Chapter 10: Monitoring and communication Flashcards

1
Q

Requirements of good data and its communication TRAFVICS GRC

A

• Timeliness of data
• Reliability
• Audience considered
• Format of the data
• Volume and Detail of data
• Internal or external sourcing
• Common classification of data into risk categories
• Suitable technology and systems to capture data
• Good quality of risk management is dependent on quality of data gathered
• Relevance and clarity
• Competency of data capturers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Information that should be documented SMARD

A

• Systems used for documenting
• Management failures
• Assumptions made, data used and methodology used for modelling
• Risk register – ID and assessment of risks
• Decisions made regarding risk management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

The attributes of a common risk management language TUMS:

A

• Thresholds for reporting
• Universally understood top-down rating system
• Management level responsible for mitigation linked to risk rating
• Standardised templates used

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

The elements of a good KRI CAD TOMBS CEYA

A

• Consistent methodologies and standards applied
• Accountable individual linked to it
• Drives decision making
• Trackable
• Objectives tied to it
• Measurable/Quantifiable
• Benchmark set against it
• Cost effective
• Simple
• Clarity on the metrics used
• Expected view created
• Year on year comparison
• Additional information provided

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Importance of risk reporting IBM MOCK

A

• Inform stakeholders
• Business decisions are improved
• Monitoring of risks are improved
• Management inefficiencies found
• Compliance must be ensured
• Objectives that are at risk should be assessed
• Key risk exposures assessed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

The contents of a risk report A TICKLED SARS

A

• Assist in decision-making
• Trend analysis
• Information – internal, external, formal, informal
• Clear and easy to understand
• Key business risk details
• Losses and incidents
• Events/Milestones
• Detail should be relevant to the parties involved
• Single point of access to critical information
• Analysis, commentary and explanations provided
• Real time data
• Summary of risks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

The structure of a risk report LEKTOR

A

• Likelihood and severity of the risk
• Easily understood
• Key risk summaries
o Likelihood and severity
• Traffic light
• Operating units
• Risk types

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Why a common risk language is important FAEBICS

A

Focus on substance, rather than structure of risk management ensured
• Audit is easier to conduct across the business
• External and internal risk measurement should be consistent
• Business buy-in to ERM ensured
• Inefficiencies and Duplication avoided
• Concentration of risk avoided
• Silo approach prevented

How well did you know this?
1
Not at all
2
3
4
5
Perfectly