Chapter 13 Flashcards
13.1: Define operational risk management and explain its benefits for an organisation.
Operational risk management exists to control the risks which may have an adverse effect on the operations of an
organisation. Risks such as fires, process breakdowns or employee misconduct may all affect the efficiency, continuity
and cost effectiveness of an organisation’s operations.
Operational risk management can help to prevent such risks and reduce the impact of any loss events that occur. In turn,
this should help to improve operational efficiency, prevent any long-term disruption and reduce costs; all of which adds
value to the organisation and its stakeholders
13.2: How do people-related controls help to prevent cyber risk events?
People-related controls, such as recruitment controls, HR policies and procedures and training help to prevent a range of cyber risk events. This may include:
* succumbing to a ‘phishing attack’ by inadvertently clicking on spam emails;
* sharing passwords;
* losing confidential information;
* criminal activities, such as data theft;
* unauthorised use of IT equipment and networks; and
* cyberbullying or harassment.
In the twenty-first century, cyber risk events are not always technical in nature (such as hacking, systems failures and so
on. With the growth of the internet, cloud computing and social media, new types of cyber risks are emerging. Many of
these risks have a human element that requires the use of people-related controls.
13.3: What are the key risks associated with projects?
Projects are always concerned with making change to an organisation and its strategy or operations. With any change
comes risk. From a project management perspective, there are three key risks:
- the project’s goals are not met (the desired changes are not implemented in full);
- the project’s goals are not met within the required time scale (the risk of a project over-run); and
- the costs associated with the project are higher than budgeted (the risk of over-spend).
13.4: How can risk management support an organisation’s CSR and sustainability objectives?
The management of CSR and sustainability is about:
- sharing the economic value created by organisations in a fair way across all relevant stakeholders; and
- minimising the adverse consequences of an organisation’s economic activities (such as pollution or health and safety events).
Risk management can help to:
- protect the economic value that can be shared to all stakeholders though the prevention and mitigation of loss events, many of which can destroy economic value (fires, fraud and so on);
- identify, assess, monitor and control the risks arising from its economic activities, including pollution and health and
safety events; and - protect the reputation of the organisation, which might be damaged if the occurrences of loss events are linked to
weaknesses in its CSR or sustainability management activities.
13.5: Explain the five activities that make up an effective regulatory reporting process.
The five activities are:
- understanding and implementing the regulatory reporting requirements (ensure the organisation knows what needs to be reported and is capable of producing the necessary reports);
- fulfilling the specific regulatory reporting requirements (collecting the required information for the reports);
- managing the risk of process failure (ensuring that reports are submitted on time and are complete and accurate);
- managing the reputation and financial impacts of reporting risk events (escalation procedures to ensure that any
incidents of late, inaccurate or incomplete reporting are identified and mitigated); and - managing legal and resource requirements (ensuring that the necessary legal and compliance expertise is in place
to support reporting and that people, systems and processes exist to complete the required reports).
