CHAPTER 4

Question 1

What is the first step in the risk managemnt process

Answer 1

Effective risk identification

Question 2

Whatis risk mangment within an org

Not a separate unit but

Answer 2

Its an integral to and indivisibl from strateguc and operatonal managemnt

Question 3

When examining risk information what is the first informaton we need

Answer 3

We need a list of risks, and arrange them in some order of importance

Question 4

What risks do we need to identify

Answer 4

Thise that affect our organisation , and we need to identify as many of those risks as possible, the more risk we identify the better prepared we can be

Question 5

How will a risk department need to identify risks

Answer 5

They need to identify in a logical and cost effective manner

Question 6

What are the internal intelligence sources to enable us to identify risks

right accross our organisation

Answer 6

-People
-Meetings
-Committees
-Documents
-Database
-Observation

Question 7

Apart from personnel associated with audit and complaince function, what are other roles that may have managment of risk considered to be part of their role

Answer 7

-design engineers
-facilities manager
-project managers
-legal offiers
-product development manager
-company secretary

Question 8

How will a formal meeting be recorded

Answer 8

The outcome of a formal meeting will be recorded in a document known as minutes

Question 9

What will a properly written minutes allow

Answer 9

It will allow people absent from the meeting to learn about key decisions or activities that were made

Question 10

What is a committee

Answer 10

A nominated group of people holding meetings for a particular reason

Question 11

Whic department shall be involved in all committes that discuss risk

Answer 11

The risk department

Question 12

What will a board risk subcommittee be authorised to fulfill

Answer 12

They will be authorised to fulfil baord responsibilities regarding risk

Question 13

What is the purpose of an audit subcommittee

Answer 13

The purpose is to stand back from the organisaion’s functional executives and take a view on the behaviour of its manages and effectiveness of business controls

Question 14

As the audit committee is discussing strategic risk controls what should the risk department do

Answer 14

The risk department should either be present or at the very least be required to report on the risk eposures to the committee

Question 15

What will bring benefits to both audit subcommitte and risk department

Answer 15

Cooperation and goof relation ship

Question 16

What are some examples of useful documents for risk information

Answer 16

-Proposal papers
-Auditors repots
-Insurance documents
-Proceudres manuals
-Historic risk reports

Question 17

What are proposal papers

Answer 17

These are documents produced to support request for approvl

Question 18

What do proposal papers set out

Answer 18

They set out background information leading to the request and the implication of its approval, predicted benefits will empasized and investment needed wil lbe detailed, They might highlight risks involved

Question 19

What are auditors reports

Answer 19

These are douments recording the findings of audit activity

Question 20

What are large organisations required by law

in terms of auditing

Answer 20

They are required to have an annual financial audit by a qualified external accountant

Question 21

Some of regulatory authorities within UK financial services look at audit as

Answer 21

As evidence of goon managment contorl

Question 22

apart from financial audits, what are other types of audits

Answer 22

• Quality audits
• • Audits to ensure conformance with written working proedures

Question 23

Non financial ausits are internally authorised by

Answer 23

-Senior Managers
-The board

Question 24

What is the purpose of audit

Answer 24

The purpose is to check that proper output is bing produced, ir being accurate financial information of ull specification product

Question 25

Auditor’s report comments on

Answer 25

The reliability of procedures, checks and control and may higlighy unnecessary risk for managemnt attention

Question 26

What confidence do audits give

Answer 26

They give directors confidence that they can trust information presented to them and a measure of probability that planned outcomes will be achieved

Question 27

What is the policy schedule

Answer 27

This is a place where the policy is made personal and specific to the insured

Question 28

What details does thepolciy schedule have

Answer 28

-Insured’s name
-Insured’s address
-Policy period
-Premium
-Detail of the subject matter
-Sums insured or limit of liability
-Territorial limits
-Policy numner
-Reference to specia excluson/condition/aspet of cover

Question 29

What do syrveys assist with

in insurance

Answer 29

They make comments about exposures and may include recommendaton to improve the control of risk

