CH5 QB Introduction to risk management

Question 1

In terms of financial risk, credit risk is: A economic loss due to the default of a customer B risk of choosing the wrong strategy C risk that customers do not buy the company’s products in the expected quantities D exposure to economic loss due to changes in market prices or rates

Answer 1

A Option B Is strategy risk, C Is product risk and D is market risk.

Question 2

A highly-geared company’s financial risk is most likely to increase when it increases its: A operations B geographical reach C borrowings D share capital

Answer 2

C In a highly-geared company, the higher the proportion of borrowings the greater the financial risk. If business activity falls, the company may not be able to meet its interest payments.

Question 3

The strategy director of Milton plc is assessing a project that he may recommend to the
board of directors. He is concerned about the risk-averse attitude of the board to similar
projects in the past. In terms of risk, risk aversion is a measurement of:
A the probability of risk arising
B project uncertainty
C the impact of risk
D appetite for risk

Answer 3

D Appetite for risk (D) is the extent to which you are willing to take on risk. Being risk averse means that you prefer to take the investment with the lowest risk. SAMPLE PAPER

Question 4

The following statements have been made in relation to risk and uncertainty. Statement (1) Risk is the variation in an outcome. Statement (2) Uncertainty denotes the inability to predict an outcome. Identify whether each statement is true or false. A Statement (1) true; Statement (2) false B Statement (1) false; Statement (2) false C Statement (1) true; Statement (2) true D Statement (1) false; Statement (2) true

Answer 4

C Risk is the variation in an outcome while uncertainty denotes the inability to predict an outcome (due to a lack of information).

Question 5

Norman Ltd developed a new product for use in the home improvement market. Tests on the product proved successful although in extreme conditions the product was very flammable. The company decided not to launch the product. In response to the risks highlighted in the product tests, this decision is an example of managing risk through: A risk avoidance B risk reduction C risk transfer D risk acceptance

Answer 5

A By not going ahead the company is simply avoiding the risk (A). Risk reduction (B) would imply taking action to prevent any chance of the product catching fire; risk acceptance (D) would imply doing nothing and proceeding to launch the product; risk transfer (C) might imply taking out liability insurance or selling the product on the basis of no liability in the event of fire.

Question 6

The following statements have been made about risk attitudes. Statement (1) A risk-seeking attitude means that an investment should not be undertaken if there is an alternative investment offering a higher risk. Statement (2) A risk neutral attitude means an investment should not be undertaken if there is an alternative investment offering a lower return. Identify whether each statement is true or false. A Statement (1) true; Statement (2) false B Statement (1) false; Statement (2) false C Statement (1) true; Statement (2) true D Statement (1) false; Statement (2) true

Answer 6

A If there are two investments offering different risks, a risk-seeking investor will always prefer the one with the higher risk. If there are two investments offering different returns, a risk neutral investor will always prefer the one with the higher return, not a lower return, regardless of the risk.

Question 7

Jenny is a Risk Manager at Fortune Ltd. She is investigating the potential gross risk arising from a decision to incorporate lower quality materials into the production process for one of the company’s key products. In assessing potential gross risk Jenny needs to take account of the: A level of exposure and probability of occurrence B potential loss and probability of occurrence C potential loss and level of volatility D level of exposure and level of volatility

Answer 7

B Gross risk is a function of the loss or impact and its probability, before any control measures are implemented.

Question 8

Smertin and Jones is a firm providing advice on all aspects of personal finance. Their
industry is heavily regulated. A newspaper article predicts that private medical insurance, a
further area of the firm’s business, may become subject to new regulatory requirements
from next year. This possibility is an example of:
A business risk
B financial risk
C event risk
D market risk

Answer 8

C This is a regulatory (or legal) risk, which is a form of event risk.

Question 9

A project will yield either a profit of £100,000 or a loss of £50,000. The profit will arise with a probability of 0.8 and the loss will arise with a probability of 0.2. The project contains: A uncertainty only B risk only C both uncertainty and risk D neither risk nor uncertainty

Answer 9

B All the outcomes and the probability of them occurring are known. As a result, there is no uncertainty, only risk.

Question 10

Answer 10

D A risk averse investor will always choose the lowest risk investments, whatever their
potential return.

Question 11

Which of the following is the best definition of the risk concept of ‘exposure’?

A
B
C
D How the factor to which a company is exposed is likely to alter
The amount of the loss if the undesired outcome occurs
The measure of the way in which a business is faced by risks
The likelihood that the undesirable outcome occurs

Answer 11

C Risk exposure is simply the measure of the way a business is faced by risks, whether
financial, business, event etc.

Question 12

Which of the following sequences represents the order in which an organisation should
respond to risk?

A
B
C
D Reduction, avoidance, sharing (or transfer), acceptance (or retention)
Avoidance, reduction, sharing (or transfer), acceptance (or retention)
Reduction, sharing (or transfer), avoidance, acceptance (or retention)
Avoidance, sharing (or transfer), reduction, acceptance (or retention)

Answer 12

B First the company should see if the risk can be avoided; if not, it should try to reduce it;
having reduced it as far as is feasible, it should explore the possibilities for sharing the
risk (eg, using insurance). Finally it must accept the remaining risk.

