Chapter 13: Business analysis, risk ID and initial assessment Flashcards

1
Q

Components of initial risk assessment and ID process BES PAIR REAR:

A

• Business analysis
• Environment and operations of the business understood
• Structured approach to risk identification
• Prioritise risks
• Agreement on risks faced
• Integrating ERM into business BBRRP
• Risk ID – DRAGS
• Risk register
• Evaluate risks – likelihood + impact
• Accountability and action plans on risks
• Review, monitor and report

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Benefits of risk ID and assessment FART B VICS

A

• Future risk management improved
• Reporting improved
• Awareness and transparency increased of risk in the organisation
• Transfer knowledge across organisation
• Business decisioning improved
• Value added by risk ID shown
• Integration of risk ID into whole risk management process
• Comprehensive risk profile of the business created
• Standards used should be consistent

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Potential pitfalls in risk assessment process O BOLLA

A

• Objectives and appetite not clearly defined
• Buy-in from senior management may lack
• Operational execution is ineffective across whole process
• Likelihood and severity of risk defined inconsistently
• Link between risk assessment and business decision not made
• Allocation of resources incorrect

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Business analysis BALSM ORE:

A

• Business plan/model
• Accounts and accounting ratios
• Legislation and regulation
• Structures and systems of the business
• Market information
• Objectives of the business
• Resources available to the company
• Economic environment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Risk identification tools SCP TCP

A

• SWOT analysis
• Checklist – list of risk from past activities and external sources
• Prompt list – list of risk categories of risk to consider
• Taxonomy – all risks with clear descriptions and groupings done
• Case studies – risk ID in a specific context
• Process analysis – ID risk from a detailed process map

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Risk identification techniques BIG WIDS

A

• Brainstorming – collective generation of ideas
• Independent group analysis – each member presents a risk then prioritised by the group
• Gap analysis – ID current and desired risk exposures of a business
• Working groups – specific risks are assigned to a small group of SMEs
• Interviews – interviews with team members
• Delphi technique – survey and discussion approach to converge group thinking
• Surveys – wide gathering of information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Contents of a risk register DICED OR

A

• Description of risks
• Indexing of risks
• Categorization
• Evaluation – likelihood and impact timeframe and relationship
• Document control information
• Owner of risk
• Response action

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Benefits of using risk mapping OVUM F

A

• Organisation brought together to assess risk
• Visual reporting of risk exposure
• Understanding of risk on enterprise level improved
• Management activities can be assessed
• Further attention to risks can be assessed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

How bias might be introduced into project appraisal MICK COMITE

A

• Major loss events underestimated
• Identification and analysis of risk not properly done
• Cashflows guessed
• Key risks may be omitted
• Calculation errors
• Other business ventures’ effect considered on this project
• Misalignment with senior management’s view of risk
• Interdependency of risks not considered
• Technology changes not considered
• Economic cycles not considered

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

How bias may be avoided CIROC

A

• Checks and balances put in place
• Independent validation
• Reference similar projects
• Optimism bias test
• Culture establishment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Ensuring risk assessment adds value to the business PELLE DARK TORRE

A

• Prioritising risks
• Executive sponsorship
• Loss events recorded
• Link risk management with strategy and business planning
• Education of teams are properly done
• Deep dive into important risks
• Appetite understood
• Resources allocation properly done
• KRI’s created
• Taxonomy in place
• Objects understood
• Regulatory requirements understood
• Reporting and mapping frequently done
• Escalation policies created

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Cyber risks to take note of DRIL T

A

• Damage to digital assets – data, models, sensitive information
• Reputational damage
• Interruption of business
• Legal costs
• Third party losses

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Climate change losses PANT PET DC

A

• Physical losses – physical losses incurred as a result of changes in climate
• Agricultural potential of land decreases
• Natural disasters
• Transition changes
• Policy changes
• Emigrations
• Tech changes
• Disease
• Consumer preferences

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

How to measure risk exposure to climate change MOMI IS SICK

A

• Migration costs – moving to a more climate friendly business approach
• Organisational structure and strategy changes to align with climate change goals – (chief climate officer, remuneration packages, Key performance indicators)
• Metrics of climate change
• Investment strategy assessment
• Integrate climate change into greater risk management
• Scenario testing – effect of climate change impacts on business
• Supplier assessment
• Insurance taken out and written that cover climate risks
• Contribution to climate change
• Knowledge and understanding of climate risk increased

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Potential emerging risks DIC PICS C

A

• Dominance in the market by large companies
• Increased inequality
• Cyber risk significance increasing
• Power shifts in global economies cv
• Infrastructure dependency
• Contagion in asset markets
• Social media a source of data and influence
• Climate change

How well did you know this?
1
Not at all
2
3
4
5
Perfectly