Chapter 5 - Risk Assessment

Question 1

Difference between Risk data and Risk information?

Answer 1

Risk Information is wider and includes facts and numbers (data) as well as opinions and judgements

Question 2

What is risk information?

Answer 2

Any information that may influence a decision about risk

Question 3

What is qualitative information?

Answer 3

Description of something in spoken or written word

Question 4

What is quantitative information?

Answer 4

Something that can be measures or counted

Question 5

What is subjective information?

Answer 5

An opinion or a judgement about something. It is influenced by personal experience and feelings

Question 6

What is objective information?

Answer 6

Facts

Question 7

What is static information?

Answer 7

Usually fixed and cannot be altered (e.g. a person’s date of birth)

Question 8

What is dynamic information?

Answer 8

Capable of change

Question 9

List the Internal risk identification techniques

Answer 9

1. Talk to people
2. Workshops
3. Meetings and committees
4. Checklists
5. Procedures manuals
6. Internal audit and compliance monitoring

Question 10

List the External risk identification techniques

Answer 10

1. Research
2. Stress test and scenario analysis
3. External audit reports
4. Reading insurance documents

Question 11

Risk identification is not an ongoing process, true or false

Answer 11

False

Question 12

What are the techniques to break down complexity in order to identify risks

Answer 12

1. Workshops and brainstorming
2. Business process analysis
3. . Inspections and audits
4. Flow, process and dependency analysis
5. Organisation charts

Question 13

What is the FIRM scorecard?

Answer 13

A way to classify risks into 4 groups: Financial, Infrastructure, Reputational and Marketplace, with additional subcategories

Question 14

What is a risk register?

Answer 14

Risk information stored in a logical easily accessible and understandable form - a database.

Question 15

Inherent Level?

Answer 15

Assuming any controls and precautions fail to work

Question 16

Residual Level?

Answer 16

Controls and precautions are in place.

Question 17

What risk level is used?

Answer 17

Depends on the sector/industry/type of assessment

Question 18

How can risk evaluation be described?

Answer 18

The process of taking the results of risk analysis and then relating them to the ‘bigger picture’ context which the business operates in.

Question 19

List the criteria for evaluating risks

Answer 19

Financial, legal and operational

Question 20

Why is a regular review important?

Answer 20

Risks are always changing

Question 21

What are the difficulties regarding risk registers?

Answer 21

Need to think about:

• Unknown risks
• Can provide false sense of security
• Can be long and hard to cope with
• May not be updated frequently
• May fail to account for correlations between risks

Question 22

What is a hazard?

Answer 22

Anything that can cause harm

Question 23

What are flow, process and dependency charts?

Answer 23

Analysis of the processes and operations within an operation to identify critical components that are key to success

Question 24

What are fault trees and root cause analysis?

Answer 24

These take an undesirable event as a starting point and works backwards to identify the origins

Question 25

Internal Financial in FIRM?

Answer 25

Historical Liabilities, Liquidity and Cashflows

Question 26

Internal Reputational in FIRM?

Answer 26

Brand extensions, board composition, control environment.

Question 27

What is the difference between Risk analysis and evaluation?

Answer 27

Analysis - spotting patterns, analysing patterns, organising ideas and recognising trends

Evaluation - Comparing ideas, evaluating outcomes, solving problems and recommending solutions

Question 28

How can insurance documents be useful to aiding risk identification?

Answer 28

Insurers conduct surveys which include risk exposures and recommendations to improve/control the risk

Question 29

What is a Risk Management Information system?

Answer 29

Routine collection of risk information can be assisted by IT systems specifically for the use of the risk team