CHAPTER 5

Question 1

How do we decide how to manage the underlying risk

Answer 1

When we understand all possible consequences of an incident

Question 2

What is Risk assessment

Answer 2

This is a set of working tools used to examine threats that may bring damage or loss to an org, its responsbitiies and its objectives

Question 3

What is the purpose of examiing threats

Answer 3

To stimulate decisions as to how those threats are to be managed

Question 4

What do we need to do to istingus and catalogue risks for comparison

Answer 4

we need to quantify the damage that could result if each risk materialised

Question 5

Combining impacct and probability gives us the basis for

Answer 5

Basis for risk comparison and ranking

Question 6

Why does risk assessemen require exploring option for risk control

Answer 6

This is so becasue we need to see what risk reduction precautions are possible

Question 7

why must risk and their analysis be associated with DATES

Answer 7

This is so that changes can be tracked over time and background to decisions can be revisited and reviewed

Question 8

How must risk data be kept

Answer 8

Risk data must be kept in an easily understood and accessible file and in a form that allows for info to be used in related exercises like stress testig and risk modelling

Question 9

The risk database must be able to accomodate

Answer 9

It must accomodate change and allow for measurements to assess effectivenes of controls

Question 10

What will determine the software tools to be used in managment and future use of data

Answer 10

The size and complexity of data to be stored and intentions

Question 11

What is risk categorisation

Answer 11

Putting riks into categories and then looking within each category to determine which risks are important and which risks can be ignored

Question 12

Which risks are not worth investigating and controlling

Answer 12

Those risks whose impact is less than the value of resources employed

Question 13

Why is risk categorization important

Answer 13

The system are importnat as they enable an org to identify accumulations of simila risks and clarify potential for applying common risk control strategies

Question 14

Risk categorization system help with

Answer 14

They help organisations identify which strategies, tactics and operations are most vulnerable to anticipated threats

Question 15

How do orgs decide which categories to use

Answer 15

they decide after considering what the information will be used for

Question 16

The chosen categories for risk categorisato should cover

Answer 16

They should over all identified risks yet minimise the risk of overlap

Question 17

Why have attempts to classsify risks been proved difficult in practice

Answer 17

This occurs when more than one casue can contribute to an event.

Question 18

What isssue In insurance causes a separate category to be warrant

Answer 18

Preserving the liquidity ratuio

Question 19

What is frictional risk

Answer 19

This covers the effect of changes in legal, accounting, regulatory,credit agency requiements or any similar event that puts u costs above those that would otherwise be reauired

Question 20

whta is Basel II banking regulations

Answer 20

its another industry specific categorisation

Question 21

What is a lst of official Base II events

Answer 21

-internal fraud
-external fraud
-employment practices and workpace safety
-clients,products and b’ness practice
-damage to physical assts
-business disruption and systems failures
-execution,delivery and process management

Question 22

What is COSSO reporting mainly concerned with

Answer 22

Its concerned with the US legal requiremet to report accurate financial data

Question 23

Financial Risks are concerned with

Risk categorisation systems

Answer 23

They are concerned with internal financial controls, risk related to maney managment, asset values, credit availability, liquidity and financial profitability

Question 24

What does PESTLE stand for

Answer 24

Politics,Economics, Social,Technologial,Legal and Environment

Question 25

What does PESTLE break down

Answer 25

It breaks down the external environment in which an org operates

Question 26

when is PESTL and SWOT used together

Answer 26

They are used together when creating and reviewing strategic plans

Question 27

Provide examples where PESTLE and SWOT have been used together for a cause

Answer 27

-Market Research
-Strategic analysis
-Mainly for exploring external factors that influence an organisation

Question 28

What happens if risk categories and subcategories are selected

Answer 28

Compilation of annual reports and other publication for investors become easier, boards are presented with info in a more comprehensive form, questions from regulators,media and other stakeholders are more readily answered

Question 29

If we want to compare and manage risks what do we need to do

Answer 29

We need to measure consequent losses or gains of risks materialise

Question 30

When does it become difficult to attach monetary value

Answer 30

In situation of personal consequences like injury and loss of life, loss of reputation, consewuene and destruction of brand value

Question 31

What are some of the types of daamges involved when measuring ompact of risk

Answer 31

-Health damage,injury or loss of lfe
-Asset Loss
-Time and resources
-Business survival
-Defining impact
-Aggregate Loss
-Risk Aggregation

