Chapter 13: Business analysis, risk ID and initial assessment Flashcards
Components of initial risk assessment and ID process BES PAIR REAR:
• Business analysis
• Environment and operations of the business understood
• Structured approach to risk identification
• Prioritise risks
• Agreement on risks faced
• Integrating ERM into business BBRRP
• Risk ID – DRAGS
• Risk register
• Evaluate risks – likelihood + impact
• Accountability and action plans on risks
• Review, monitor and report
Benefits of risk ID and assessment FART B VICS
• Future risk management improved
• Reporting improved
• Awareness and transparency increased of risk in the organisation
• Transfer knowledge across organisation
• Business decisioning improved
• Value added by risk ID shown
• Integration of risk ID into whole risk management process
• Comprehensive risk profile of the business created
• Standards used should be consistent
Potential pitfalls in risk assessment process O BOLLA
• Objectives and appetite not clearly defined
• Buy-in from senior management may lack
• Operational execution is ineffective across whole process
• Likelihood and severity of risk defined inconsistently
• Link between risk assessment and business decision not made
• Allocation of resources incorrect
Business analysis BALSM ORE:
• Business plan/model
• Accounts and accounting ratios
• Legislation and regulation
• Structures and systems of the business
• Market information
• Objectives of the business
• Resources available to the company
• Economic environment
Risk identification tools SCP TCP
• SWOT analysis
• Checklist – list of risk from past activities and external sources
• Prompt list – list of risk categories of risk to consider
• Taxonomy – all risks with clear descriptions and groupings done
• Case studies – risk ID in a specific context
• Process analysis – ID risk from a detailed process map
Risk identification techniques BIG WIDS
• Brainstorming – collective generation of ideas
• Independent group analysis – each member presents a risk then prioritised by the group
• Gap analysis – ID current and desired risk exposures of a business
• Working groups – specific risks are assigned to a small group of SMEs
• Interviews – interviews with team members
• Delphi technique – survey and discussion approach to converge group thinking
• Surveys – wide gathering of information
Contents of a risk register DICED OR
• Description of risks
• Indexing of risks
• Categorization
• Evaluation – likelihood and impact timeframe and relationship
• Document control information
• Owner of risk
• Response action
Benefits of using risk mapping OVUM F
• Organisation brought together to assess risk
• Visual reporting of risk exposure
• Understanding of risk on enterprise level improved
• Management activities can be assessed
• Further attention to risks can be assessed
How bias might be introduced into project appraisal MICK COMITE
• Major loss events underestimated
• Identification and analysis of risk not properly done
• Cashflows guessed
• Key risks may be omitted
• Calculation errors
• Other business ventures’ effect considered on this project
• Misalignment with senior management’s view of risk
• Interdependency of risks not considered
• Technology changes not considered
• Economic cycles not considered
How bias may be avoided CIROC
• Checks and balances put in place
• Independent validation
• Reference similar projects
• Optimism bias test
• Culture establishment
Ensuring risk assessment adds value to the business PELLE DARK TORRE
• Prioritising risks
• Executive sponsorship
• Loss events recorded
• Link risk management with strategy and business planning
• Education of teams are properly done
• Deep dive into important risks
• Appetite understood
• Resources allocation properly done
• KRI’s created
• Taxonomy in place
• Objects understood
• Regulatory requirements understood
• Reporting and mapping frequently done
• Escalation policies created
Cyber risks to take note of DRIL T
• Damage to digital assets – data, models, sensitive information
• Reputational damage
• Interruption of business
• Legal costs
• Third party losses
Climate change losses PANT PET DC
• Physical losses – physical losses incurred as a result of changes in climate
• Agricultural potential of land decreases
• Natural disasters
• Transition changes
• Policy changes
• Emigrations
• Tech changes
• Disease
• Consumer preferences
How to measure risk exposure to climate change MOMI IS SICK
• Migration costs – moving to a more climate friendly business approach
• Organisational structure and strategy changes to align with climate change goals – (chief climate officer, remuneration packages, Key performance indicators)
• Metrics of climate change
• Investment strategy assessment
• Integrate climate change into greater risk management
• Scenario testing – effect of climate change impacts on business
• Supplier assessment
• Insurance taken out and written that cover climate risks
• Contribution to climate change
• Knowledge and understanding of climate risk increased
Potential emerging risks DIC PICS C
• Dominance in the market by large companies
• Increased inequality
• Cyber risk significance increasing
• Power shifts in global economies cv
• Infrastructure dependency
• Contagion in asset markets
• Social media a source of data and influence
• Climate change