Question 30

What are procedures manual

Answer 30

These are documents that set out procedures and methods to be followed by personnel working on various areas

Question 31

Why should risk department take detailed interest in procedures manuals

Answer 31

This is because this is where procedureal risk management is implemented

Question 32

Who will maintain records of individual risks

Answer 32

-Individual managers
-Risk Deparment

Question 33

Why do most organisation keep record in databases

Answer 33

They do so to make use of serch facilities and for ease of record retrieval

Question 34

Why is database separate from documents

Answer 34

This is becasue database implies continuos updated information sources, and documents are essentialy snapshots reports associated with a specific date

Question 35

What are some externa sources of information available to identify risks in many different areas

Answer 35

-Gov’t org or org’s linked to the govt
-B’ness and professiona institutions
-Insurers and related orgs
-Database
-Emergency ervices
-Consultants
-Newspapers and Magazines
-Company reports
-Conferences

Question 36

Gov’t orgs and orgs linked to gov’t ublish a wide selection of material that concentrate on

Answer 36

They usually concentrate on general risk information of interest to multiple orgs or general information on speific risk categories

Question 37

Business and professional institutions publish useful information on

Answer 37

They publish on best practice, standards, audits, managment and governance issues. They also contain,hold surveys and pblish ase studies of topicl corporate incients

Question 38

Insurers keep records of

Answer 38

They keep records of historical claims and more than happy to discuss individual claim files ad lessons to be leant from incidents that gave rise to claims

Question 39

What do insurers also publish

Answer 39

They publish general risk related materials including research findings

Question 40

Why are loss data sharing consortia common in financia institutions

Answer 40

They are common as they help reduce operational risk

Question 41

What is Operational RIsk Consortium(ORIC)

Answer 41

This is a quality controlled loss database to support risk managment activities for insurers

Question 42

The Operational RIsk Consortium(ORIC) hold informaton on

Answer 42

It hold info on operational riski.e losses due to failed peopleprocesses/systems/eternal events

Question 43

The Operational RIsk Consortium(ORIC) aims to improve

Answer 43

It aims to improve the risk measurement and modelling skills of its members

Question 44

Emergency services provide information on

Answer 44

It provides info on risk and trends in risk

Question 45

What do consultants range from

Answer 45

They range from knowledgeable individuals with special skills to subsdiaries of insurers or brokers and global corporations with vast resources and contacts

Question 46

What do consultants bring to a project

Answer 46

They bring focused, current information, specialist skils or additional resources to a project

Question 47

Employing consultant should be subject to

Answer 47

subject to a stringent cost benefit asessment as this is a risk itself. More particularly focused on contract terms determining responsility for detrimenta outomes after using information or following their advise

Question 48

What is the advantage of conferences

Answer 48

They have a way of bringing together people intersted in specialist subjects in a non-confrontiona environment

Question 49

What are ways of collecting internal information

Answer 49

-A tour
-Automatic information gathering
-Collecting information from documents

Question 50

what is a time well spent for ay risk professional

Answer 50

A tour of an org

Question 51

An efficient organisation tour should inclue

Answer 51

-visits to various shop floors
- interviews wih key operational and faciltiies managers
- Get to know as many as you can and try to make them your frientds

Question 52

During tour by getting to make friends with key operational and facilities managers, how will this help

an internal information collector

Answer 52

They will be able to provide org’s chrts and process flow charts for those areas in which they are involved in
-They can explain what their unit does, how it does it where, in theri view ie their exposures

Question 53

information that is gathered in a tour will be

Answer 53

a starting point for understanidng risks and impact

Question 54

who is often the responsibility for highlogting procedural risk for an individual worker

Answer 54

The risk department, particularly where practices/personnel have changed in or around a long established unit

Question 55

To enabe routine risk information collecton what should there be

Answer 55

There needs to be a proactive managment information sysem developed specifically for use by the risk department

Question 56

How does autmatic informarion gathering process begin

Answer 56

Process begins with an effective method of ensuring that all necessary information is bought into the department and is digested and turned into a useful managment tool in a properly structured way

