Chapter 5 - Introduction to Risk Management

Question 1

What is Risk?

Answer 1

Proportion variation in an outcome from what is expected to happen

Question 2

What does variability mean?

Answer 2

Range of possible outcomes

Question 3

What does expectation mean?

Answer 3

What we expect to happen (not what we hope will happen)

Question 4

What does outcome mean?

Answer 4

What actually does happen

Question 5

What is uncertainty?

Answer 5

Inability to predict outcomes because of a lack of information

Question 6

What does Risk averse attitude mean?

Answer 6

An investment would be chosen if it has if it has more certainty but possibly a lower return than an alternative less certain, potentially higher return investment

Question 7

What does Risk neutral attitude mean?

Answer 7

An investment would be chosen according to its expected return, irrespective of the risk.

Question 8

What is the Risk seeker attitude

Answer 8

An investment would be chosen on the basis of it offering higher levels of risk, even if its expected return is lower than an alternative no-risk investment with a higher expected return.

Question 9

What are the three types of risk?

Answer 9

• Business Risk?
• Financial Risk?
• Operational Risk?

Question 10

What does business risk include?

Answer 10

• Strategy
• Enterprise
• Product
• Financial
• Sustainability
• and Climate*
• Operational

Question 11

What does financial risk include

Answer 11

• Controllable
• Uncontrollable

Question 12

What are the types of operational risk?

Answer 12

• Process
• People
• System
• Event*
• Cyber

Question 13

What does sustainability and climate risk include?

Answer 13

• Increased occurrence of drought and/or flooding, extremes of temperature that cause damage to the supply chain and property
• Impact on reputation of business that is seen not to be acting sustainability or is damaging the environment
• If sustainability is not included in the strategic decisions making process
• The risk of not meeting regulations regarding emission and other climate related regulation

Question 14

What is Event Risk?

Answer 14

1. Disaster: catastrophe occurs such as a fire, flood etc
2. Regulatory: New laws or regulations are introduced
3. Reputation: Risk of damage to the business’s reputation
4. Systemic: Failure by a participant in the business’s supply chain

Question 15

What does Risk Measurement mean?

Answer 15

Identifies the probability of the risk occurring and quantifies the resultant impact and calculating the amount of potential loss using expected values for gross risks

Question 16

What does probability mean

Answer 16

• Measures likelihoodW

Question 17

What does impact mean?

Answer 17

• Measures the size of loss

Question 18

What does exposure mean?

Answer 18

Measure of the way in which business is faced by risks

Question 19

What does volatility

Answer 19

Measurement of the variability of a risk factor

Question 20

What are descriptive statistics?

Answer 20

Used to describe a set of data. A set of data could be a whole population i.e. representative number of items of data.

Question 21

What are the measures of central tendency

Answer 21

1. Mean - Average
2. Median - Middle
3. Mode - Most common

Question 22

What are the expected values?

Answer 22

An expected value is a long run average

Formula for expected value is EV = Sum of PX

P = Probability
X = Occurring

Question 23

What are the three measures of dispersion or spread?

Answer 23

1. Range - difference between high and low
2. Deviation - How far from the mean (x-x̄)
3. What does variance mean? average of the squared deviations of all the values in a data set.

Question 24

What is the standard deviation?

Answer 24

Square root of the variance

Question 25

What does the Coefficient of variation?

Answer 25

What does standard deviation divided by the mean

Question 26

What is Risk management?

Answer 26

Identification, analysis and economic control of risks which threaten the assets or earning

Question 27

What is the Risk management process?

Answer 27

1. Risk awareness and identification
2. Risk assessment and measurements
3. Risk response and control
4. Risk monitoring and reporting

Question 28

What are the techniques of identifying risks?

Answer 28

1. PEST/SWOT analysis
2. External advisors
3. Interviews/questionnaires
4. Internal Audit
5. Brainstorming

Question 29

What are the five different categories of loss which can be considered?

Answer 29

1. Property loss - property
2. Liability loss - Loss occurring from legal liability to third parties
3. Personnel loss - Due to injury, sickness and death of employees
4. Pecuniary loss - as a result of defaulting debtors
5. Interruption loss - being unable to operate.

Question 30

What is the Risk Assessment

Answer 30

Considers the nature of each risk and the implication it might have for the business achieving its objectives

Question 31

What is risk measurement

Answer 31

Identifies the probability of the risk occurring and quantifying the resultant impact consequences and calculating the amount of the potential loss using expected values for gross risk

Question 32

What is gross risk

Answer 32

Potential loss associated with risk, calculated by combining the impact and the probability of the risk before taking any control measures into account.