Question 13

Briggs plc analysed a risk faced by its Scarborough division on a risk map. It concluded that
the matter has a low impact but there is a high probability of its occurrence. Which of the
following risk responses is most appropriate?

A Risk avoidance
B Risk reduction
C Risk transfer
D Risk acceptance

Answer 13

B Where a risk falls into the low impact, high probability quadrant of the risk map the
most appropriate response is risk reduction, focusing on reducing the likelihood of the
adverse event occurring.

Question 14

An organisation responds to an identified risk by restructuring. Which category of control
has it used?

A Physical controls
B System controls
C Management controls
D Financial controls

Answer 14

C Management controls include all aspects of management that ensure the business is
properly planned, controlled and led, including the organisation’s structure.

Question 15

Grenville Ltd is renewing its buildings and contents insurance policy for its factories. In
terms of risk management, this is an example of:

A risk avoidance
B risk reduction
C risk transfer
D risk retention

Answer 15

C Insurance transfers risk (C). In return for an insurance premium, the insurance company
agrees to take on an agreed proportion of the financial burden of a risk.

Question 16

What type of risk includes process risk, people risk and event risk?

a Operational risk
b Financial risk
b Business risk
dStrategy risk

Answer 16

A These risks are to do with the operations of the business – a process going wrong, a
valued employee leaving, a regulation being broken.

Question 17

For many years, Manley plc’s main source of revenue was the sale of 8mm colour films for
cameras. This source of revenue fell sharply after the introduction of digital cameras. In
relation to the success of digital cameras, Manley plc was the victim of:

a operational risk
b financial risk
c business risk
d market risk

Answer 17

C The nature of the imaging business changed through new technology bringing
innovations. The company’s main business radically fell because of this: it suffered
product risk, a form of business risk.

Question 18

A company has automated production and this resulted in redundancies of some
employees paid on an hourly basis (ie, variable labour). The company borrowed heavily to
finance the purchase of the machinery needed. The effects of these changes on the
company’s financial risk are that:

a both changes (machinery and borrowing) increase the company’s financial risk
b automation increases financial risk, borrowing decreases it
c automation decreases financial risk, borrowing increases it
d both changes (machinery and borrowing) decrease the company’s financial risk

Answer 18

A Both changes (machinery and borrowing) increase the company’s liquidity risk, a type
of financial risk, as they increase the amounts (fixed overheads and interest) that have
to be paid however much revenue is achieved. They both mean that the company is
more exposed if there is a downturn in demand for its products.

Question 19

Matrix Ltd has recently failed to supply raw materials in line with the terms of its contract
with Banfield plc. As a result, Banfield plc has had to delay the delivery of products to a
major customer. For Banfield plc, the failure of Matrix Ltd to meet its contractual obligations
is an example of:

a financial risk
b product risk
c business risk
d event risk

Answer 19

D The failure of a participant in the business’s supply chain to honour their contractual
obligations is classified as systemic risk which is a specific type of event risk.

Question 20

In which order should the following aspects of the risk management process take place?
1 Risk response and control
2 Risk analysis and measurement
3 Risk awareness and identification
4 Risk monitoring and reporting

A 1, 2, 4, 3

B 3, 2, 1, 4

C 2, 3, 1, 4

D 4, 2, 1, 3

Answer 20

B Following risk awareness and identification (3), the risk manager analyses and
measures the risk (2) and assesses how it can be responded to and controlled (1). The
risk is then monitored and reported (4).

Question 21

Candle plc is concerned about the risk management of its information systems function. Its
systems director has suggested wholly outsourcing information systems management to a
third party provider. This action would be a form of:

a risk reduction
b risk transfer
c risk avoidance
d risk retention

Answer 21

B The risk is transferred to the outsource provider (B). Outsourcing does not necessarily
reduce the probability or impact (A), and the risk still exists, so it is not avoided (C).
Clearly the company is not retaining the risk by outsourcing (D).

Question 22

Which of the following risks faced by Lump plc should be classified as business risk?

a Product risk
b Event risk
c Process risk
d Financial risk

Answer 22

A Business risk arises from the nature of the business, its operations and the conditions it
operates in; this includes strategy, enterprise and product risks. Financial risk and
operational risk, which includes event and process risks, are separate types of risk.

Question 23

Which type of cyber attack involves criminals recording what a user types onto their
keyboard?

A Phishing

b Keylogging
c Ad clicker
d Screenshot manager

Answer 23

23 B Keylogging is where criminals record what the user types onto their keyboard.

Question 24

Amos Green, the financial controller of Little Ltd, recently received an email that appeared
to be from the company’s bank. It instructed Amos to click on a link and confirm some of
the company’s security information. Just days later, Amos noticed that money had been
transferred unexpectedly out of Little Ltd’s bank account.
Of which of the following cyber attacks is Little Ltd a victim?

a File hijacking
b Webcam manager
c Phishing

D Keylogging

Answer 24

C The use of emails to obtain bank information such as this is known as phishing.
SAMPLE PAPER

Question 25

Distributed denial of service (DDoS) attacks are used to bring down a business’ website by
overwhelming it with a wave of internet traffic.
Which of the following are used to create the wave of internet traffic in such an attack?

