Chapter 2: Domain Two: Business Operations

Question 1

Accounts Payable

Answer 1

Accounts on which an organizations owes money, including utilities or services acquired under informal agreements

Question 2

Accounts Receivable

Answer 2

Amount due by customers for goods and services already delivered.

Question 3

Activity

Answer 3

Process or set of processes undertaken by an organization (or on its behalf) that produces or supports products or services.

NOTE: Examples of such processes include accounting, call center, information services, manufacturing, distribution, an dother services.

Question 4

Analytical Ethics

Answer 4

Attemps to examine ehtical concepts to achieve a deeper understanding of thier meaning and justifcation.

Question 5

Applied Ethics

Answer 5

Active (not descriptive or prescriptive) type of ethics and appplying ethical concepts in specific business situations. This type of ethics invovles making specific judgements about right and wrong and prescribes types of behavior as ethical in the context of the activity.

Question 6

Asset

Answer 6

Anything that a company owns or has title to that may provide a future economic benefit.

Question 7

Auditor

Answer 7

A person with the competence to conduct an audit.

Question 8

Balance Sheet

Answer 8

Summarizes an organization’s investing and financing.

Question 9

Budget

Answer 9

Process/financial toll for planning where money is to be allocated for the year. It estimates costs and revenue.

Question 10

Cash

Answer 10

Amount of currency a company has in its accounts, including cash savings, cash checking, and other currency deposits.

Question 11

Cash Flow Statement

Answer 11

A statemnet that provides insight into how cash inflows and outflows affect an organization (Also called the statement of cash flows).

Question 12

Code of Ethics

Answer 12

Statement of organizations shared values - Accepted concepts and beliefts related to the organization’s responsibilities and ethical ambitions.

Question 13

Conformity

Answer 13

Fulfillment of a requirment.

Question 14

Continual Improvement

Answer 14

Recurring process of enhancing the security , preparedness, and continuity (SPC) management system to achieve improvements in overall SPC management performance consistent with the organization’s SPC management policy.

NOTE: The process need not take place in all areas of activity simultaneously.

Question 15

Cost Effectiveness

Answer 15

Producing good results for the money spent.

NOTE: To senior management, it is the primary factor in determining the size or existence of the asset protection program.

Question 16

Current Ratio

Answer 16

Examines the company’s ability to cover short-term obligations.

Question 17

Debt to Equity Ratio

Answer 17

Provides a long-term perspective in understanding a company’s financial health.

Question 18

Descriptive Ethics

Answer 18

Attempts to explain or describe ethical events.

Question 19

Disruption

Answer 19

An event that interrupts normal business functions, operations, or processes, whether anticipated (for example, a hurricane or political unrest) or unanticipated (for example, blackouts, terror attacks, technology failures, or earthquakes).

NOTE: A disruption can be caused by either positive or negative factors that disrupt normal functions, orerations, or processes.

Question 20

Emergency

Answer 20

Serious, unexpected, and precarious situation requiring immediate action.

Question 21

Ethics Program

Answer 21

Guides and supports employees in adhering to the code of ethics.

Question 22

Evacuation

Answer 22

Organized, phased, and supervised dispersal of people from dangerous or potentially dangerous areas. (ASIS International Business Continuity Guideline, 2004).

Question 23

Exercises

Answer 23

Evaluating management programs, rehearsing the roles of team members and staff, and testing the recovery or continuity of an organization’s system (such as technology, telephony, or administration) to demonstrate management competence and capability.

NOTE 1: Exercises include activities performed for the purpose of training and condition team members and personnel in appropriate responses with the goal of achieving maximum performance.

NOTE 2: An exercise can involve invoking response and operational continuity procedures, but it is more likely to invovlve the simulation of a response and/or operational continuity incident, announced or unannounced, in which participants role-play to assess what issues might arise, prior to a real incident.

Question 24

Expenses

Answer 24

Costs of creating and delivering products or services.

Question 25

Facility (Infrastructure)

Answer 25

Plant, machinery, equipment, property, buildings, vehicles, informatoin systems, transportation facilities, and other itmes of infrastructure or plant and related systems that have a distinct and quantifiable function or service.