Question 32

What should be done to any risk that threatens survival of an org

Answer 32

High priority attentioneven if the probability of it materialising is remote

Question 33

What are some examples of issues that could affect confidence

Answer 33

-Damage to the credibility of a brand
-concern with regulatory approvals and licenses
-security of intellectual assets
-Mistrusts of strategic direction

Question 34

what other risk is associated with confidence

Answer 34

Reputation risk, damage to this in most businesses could directly result in loss of potential inome,divestment, loss of market value leading to susbequent takeover and in some cases for large org could result in closyre

Question 35

How is credit,solvencu and liquidity risks controlled in an org

Answer 35

Affairs must be managed so that assets exceed liabilities and the organisation does not run out of cash

Question 36

What is loss of credit equivalent to

Answer 36

It;s equivalent to running out of cash if the organisation relies on borrowing for day to day operations

Question 37

Which oganisation are more prone to third party damages

Answer 37

-Nuclear power operation
-Aviation
-Chemicals
-Oil Exploration
-Transportation
As they can cause widespread human and environmental havoc if things go wrong

Question 38

What some of the risks that could affect Business Survival

Survival Risks

Answer 38

-High monetary value incidence
-Loss of confidence
-Reputation risk
-Credit,Solvency and Liquidity risks
-Loss of credit
-Third party damage

Question 39

How to measure risks that impacts cant be measured in financial terms

Defining Impact

Answer 39

Usually the solution is to attach codes to the risk that flag its importance in broad qualitative terms

Question 40

When measuring non finacial impacts by attachng codes, how are these codes allocated

Answer 40

These codes are allocated after discussion with appropriate managers, e.g it could be a broad categories of assessment like intolerable,high,medium and low

Question 41

How are money values allocated to the remaining risks after recording non - financial impacts

Answer 41

Impacts can be recorded at net cost or gross cost

Question 42

When allocating money values to risks, what are net costs

Answer 42

they are costs afer any insurance claims are met ot recoveries from any other risk financing have been made

Question 43

When allocating money values to risks, what are gross costs

Answer 43

These costs include sums even though they may eventually be recovered

Question 44

What is maximum prossible loss

Answer 44

This means it’s impossible for quantam of loss to exceed the stated figure

Question 45

What is maximum probable loss

Answer 45

This means its only proable that the loss will not exceed the stated amount

Question 46

When must lossess be aggregated

Answer 46

When a risk results in simultaneous multile incidents of damage

Question 47

When is historical data best used

Answer 47

They are best used to predict future trends if nothing has changed since the data was collected. However this is rarely the case

Question 48

Withmeasuring probability what can produce output that is misleading

Answer 48

slight inaccracies or variables in input data

Question 49

The theory of statistical analysis depends on

measuring probability

Answer 49

It depends on their being a minimum number and spread of core incidents to enable the laws of averages to be applied and for clear and usable trends to emerge

Question 50

What is the prime use of historical data analysis in risk management

Answer 50

The prime use is to determeine expected values or ranges of value for particular ongoing risks

Question 51

What does the theory of probability set out

Answer 51

It sets out to illustrate likelihood or probability as a numerical value

Question 52

What does probability tell us

Answer 52

Probability tells us the chande that something might happen in a chosen period of time

Question 53

When is probability best used

Answer 53

when conidering infrequent high damage risks

Question 54

What is frequency

Answer 54

Is an expression of how often an event may occur

Question 55

what is the objective of any method of risk aggregation

Answer 55

To represent diverse risk exposures on a common numerical scale whose sum can be calculated in real time if required

Question 56

What are some obvious problems in trying to aggregate risks accross an organisation

Answer 56

-wide variety of type of risk involved
-combining qualitative and quantitative info esp qualitative
-different risk apetite thresholds at different levels in multile orgs and functioonal hierachies
-risk not confined to individual hieratches
-relationships between risks
-continually changing b’ness external and internal environment

Question 57

what may the risk department do if they have to present or publish risk information

Answer 57

They may bring probability and impact together by multiplying the two to create an overall risk factor indicating the size of the risk

Question 58

What is a risk factor determied by multiplying probabiliyy by potential loss/impact quatnified as

Answer 58

This is quantified as a measure of the possible loss to which an org is exposed as a result of some activity or event