A Netbots

B Netdrops

C Botdrops

D Botnets

Answer 25

D Botnets are used to create the wave of internet traffic in DDoS attacks.

Question 26

FromUsToYou plc is a courier company that promises to deliver parcels to consumers only
when the consumer is home. A consultant has made the following statements about the
types of risk which face FromUsToYou plc.
Statement (1) A competitor could deliberately breach our methods of communicating with
both consumers and courier drivers online, in order to disrupt our services
and cause us embarrassment
Statement (2) A courier driver could mislay her tablet computer, which contains sensitive
data about our customers
Identify whether each statement is an accurate description of cyber risk.

AStatement (1) accurate; Statement (2) inaccurate
B Statement (1) inaccurate; Statement (2) inaccurate
C Statement (1) accurate; Statement (2) accurate
D Statement (1) inaccurate; Statement (2) accurate

Answer 26

C Cyber risks encompass: deliberate and unauthorised breaches of security to gain access
to information systems for the purposes of espionage, extortion or embarrassment
(Statement (1)); unintentional or accidental breaches of security, which nevertheless may
still constitute an exposure that needs to be addressed (Statement (2)). Cyber risk also
encompasses operational IT risks due to poor systems integrity or other factors.

Question 27

How is cyber risk classified?
A As a strategy risk
B As an operational risk
C As a financial risk
D As an enterprise risk

Answer 27

B Cyber risk is a type of operational risk: the risk that something will just go wrong.
Strategy risk (A) is the risk that the business's objectives will not be achieved because it
chooses the wrong corporate, business, functional or IT strategy or fails to keep up
with technological developments. Financial risk (C) arises in part from how the
business is financed and in part from changes in the financial markets such as to
interest rates and exchange rates. Enterprise risk (D) is the chance that a strategy will
succeed or fail, and therefore the chance that the business should not have undertaken
it in the first place.

Question 28

A cyber security consultant has listed the following actions that a small to medium-sized
business can take to reduce the risk of cyber attack:

Action 1
Action 2
Action 3 Implement access controls
Install internet gateways
Use patch management software

Which of these actions are included in the UK government’s Cyber Essentials scheme?

AActions 1 and 2 only
BActions 2 and 3 only

C Actions 1 and 3 only
D Actions 1, 2 and 3

Answer 28

D Along with malware protection and secure configuration, all three actions are included
in the Cyber Essentials list of actions developed by the UK government and others.

Question 29

Hammer plc makes a range of agricultural machines and other agricultural equipment for
sale in its home market. Hammer plc has a large share of this market, but it has several
competitors who sell similar machinery.
Which of the following would normally be classified as an operational risk for Hammer plc?

A The risk that the Production Director will be recruited by Tiller plc, a key competitor
B The risk that a new type of irrigation system will fail to find a large enough market
C The risk of competitors moving their production overseas and being able to cut costs
D The risk of resource depletion, meaning that new sources of metal will have to be found

Answer 29

A The risk of the Production Director moving to a competitor is the only example here of
operational risk. The other options relate to strategic risk.

Question 30

St Stephen’s Hospital has an electricity generator on standby at all times. The purpose of
the generator is to provide an electricity supply to the hospital’s operating theatres and life
support machines in the event of a power cut.
The electricity generator forms part of St Stephen’s Hospital’s:

Acrisis management
B disaster prevention
C operational planning
D strategic planning

Answer 30

A A power cut would cause a major breakdown in the running of the hospital and could
cause loss of life if life support machines or operating theatres lose power. Therefore it
is a crisis. Crisis management concerns identifying a crisis, planning a response to the
crisis and confronting and resolving the crisis. The generator shows that the hospital
has identified a crisis (lack of electricity) and has planned, confronted and provided a
resolution to the crisis (the generator). This means that the generator is part of the
hospital’s crisis management.
A disaster (such as a power cut) is a major crisis or event which causes a breakdown in
the organisation’s operations. The generator cannot prevent the power cut, but helps
the hospital deal with and manage the impact of it.

Question 31

Greenwood Ltd is a wholesaler of coffee. The business has contracts with all the major
coffee chains to supply coffee beans and fixes the price it charges them every month.
Greenwood Ltd buys the coffee beans on the international coffee market for which it pays
the market price on the day of purchase.
The process of buying and selling coffee beans presents which of the following risks to
Greenwood Ltd?

A Credit risk
B Strategy risk
CProduct risk
D Market risk

Answer 31

D Market risk the exposure to potential loss that results from changes in market prices or
rates. Greenwood Ltd faces market risk because it fixes the price it sells the coffee
beans for but buys the coffee beans at whatever the market price is on the day of
purchase. The company will face a loss if the price it pays for the coffee beans is
greater than the price it has agreed to sell them on for.