Question 33

What is the equation for gross risk?

Answer 33

Gross Risk = Probability x Impact

Question 34

What is the Impact and Probability of Sharing Reduction

Answer 34

• High impact
• Low probability

Question 35

What is the Impact and Probability of Accepted?

Answer 35

• Low impact
• Low probability

Question 36

What is the Impact and Probability of Avoidance Reduction Share

Answer 36

• High impact
• High probability

Question 37

What is the Impact and Probability of Reduction

Answer 37

• Low impact
• High probability

Question 38

What is a risk management map?

Answer 38

Used to assess risk

Question 39

What is the TARA model?

Answer 39

Provides an outline of general risk responses

1. Transfer (Sharing)
   - Transfer risk to a third party
   - E.g. insurance, hedging
2. Acceptance (retention)
   - Tolerating losses when they arise
   - For small risks could be cheaper than insurance (self-insurance)
3. Reduction
   - Retain the activity but take action to limit risk to acceptable levels

Mitigating controls:
- Preventative
- Corrective
- Directive
- Detective

4. Avoidance
   - Avoid downside by not undertaking/terminating risky activities
   - Usually lose upside potential as well.

Question 40

What does ALARP mean in Risk Responses

Answer 40

ALARP - All low as reasonably practicable

Employers are expected to take action to reduce risk faced by employees to a level that is reasonably practical

Question 41

What does reasonably practical mean?

Answer 41

Risk of the event occurring reducing to a level that is proportional to cost required to reduce the risk any further. Which will outweigh the benefit

Question 42

Why should we monitor risk?

Answer 42

1. Measure effectiveness of current risk management process
2. Whether risk profile is changing

Question 43

What does the Corporate Governance Code required listed companies

Answer 43

• Determine the nature and extent of any risks the company is willing to take in order to achieve its objective
• Report risk management issues

Question 44

What is a crisis

Answer 44

Unexpected event that threatens the wellbeing of a business, or a significant disruption to the business

Question 45

What are the different types of crisis?

Answer 45

• Nature event e.g. earthquake causing physical disruption
• Industrial accident e.g. building collapse or fire
• Product or service failure e.g. produce recall or health scare
• Public relations disaster e.g. unwelcome media attention or adverse publicity
• Business crisis e.g. loss of key supplier or customer
• Management crisis e.g. hostile takeover bid or loss key management
• Legal/regulatory e.g. new regulation increases costs

Question 46

What does crisis management involve?

Answer 46

Identifying a crisis, planning a response to crisis and confronting and resolving the crisis

Question 47

What is business resilience?

Answer 47

• Considers an organisations ability to manage and survive

Question 48

What are the two axes for understanding an organisations resilience

Answer 48

Axes 1: Processes and functions to protect the organisation

• Risk management
• Business continuity planning
• Security
• IT disaster recovery
• Health and safety
• Crisis management
• Internal audit
• Governance

Axes 2: General organisational characteristics driving resilience

• Employee trust in management
• Customers trust in the organisation
• Ability to innovate
• Clear values
• Values linked to behaviour
• Effective risk management
• Morale
• Leadership involvement

Question 49

What are external changes?

Answer 49

Strict new laws, severe economic recession, politically uncertainties and disruptive technologies

Question 50

What are planned changes?

Answer 50

Major overseas investment, closure of significant operation, launch of new strategic direction

Question 51

What are common features of resilient organisations?

Answer 51

• Diversified resources to facilitate adaptability to deal with changes
• Strong internal and external network of relationships
• Rapid and decisive response to emerging crisis
• Self-review and adaptation to meeting changing circumstances

Question 52

How can resilience measuring

Answer 52

• Compliance e.g. own internal policies and standards
• Completeness e.g. the breadth of their readiness
• Value e.g. qualitative and quantitative measures
• Comparability/capability e.g. testing and reviewing processes and procedures response to potential shocks

Question 53

What is disaster?

Answer 53

When a business operation, or significant part of them, break down for some reason leading to potential losses of equipment, data or funds.

Question 54

What are the types of disasters?

Answer 54

• Major crisis causing a breakdown in operations and resultant losses
• Event which results in serious consequences

Question 55

What are disaster recovery plan?

Answer 55

• Define responsibilities
• Prioritise actions
• Establish back-up and standby arrangement
• Communicate with staff
• Establish PR
• Risk assessment