Question 59

Exposure is well undestood in business often calculated for which things

Answer 59

-liability issues
-property loss/damage
-product demand variation

Question 60

In insurance how is exposure regulaly tracked

Answer 60

Its tracked in respect of outstanding claims

Question 61

What does risk ranking hide

Answer 61

It hides the distinction wheter a high level of exposure is due to high probability or impact value

Question 62

To deal with the issue that arises with risk ranking of hiding the distinction what may one do

Answer 62

They would buld a graphical demonstration of risk, by using a simple matrix format

Question 63

On face value a simple matrix presentation is a useful way of

Answer 63

Its a useful way of illustrating the relative importance of a number of risks but in practice a typical risk matrices must be treated with a great deal of caution

Question 64

what are some of the issues faced with a typical risk matrices

Answer 64

-with only a few categories this means that identical ratings can be allocated to quantitatively very different risks
-Error can result in higher qualitative ratings being allocated to quantitatively smaller risks
-Qualitative ranings are subjective rather than objective

Question 65

What is risk ranking

Answer 65

The process of comparing different risks and presenting them in an order of priority for the use of resources

Question 66

Risk compariosn is useful in

Answer 66

They are useful in benchmarking, for presentation purposes and to support arguments or explanatin

Question 67

Risk professionals are strongly advised to familiarise themselves with

Answer 67

They are advised to familiarise themselves with communication and presentation techniques if they want their recommedations to be accepted

Question 68

What can a careless graphical representation or risk comparison do

Answer 68

They can destroy the credbility of an argument even if it is logically correct

Question 69

Why is it convineient to adopt a numerical classification of impact

Answer 69

So that risks can be more easily compared

Question 70

What are risk factor indices

Answer 70

These are some standard classification used by an org to compare the risks they carry

Question 71

What is an important risk factor indices

Answer 71

Dow Fire and Explosion Index

Question 72

What is the Dow Fire and Explosion Index designed to do

Answer 72

This index is designed to classify particular hazards that lie within a process in a factory

Question 73

How does Dow Fire and Explosion work

Answer 73

It applies a predetermiend factor number to hazards within that proess tha re knon to increase overall risk of damage

Question 74

How is the Dow Fire and Explosion calculaton

Answer 74

The calculation process is staightforward usinf a standarised spreadsheet format

Question 75

The Dow Fire and Explosion has been proven to be useful in

Answer 75

It has been proven to be useful in determining plant layouts and separation between vessels in chemical process plants

Question 76

When are risk factor indices likely to be of best value

Answer 76

They are of best value when used to support decisions about prioities and resources to be applied to events that happen reasonably frequntly

Question 77

When are risk factor indices likely to be of best value

Answer 77

They are of best value when used to support decisions about prioities and resources to be applied to events that happen reasonably frequntly

Question 78

Risk factor indicies are best used for which estimaton

Answer 78

They are used to estimate likely total cost of a type of incident over a period of time

Question 79

What is risk apetite

Answer 79

The extent to which an orgnisation will tolerate a risk

Question 80

Risk Controls can be divided to four broad classes which are

Answer 80

-Preventive
-Corrective
-Directive
-Detective

Question 81

What is Preventitve measure for risk controls

Answer 81

Measure to stop a risk happening or unwanted outcome arising

Question 82

What is Corrective measure for risk control

Answer 82

This is a measure to limit sope of loss and reduce any undesirable outcomes that have come about once the loss or damage hs materialised

Question 83

What is Directive measure for risk control

Answer 83

Controls to ensure particular aim is realised

Question 84

What is Detective measure for risk control

Answer 84

after th event measures to identify when an incident has happened

Question 85

Most orgs implement which controls

Answer 85

Preventative controls, these are designed to reduce the possibility of undesriable outcomes

Question 86

What are corective controls designed to do

Answer 86

They are designed to correct undesirable outcomes that have already occured. They are a means of reocvery against loss or damage

Question 87

What is continuity planning

Answer 87

This is another corrective control, organisation plan for b’ness continuity and recovery after events which they could not prevent

Question 88

How is insurance a form of corrective control

Answer 88

It is as it facilitaties financial recovery when an insured risk materialises

Question 89

What are directive controls used for

Answer 89

They are instructions or regulations designed to ensure that a particular outcome is achieved