Question 57

What will make automatic information gathering effective

Answer 57

The procudures for collecting risk information must be clearly documented and issued wth the authority of the managing direcor or ceo

Question 58

For collecting automatic information what proceudres must be followed for risks and potential hazards

Answer 58

There must be a recognised procedure for olleting specific information about risks that materialize into incidents and recording potential hazards reported by individuals

Question 59

The recognised procedures for collecting informtion on risks materialising into incidnts and recording potential hazards must clarify

Answer 59

These procedures must clarify how incidents are to be logged and what supporting data is required

Question 60

For large multinational organisation its an enormous tas to identiyf and keep track of risk data, thus

Answer 60

The data collected must be carefully selected, must be relaible,complete, accurte, with a system in place to prevent falsifiation,alteration or loss

Question 61

What is the most important thing on data collected from automatic information

Answer 61

The data must be useful and used in subsequent analysis and reports

Question 62

Its important for risk department to form good relationshis with operational managers throughout an org because

Answer 62

These managers will influence the attitude of people that are nominated to report risk data and in turn will directly affect the quality of rik imformation they collect

Question 63

How are useful risks data collected completely eletronically

Answer 63

Where plant or processes are highly automated or digital sensors are involved

Question 64

Whats an example of where data is electronically collected

Answer 64

Security camera operations
Flight data/black box

Question 65

For collecting information from documents, what are the selected documents

Answer 65

They will include minutes of relevant meetings, like meetings specificlly to discuss risk, meeting on key policy and meetings where strategic option are likely to be discussed

Question 66

why are discussions on security risks and some commercia risks geerally exclued from the minutes of meetings

Answer 66

This is because publishing risk information might alter the risk concerned

Question 67

What is our best soure of eternal information

Answer 67

The internet

Question 68

What is required to be done on external information collected on paper

Answer 68

Paper has to be scanned/sorted/processed in exactly the same way as paper information collected internally

Question 69

Information from the interent comes in which fomr

Answer 69

Machine-readable form

Question 70

External sureys are used extensively to

Answer 70

They are used to measure customer satisfaction and collect information for marketing use

Question 71

Before processing data what is a question we must address

Answer 71

Is the data relaibla and does it change

Question 72

What does processing unreliable data lead to

Answer 72

This leads to wrong concludiond being drawn, followed by bad managment advise and wrong decisions being made

Question 73

What should we do if we cant guarantee that our data is trustworthy

Answer 73

This must be explicitly stated in all subsequent reports and recommendations based on that information, explaining why we thing the data us likely not to be trustworthy

Question 74

Risk professional must be aware that there s apossibility of deliberate information falsification even, what would be the reason behind this

Answer 74

People may be trying to look good, or to provide optimistic results or hide partiular risks,other peole may have persona issues, disputes or grudges to resolve

Question 75

Information change can be in

Answer 75

It can be in personnel, products and market places or in the many dfiferent ways in which products or services are delivered

Question 76

Risk department must keep adequate detailed records in what form

information change

Answer 76

In a form that facilitates information search,retrieval and analysis

Question 77

What other records must risk department keep

Answer 77

They must keep records of analyses performed that led to critical decisions being taken

Question 78

What are methods of risk identification

Answer 78

-Organisation Charts
-Flow Charts
-Checklist and questionnaires
-Physical inspection
-Brainstorming and workshops
-fault trees
-Hazard and operability studies
9HAZOP)

Question 79

Why is an organisation chart useful

Answer 79

It’s useful as it demonstrates the organisation’s activities and organisational structure

Question 80

An organisation chart can be extended beyond the organisation to reflet

Answer 80

This will reflect where there are critical suppliers among thirdparties or other group deparments

Question 81

Why will a risk team need considerable people skills

on organisation charts

Answer 81

This wil be ideal to sell ideas and convinve reluctant audiences

Question 82

What doe a flow chart give and shows

Answer 82

It begin to gives a clear picture of risks carried and begin to show in detail how the impact of a risk incident will be felt through out an org

