Chapter 1: Risk Identification Tools

Question 1

How should risk identification be done?

Answer 1

Top down - Senior management
Bottom up - Business process level

Question 2

How often should top-down risk analysis be performed?

Answer 2

Between 1-4 times a year

Question 3

What is the aim of top-down risk analysis?

Answer 3

Identify key organizational risks

Question 4

What are some examples of top down and bottom up risk?

Answer 4

Top-down: the crow’s nest:
- Risks to strategy
- Emerging risks
- Global trends
- Major threats

Bottom-up: the engine’s room
- Operational efficiency:
- Organized processes
- Efficient systems
- Competent staff

Question 5

What is the most common form of risk analysis?

Answer 5

Bottom up

Question 6

What are exposures and vulnerabilities?

Answer 6

Exposures are the risks you a exposed to, e.g. big clients, systems, regulations
Vulnerabilities are the weak links in the company, old process, businesses unmonitored

Question 7

What can be used to check against risks reported?

Answer 7

Ready made lists from industry bodies or Basel

Question 8

What is process mapping?

Answer 8

Most common risk and control identification tool
IT/PM
Can be too granular or too detailed

Question 9

What is the risk wheel?

Answer 9

Presents risks in a circular way, helping managers make connections between risk types

Question 10

What is an amazement report?

Answer 10

Report from interviews with staff on differences in job from new hires, things that surprise them

Question 11

What is important to have in a culture for near misses to be reported?

Answer 11

No-blame culture

Question 12

What is good practice to do after a peer has a incident?

Answer 12

Ask - “could this happen to us”