Chapter 5 Flashcards
What is the main principle of risk management?
The main principle of risk management is that it delivers value to the organization.
What should students be able to summarize at the end of the module?
Students should be able to summarize the principles (PACED) and aims of risk management.
What does STOC stand for in risk management?
STOC stands for strategy, tactics, operations, and compliance.
What are the eight principles of risk management according to ISO 31000-2018?
- Integration
- Structured and comprehensive
- Customized
- Inclusive
- Dynamic
- Uses best available information
- Considers human and culture factors
- Practices continual improvement
What does ‘Integration’ mean in risk management?
An organization should integrate its risk management efforts into all parts and activities of the organization.
Why is a structured and comprehensive approach important in risk management?
Creating and following a comprehensive, structured risk management approach leads to the most consistent, desirable risk management outcomes.
What does ‘Customized’ mean in the context of risk management?
An organization’s risk management approach should be customized to their own needs, including the organization’s objectives and the external and internal context in which the organization operates.
What is the significance of being ‘Inclusive’ in risk management?
Risk management should involve all stakeholders in appropriate and timely ways to consider different knowledge sets, views, and perceptions.
What does ‘Dynamic’ imply for a risk management program?
The organization’s risk management program should change as the organization changes, helping to anticipate, identify, acknowledge, and respond to changes.
How does risk management utilize the best available information?
Effective risk management considers information from the past and present while anticipating the future, ensuring reliability and acknowledging limitations and uncertainties.
What is the importance of timely information for stakeholders?
All relevant stakeholders should receive necessary information in a timely and clear manner.
What factors should risk managers consider?
Risk managers must be aware of human and culture factors that influence the risk management effort.
What is a key practice for risk managers?
Risk managers must strive to continually improve an organization’s risk management efforts.
What are the principles of risk management?
Principles describe what risk management should be and achieve, including being proportionate, aligned, comprehensive, embedded, and dynamic.
What does it mean for risk management to be proportionate?
Risk management activities must be proportionate to the level of risk faced by the organization.
How should risk management activities be aligned?
ERM activities need to be aligned with other activities in the organization.
What does comprehensive risk management entail?
The risk management approach must be comprehensive to be fully effective.
What does it mean for risk management to be embedded?
Risk management activities need to be embedded within the organization.
What is the dynamic nature of risk management?
Risk management activities must be dynamic and responsive to emerging and changing risks.
What is the basic objective of risk management initiatives?
To ensure conformity with applicable rules, regulations, and mandatory obligations.
What assurance do boards and audit committees require?
They require assurance that risk management and internal control activities comply with PACED.
How does risk management support decision making?
It ensures that appropriate risk-based information is available to support decision making.
What is the outcome of effective risk management?
It assists with achieving effective and efficient strategy, tactics, operations, and compliance to ensure the best outcome with reduced volatility of results.