Question 83

What does flow chart picture

Answer 83

It pictures the route taken by all crucial ingredients of the final products through to completion and final delvery

Question 84

The logic of a flow chart is essntial tool when

Answer 84

Wheneer there are a range of products and services that are necessary key ingridients of the final products

Question 85

How can flow charts be in a large organisation

Answer 85

They can be extremely large and complicated

Question 86

In a large organisation if the chart is too large then

Answer 86

It an be sensible divided ito managable sections then consideration shoud be given to profuin several charts eah for a different type of informaton

Question 87

How can questionaires be used

Answer 87

• Method of collecting risk data
• • Cn be used to start quantifying risk

Question 88

What are straightforward and ommonly used tools for risk idnetification

Answer 88

Checklist and Questionnaires

Question 89

Checklist and Questionnaires are useful as

Answer 89

-as an aide-memire to the risk team directly
-if risk team need to delegate info gathering to others
-to bring info that may have been gathered in different places nack together in a common format

Question 90

Checklist and Questionnaires are useful as

Answer 90

-as an aide-memire to the risk team directly
-if risk team need to delegate info gathering to others
-to bring info that may have been gathered in different places nack together in a common format

Question 91

What is a disadvantage of giving a questionnaire

Answer 91

The answes completed by the person will be directed by the uestions, they may not appreciate the need to add additional info that could in particular circumstances be crucial
-Are the answers precisely clear to thse who need to answer it or could there be 2 interpretation

Question 92

What are the benefits of checklist and questionnaire

Answer 92

They can be extremely efficient way to get basi information from a large numbe of different locations and people

Question 93

Why are trial runs with representative people important parto fquestionnaire design

Answer 93

This is becasue the feedback can help in the final design before release to the wider audience

Question 94

What are the main differences between questionnaire and checklist

Answer 94

-Questionnaire is sent to someone else to complete
-A checklist is something that simply promprs a profesional or another to give answers in a particular way

Question 95

why do questionnaires use checklist

Answer 95

They do so to limit possible answers to a question so that results are more easily analysed by computer

Question 96

What is another common use of checklist

Answer 96

The survey report forms used by riks surveyors

Question 97

A good questionnaire and checklist will solicit

Answer 97

A series of simple answers that can be easily processed by computer but it will also allow enough space for the user to complement these answers with comments, opinions and suggestions.

Question 98

What does the design of checklist need to take into account

Answer 98

It needs to take into account the technical skills of the user

Question 99

Why does survey fulfil a dual role

Answer 99

It has the role of identifying risks and also begins the job of managing them

Question 100

What is brianstorming and workshops

Answer 100

This involves a group selecting a topic for discussion and recording as may ideas as possible

Question 101

How are the brainstorming session

Answer 101

They are ussually informal and unstructured, their main focus is freedom of expresssion and quantity of ideas rather than quality

Question 102

In brainstorming sessions a professiona facilitator may be used whose role will be

Answer 102

To keep a careful balance between time, the agenda and the direction of the conerstion flow

Question 103

What is a desktop excercise in a brainstorming session

Answer 103

When meetings are arranged as an ecercise where scenarios are desribed and partiipants are expected to say how these scenerios migh unfold, jow damaging they migh be and how they could or cold not be managed

Question 104

Desktop excerise is commonly used to help

Answer 104

It helps in developing continuity plans

Question 105

what does desktop excercises highlight

Answer 105

they highlight risks and threats and their potential ipacton a particular division of an organisation. It can explore interdivision dependecnies and importance of these

Question 106

What is an alternative to desktop discussions

Answer 106

To stimulare incidents for people to manage through, thousgh this is expensive aand only appropriae in particular circumstances, usually when loss of life is at stake

Question 107

What are the useful purpsoes of excersises

brainstrming and workshop sessions

Answer 107

Useful purpose in familiarizing people with an incident situation so that they cope better if faced with a real emergenct