Question 26

Financial Statement

Answer 26

Created in accordance with generally accepted accounting principles to establish and maintain a standard for financial reporting that can be used across all organizations.

Question 27

Financial Strategy

Answer 27

Management’s financial approach to determining the expected returns of its investments (including its departments and operations) and estimating and managing the relevant risks.

Question 28

Generally Accepted Accounting Principles

Answer 28

(GAAP) Standards that determine how financial statements are prepared.

Question 29

Gross Profit Margin

Answer 29

Provides insight into the efficiency of manufacturing a product by measuring profit based strictly on sales and costs of goods sold.

Question 30

Income Statment

Answer 30

Tells how much money an organization generates, how much it spends, and the difference between those figures.

Question 31

Interest Payable

Answer 31

Interest payments on loans extended to an organization.

Question 32

Internal Audit

Answer 32

Systematic, independent, and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to whic the managment system audit criteria set by the organization are fulfilled.

NOTE: In many cases, particularly in smaller organizations, independence can be demonstrated by the freedom from responsibility for the activity being audited.

Question 33

Job Analysis

Answer 33

The systematic collection and recording of information about the purpose of a job, its major duties, the conditions under which it is performed, required contacts with others, and the knowledge, skills and abilities needed to perform the job effectively.

Question 34

Key Performance Indicator

Answer 34

(KPI) Metric used to evaluate factors that are crucial to the success of an organization or of a particular activity.

NOTE: The KPI indicates how an organization is performing against its objectives.

Question 35

Liability

Answer 35

An Organizatins’s financial commitments.

Question 36

Line Item

Answer 36

Specific entry that appears on a separate line in fiscal budgets.

Question 37

Loss

Answer 37

Being deprived of someone or something of value.

Question 38

Management Plan

Answer 38

Clearly defined and documented plan of action, typically covering the key personnel, resouces, services, and actions needed to implement the incident management process.

Question 39

Management System

Answer 39

Examines the linkages and interactions newtween the elements that comprise entirety of the system.

Question 40

Mission

Answer 40

Concrete statement that communicates a business’s functionality and operational methods by specifying its types of products, services, and level of quality.

Question 41

Net Income

Answer 41

The difference between revenue and expenses.

Question 42

Net Profit Margin

Answer 42

Measures net profit after all expenses are included.

Question 43

Objectives

Answer 43

Specific goals that an organization wants units to achieve terms of sales, makert share, product differentiation, or other relevant metrics.

Question 44

Operating Margin

Answer 44

Earnings before interest, taxes, and amortization divided by revenue.

Question 45

Organizational Resilience Management Systems

Answer 45

(ORMS) Coordinated activities to manage risk and enhance reilience and security in the organization and its supply chain.

NOTE: Direction and control of ORMS generally include establishment of the policy, planning, and objectives directing operational processes and continual improvement.

Question 46

ORMS Objective

Answer 46

Something sought, or aimed for, related to managing risk and enchancing resilience and security in the organization and its supply chain.

NOTE 1: Quality Objectives are generally based on the organization’s quality policy.

NOTE 2: Quality objectives are generally specified for relevant functions and levels in the organization.

Question 47

ORMS Policy

Answer 47

Overall intentions and direction of an organization related to managing risk to enchance resilience and security in the organization and its supply chain as formally expressed by top management.

NOTE 1: Generally, the security and resilience policy isconsistent with the overall policy of the organziation and provides a framework for the setting of securit and resilience objectives.

NOTE 2: ORMS principles can form a basis for the establishment of a quality policy.

Question 48

Policy

Answer 48

Overall intentions and directions of an organization as formally expressed by top management. (ANSI/ASIS/RIMS RA.1-2015)

Question 49

Procedure

Answer 49

An established or specified way to conduct an activity or a process. (ANSI/ASIS/RIMS RA. 1-2015)

Question 50

Process

Answer 50

Actions, changes, or steps taken to achieve a particular end.

Question 51

Product

Answer 51

Goods and services that are the result of a process.

NOTE: Typically, a product is an item or service that is produced to create value.

Question 52

Profitablity Ratio

Answer 52

Helps to quantify an organizations’s ability to generate income beyond convering expenses and provides a view of how well a company makes money.