Question 90

What are directive controls commonly associated with

Answer 90

They are associated with health,safety and security. They are important when people’s behaviour can prevent a undesirable event

Question 91

What are some examples of directive controls

Answer 91

-requirements to wear protective clothing while performing dangerous duties
-staff are trained to certain skill levels before being allowed to work unsupervised

Question 92

what are checklists, worksheets and test schedules

Answer 92

these are directive controls

Question 93

Whichindustriies use directive controls best

Answer 93

-Aviation industry
-Oil and gas expliraton

Question 94

What are detective controls designed to do

Answer 94

They are designed to identify unwanted occurrences that have alreadhy happened and are thus only appropriate ehrn it is possible to accept the loss or damage incured

Question 95

What are some detective controls

Answer 95

-Stock checks
-Asset Checks
-Reconcilliation
As they can detect theft or similar anomalies

Question 96

How is reconcilitiona nother technique of detectie control

Answer 96

Reconciliting authorised payments with banks tatements will detect unauthorised transactions

Question 97

How are audits,inspections and quality quontorl detective

Answer 97

They are because they look for causes of defects in products and procedures with a view to introducing changes in the future

Question 98

What is market risk

Answer 98

This is concerned with risk of lossess inn tradingpositions arising from movement in market prices

Question 99

What are the prevention controls in avoiding market risks

Answer 99

The prevention controls aound the managmenet of this risk coudl involve decisions regarding investment strategis

Question 100

What are the corrective controls in avoiding market risks

Answer 100

They can be insurance and hedging

Question 101

What are the directive controls in avoiding market risks

Answer 101

Directive controssuch as limiting indivisual trading activities

Question 102

What are the detective controls in avoiding market risks

Answer 102

The detective controls coulld be adopted such as the org deciding to monitor unusual trading activity over an appropriate time frame

Question 103

What is credit risk

Answer 103

This is a risk that a counterparty will suffer real or percieved deterioration in financial strength or unable to pay mpunts in full due

Question 104

What are preventive controls in credit risks

Answer 104

This would include regular credit checks of current and potentia counterparties

Question 105

What are corrective controls in credit risks

Answer 105

Would include contract terms to safeguard assets held as securtes for loans and use of multiple insurers to protect large potential liabilityes

Question 106

What are directive controls in credit risks

Answer 106

This wouldl restrict trading to counterparties whose creit has been approved

Question 107

What is liquidity risk

Answer 107

This is a risk of running out of cash when it is neeed to meet financial obligation

Question 108

What are preventive controls in liquidity risks

Answer 108

Preventive controls would be strategic decisions on capital reserves and ratios, daily cash management and attention to contract payment terms and debt collection

Question 109

What are corrective controls in liquidity risks

Answer 109

This would include arranging overdraft facilities, hort trm credit and loan facilities or agreements with shareholders to inject capital at short notice

Question 110

What are directive controls in liquidity risks

Answer 110

This would be supporting managment in enforcing the discpline required

Question 111

Cost effectiveness of risk control can be estimated by

Answer 111

This can be estimated by comparing impact of uncontrolled risk with impact of the same risk assuming the proposed control is in place. The difference between the 2 impact assessments must atleast be greater than the ost of implementing the controls

Question 112

What is a risk register

Answer 112

This is a register of al risk information that is needed to be recorded

Question 113

What is the aim of a risk register

Answer 113

The aim is to build a complete picture or risk profile of the org or of selected individual or collection of risks deemed important

Question 114

What must the design of a risk register allow

Answer 114

It must alow useful informaton to be produced

Question 115

What will an org note as a risk register matures

Answer 115

The org disovers more uses for the information and will add further analysis or detail to the categories

Question 116

What are the essential data in a risk registfer

Answer 116

-Risk description
-Proability
-Impact assessment is supplemented by info about existing risk controls
-Ranking
-Priorities
-Risk ownership
-Recommendarion for new or improved risk control

Question 117

Risk registers can fulfill which dual role

Answer 117

-Faciliating practical management of risk
-Helping instil or condolidate risk management culture into day to day operations

Question 118

Typucal distributed risk register implementtion might involve

Answer 118

-automatic diary system to warn when risks are due for review
-tiered acess levels to individual risks
-authorisation procedures to accept new risk
-comprehensive enquiry and reporting facilities
-procedures for suggesting and authorising new/improved risk controls