Chapter 5 - Risk Assessment Flashcards
Difference between Risk data and Risk information?
Risk Information is wider and includes facts and numbers (data) as well as opinions and judgements
What is risk information?
Any information that may influence a decision about risk
What is qualitative information?
Description of something in spoken or written word
What is quantitative information?
Something that can be measures or counted
What is subjective information?
An opinion or a judgement about something. It is influenced by personal experience and feelings
What is objective information?
Facts
What is static information?
Usually fixed and cannot be altered (e.g. a person’s date of birth)
What is dynamic information?
Capable of change
List the Internal risk identification techniques
- Talk to people
- Workshops
- Meetings and committees
- Checklists
- Procedures manuals
- Internal audit and compliance monitoring
List the External risk identification techniques
- Research
- Stress test and scenario analysis
- External audit reports
- Reading insurance documents
Risk identification is not an ongoing process, true or false
False
What are the techniques to break down complexity in order to identify risks
- Workshops and brainstorming
- Business process analysis
- . Inspections and audits
- Flow, process and dependency analysis
- Organisation charts
What is the FIRM scorecard?
A way to classify risks into 4 groups: Financial, Infrastructure, Reputational and Marketplace, with additional subcategories
What is a risk register?
Risk information stored in a logical easily accessible and understandable form - a database.
Inherent Level?
Assuming any controls and precautions fail to work
Residual Level?
Controls and precautions are in place.
What risk level is used?
Depends on the sector/industry/type of assessment
How can risk evaluation be described?
The process of taking the results of risk analysis and then relating them to the ‘bigger picture’ context which the business operates in.
List the criteria for evaluating risks
Financial, legal and operational
Why is a regular review important?
Risks are always changing
What are the difficulties regarding risk registers?
Need to think about:
- Unknown risks
- Can provide false sense of security
- Can be long and hard to cope with
- May not be updated frequently
- May fail to account for correlations between risks
What is a hazard?
Anything that can cause harm
What are flow, process and dependency charts?
Analysis of the processes and operations within an operation to identify critical components that are key to success
What are fault trees and root cause analysis?
These take an undesirable event as a starting point and works backwards to identify the origins