Question 53

Project Management

Answer 53

Practice of initiating, planning, executing, controlling, and closing the work of a team to achieve specific goals and meet specific success criteria at the specified time.

Question 54

Qualitative Analysis

Answer 54

Data collection and analysis approach that does not use numbers or numeric values.

Question 55

Quantitative Analysis

Answer 55

Data collection and analysis approach that uses numeric measures to describe the value.

Question 56

Quick Ratio

Answer 56

Describes an organizations’s ability to cover bills for the curent reporting period by comparing current liabilities with current assets.

Question 57

Resilience

Answer 57

Absorptive and adaptive capacity in a complex and changing environment.

Question 58

Resources

Answer 58

Any assest (human, physical, information, or intangible), facility, equipment, material, product, or waste that has potential value and can be used.

Question 59

Response Plan

Answer 59

Documented collection of procedures and informatoin that is developed, compiled, and maintained in readiness for use in an incident.

Question 60

Response Team

Answer 60

Group of individuals responsible for developing, executing, rehearsing, and maintaining the response plan, including the processes and procedures.

Question 61

Return on Assets

Answer 61

(ROA) Demonstrates the organizations’s ability to generate income based on assets, independent of any financing.

Question 62

Return on Equity

Answer 62

(ROE) Indicates how well a company uses financed assets to generate income.

Question 63

Return of Investment

Answer 63

(ROI) Helps compare the desirablity of different ways of spending.

Question 64

Revenue

Answer 64

Money a company receives for products or services.

Question 65

Risk Analysis

Answer 65

The process of developing an understanding of risk and level of risk. (ASIS ORM.1-2017)

Question 66

Risk Evaluation

Answer 66

The process of comparing the estimated levels of risk with the risk criteria defined when the context was established. (ASIS ORM.1-2017)

Question 67

Risk Identification

Answer 67

The process of indentifying, grading, and documenting risks by means of threat/opportunity analysis, criticality/impact analysis, vulnerablity/capablity analysis, and supply chain analysis. (ASIS ORM.1-2017)

Question 68

Safety

Answer 68

Freedom from danger, risk, or injury.

Question 69

Security

Answer 69

The condition of being protected agaisnt risk, hazard, threats, or loss.

Question 70

Security Metrics

Answer 70

Security-related measurements.

Question 71

Service Level Agreement

Answer 71

A commitment between a service provider and a client where specific elements of the service that include quality, availablity, and accountability are established between the services provider and the service user.

Question 72

Targert

Answer 72

Something you are trying to do or achieve with definded metrics.

Question 73

Testing

Answer 73

Activities performed to evaluate the effectiveness or capablilities of a plan relative to specified objectives or measurement critieria. Testing usually involves exercies designed to maintain the effectiveness of teams and employees and to reveal weaknesses in prepardness and in response/continuity/recovery plans. (ASIS International Business Continunity Guideline, 2004)

Question 74

Threat

Answer 74

Potential cause of an unwanted incident, which may be result in harm to indvididuals, assets, a system or organization, the enviroment, or the community.

Question 75

Top Management

Answer 75

Directors, managers, and officers of an organization who can ensure that effective management systems, including ginancial monitoring and control systems, have been put in place to protect assets, earning capacity, and the reputation of the organization.

Question 76

Training

Answer 76

Acquisition of the knowledge, skills, and abilities that direcetly relate to job performance; the formal process used to facilitate learning.

Question 77

Vision

Answer 77

Specific description of where the business will be in the long term.

Question 78

Vision Statement

Answer 78

Converys a general understanding of the business, its culture, and its future goals.

Question 79

Vulnerablity

Answer 79

State of being susceptible to harm or injury.

NOTE: Suscepitibility to negative outcomes of a risk.

Question 80

Vulnerablility Assessment

Answer 80

Process of identifying and quantifying something that creates susceptibility to source of risk that can lead to a consequence.

Question 81

Whistleblowing

Answer 81

Occurs when a person working on behalf of the organization raises a concern about danger, unethical conduct or illegality that affects others, internally or externally.

Question 82

Zero-based Budgeting

Answer 82

Process wherein funds are placed in a budget only to extent that planned expenditures are justified in detail. It generally includes both expenses and expected revenue.