act or decision not to act that reduces the frequency and/or severity of losses or makes losses more predictable

Question 22

Risk financing techniques (definition)

Answer 22

Risk management techniques, such as retention or transfer, that generate funds to finance losses that risk control techniques cannot entirely prevent or reduce

Question 23

The fundamental purpose of a risk management framework

Answer 23

To integrate risk management throughout the organization and support a risk management process