Question 108

With desktop excercises what do partisipants provide

brainstorminf and workshop

Answer 108

They provide feeback thpughts and ideas that can be studied and used to help manage future risk

Question 109

When do brainstorming groups gain best value

Answer 109

They do if risk professionals join them as full members or as observers or advisers

Question 110

What does a flow chart illustrate

Answer 110

The chain of events that bring together materials and resourcs to create and deliver an finished produt. It reveals the source of critical parts

Question 111

What does fault trees investigate

Answer 111

They investigate what could cause suppleis to ceae and consider the lkelihood of that happening

Question 112

Fault trees can achieve 2 things which are

Answer 112

-It can look at a flow chart from the POV of risk and begin to assess the chance of a supply chain being broken
-It can look at the risk within a process or piece of machinery and take a view on the potential for damage

Question 113

what does the fault tree not look at

Answer 113

The proess leading to the end result

Question 114

What does the fault tree look at

Answer 114

It tries to understand the potential for a failure to deliver that which is critically needed and the looks backwards to search out the possible cause of that failure, which could be from a single cause or combination of casue

Question 115

How does fault tree analysis begin

Answer 115

It begins with each ingredient then consders whether that ingredient cpuld fail to arrive in a timely way at the point of inclusion,and if so it takes a view on the consequenes

Question 116

Under fault tree analysis what is the premise

Answer 116

The premise is the a production line is an intergrated evolving process whereby there is one time only and one plae only for each part to be added

Question 117

Whne examining what could cause supply to faul, risk professional may also wish to review

Answer 117

To review the quality and resilience of the supplier’s factory, the may look at the supplier’s own pilocy in sourcing materilas

Question 118

How may an org reduce the potentioa of single points failure

in the supply chain

Answer 118

They may do so by sourcing ingredients form 2 or more entirely different suppliers, as the risk of simultaneous failure by 2 uppliers is much less if they are geographically separate

Question 119

An org will maintian high focus on which ingredients

Answer 119

High dependency/low availability ingredient

Question 120

What type of ingredients are High dependency/low availability ingredient

Answer 120

These are ingredients that could be a specialist or bespoke product on which the org’s own productionline has a high and urgent dependancy. It will look at these dependencies and other events that may cause failure or loss

Question 121

For Fault trees and supply chain the questions are asked to gain

Answer 121

The view of risk and dependencies theseqns can be equally valid within the org and for supplier of critical parts, the issue is continued supply of quality ingredients

Question 122

How will the fault tree help risk managers

Answer 122

Fault tree can highlight individual exposures that help the risk manager to prioritise attention to those risk incidents most likely to occur or risk incidents that would have most signigficant impact

Question 123

What is the Hazard and Operability studies(HAZOP)

Answer 123

This is a metod of quantifting risk that can work well alongside the fault tree

Question 124

How are Hazard and Operability studies(HAZOP)

Answer 124

They are rigorous, detailed and usually contain computerised fault tree analysis of safety critical systems or system components often conducted during their design

Question 125

Where did the Hazard and Operability studies(HAZOP) concept originate

Answer 125

It originated in the chemical industry, it is a qualitative equiry in the operation of a plant from the point of view of hazard

Question 126

Where did the Hazard and Operability studies(HAZOP) addresses the belw 4 questions

Answer 126

-What is the part INTENDED to achieve
-What deviations are possible from the usually expected delivery
-What could be the causes of those variations
-What could be the consequences of thse variations

Question 127

When examining the causes in HAZOP, risk department needs to ask 2 important questions

Answer 127

-What event/cause could cause a deviation to that degree?
-What combination of events could cause a decation to that degree?

Question 128

When is HAZOP type study most appropriately carried

Answer 128

It’s carried out on a piece of equipment that is understood to be important or to possess safety dangers. This equiment is important to the safety of employees,visitors/neighbours or key pat of a hain of events that delvers the final prouct or service

Question 129

HAZOP studies are often desinged to

Answer 129

They are designed specifically to identify potential worst case scenerios