Chapter 7

Question 1

, our approach reflects our status as a regulated utility providing essential services and operating as part of the critical national infrastructure for the UK.

Answer 1

Severn Trent Water,

Question 2

covers all types of risk including operational, financial, legal and regulatory.

Answer 2

ERM process

Question 3

is integrated through a framework that is divided into three core pillars

Answer 3

Sustainability and responsibility at Tim Hortons

Question 4

three core pillars:

Answer 4

individuals, communities and the planet

Question 5

includes a structure and supporting processes for effective sustainability and responsibility governance and accountability, and is reviewed regularly.

Answer 5

Sustainability and responsibility policy

Question 6

• governs sustainability and responsibility through the nominating and corporate governance committee of the board.

Answer 6

Board

Question 7

Oversight activities include:

Answer 7

review of policy development; sustainability and responsibility strategies, including mitigation of risks; and organizational sustainability and responsibility commitments, goals and external reporting

Question 8

resides within the Tim Hortons executive group.

Answer 8

Management accountability for sustainability and responsibility

Question 9

Within the core department, ____ is managed actively and ______ is embedded into all departmental processes.

Answer 9

RISK
Risk Management

Question 10

has overall responsibility for the risk management framework.

Answer 10

Corporate Committee

Question 11

Risk Management Framework consists of three management levels at which risks are managed:

Answer 11

At the local level
At the committee level
Risks escalated by the corporate committee,

Question 12

risk is managed and risk registers maintained by policy and operational teams and by project and programme teams across the department.

Answer 12

At the local level

Question 13

risk is managed by the corporate committee. The committee maintains its own risk register and manages redrated operational risks within the corporate area.

Answer 13

At the committee level

Question 14

investment committee, governance board and department-wide operational, delivery and strategic risks are managed by the executive board.

Answer 14

Risks escalated by the corporate committee

Question 15

• covers a very wide range of topics, and risk management is an integral part of the successful corporate governance of every organization.

Answer 15

Corporate Governance

Question 16

For instance, companies listed on the ________ have to be guided by the UK Corporate Governance Code (2016) published by the Financial Reporting Council.

Answer 16

London Stock Exchange

Question 17

_________ is to facilitate accountability and responsibility for effective and efficient performance and ethical behaviour.

Answer 17

purpose of corporate governance

Question 18

There are two main approaches to the enforcement of corporate governance standards. Some countries treat corporate governance requirements as

Answer 18

‘comply or explain’.

Question 19

should be viewed as obligations placed on the board of an organization.

Answer 19

Corporate Governance Requirements

Question 20

Reports on corporate governance standards, concerns and activities should be received at every board meeting, and these papers will often be presented by the company secretary. Such committees may include:
.

Answer 20

risk management committee;

audit committee;

disclosures committee;

nominations committee;

remuneration committee.

Question 21

is ‘the system by which organizations are directed and controlled’.

Answer 21

Corporate Governance

Question 22

is therefore concerned with systems, procedures, controls, accountabilities and decision making at the highest level and throughout an organization.

Answer 22

Corporate Governance

Question 23

is concerned with the way that senior management fulfil their responsibilities and authority.

Answer 23

Corporate Governance

Question 24

is concerned with the need for openness, integrity and accountability in decision making, and this is relevant to all organizations regardless of size or whether in the public or private sector.

Answer 24

Corporate Governance

Question 25

is an international organization helping governments tackle the economic, social and governance challenges of a globalized economy.

Answer 25

The Organization for Economic Cooperation and Development (OECD)

Question 26

is based on the evidence that good governance promotes success of organizations and society.

Answer 26

The approach in BS 13500

Question 27

goes beyond the avoidance or mitigation of problems.

Answer 27

scope of the code

Question 28

has produced guidance on corporate governance, and the focus of that guidance is on the effectiveness of the board.

Answer 28

London Stock Exchange (LSE)

Question 29

is about the effective management of the organization and the appropriate responsibilities and the role of the senior managers and board members within the organization.

Answer 29

corporate governance

Question 30

are centred on the board of the organization.

Answer 30

Governance activities

Question 31

The corporate governance framework has two main components:

Answer 31

1) the responsibilities, obligations and rewards of board members; and.

2) the fulfilment of stakeholder expectations, rights, participation and dialogue.

Question 32

The importance of board member responsibilities, obligations and rewards are emphasized and include arrangements for:

Answer 32

determining membership of the board;

accountability of board members;

delegation of authority from the board;

remuneration of board members.

Question 33

• The responsibilities of board members must be fulfilled in five important areas

Answer 33

strategic thinking, planning and implementation;

corporate social responsibility;

effective management of risks;

audit and risk assurance;

full and accurate disclosure

Question 34

OECD principles and the LSE corporate governance framework provide the overall requirements and framework within which corporate governance must be delivered.

Answer 34

OECD principles and the LSE corporate governance framework

Question 35

play an important role in corporate governance.

Answer 35

Non-executive directors

Question 36

will be a non-executive group and represents the third line of defence.

Answer 36

audit committee

Question 37

has resulted in banks and other financial institutions reviewing their own corporate governance standards.

Answer 37

global financial crisis

Question 38

is the largest financial services institution listed on the national stock exchange and is among the 30 most profitable financial services organizations in the world.

Answer 38

Bank

Question 39

robust corporate governance arrangements are usually mandatory.

Answer 39

Government Agencies

Question 40

corporate governance and risk management are designed to assist the organization to achieve its objectives, including commercial or marketplace objectives.

Answer 40

Commercial Organizations

Question 41

is often seen by government agencies as establishing a framework of control that supports innovation, integrity and accountability and encourages good management throughout the organization.

Answer 41

Corporate Governance

Question 42

activities within a government department, agency or authority will be the principles of public life, often referred to as the Nolan principles.

Answer 42

corporate governance

Question 43

Nolan principles of public life

Answer 43

1. Selflessness
2. Integrity
3. Objectivity
4. Accountability
5. Openness
6. Honesty
7. Leadership

Question 44

• sets out policy on the identification and management of risks that it faces in the delivery of its objectives.

Answer 44

The risk policy of the Welsh Assembly Government (WAG)

Question 45

has overall responsibility for the organization in terms of setting strategy and ensuring satisfactory governance.

Answer 45

BOARD

Question 46

is the responsibility of the executive management, and top management.

Answer 46

Management of the organization

Question 47

are members of the same board, this is referred to as a unitary board.

Answer 47

executive and non-executive directors

Question 48

, and is referred to as the supervisory board.

Answer 48

non-executive directors

Question 49

into separate committees is sometimes referred to as a two-tier board structure.

Answer 49

non-executive and executive directors

Question 50

to be in place in charities and public-sector organizations.

Answer 50

two-tier board structure

Question 51

• A good organizational structure supports the effective management of risk.

Answer 51

Governance structure

Question 52

suggests that the term ‘interested party’ is preferred, but stakeholder is an acceptable alternative.

Answer 52

ISO Guide 83

Question 53

defines a stakeholder as a ‘person or group concerned with, affected by, or perceiving themselves to be affected by an organization’.

Answer 53

ISO Guide 73

Question 54

There will be a wide range of stakeholders in a typical organization that can be summarized as CSFSRS, as follows:

Answer 54

customers; staff; financiers; suppliers; regulators; society.

Question 55

is a technique to ensure that an organization has the most effective and efficient processes and operations.

Answer 55

Business process re-engineering (BPR)

Question 56

are the high-level collections of activities that are fundamentally important to the organization.

Answer 56

Core processes

Question 57

Data for shareholders

Answer 57

1. General
2. Financial data
3. Corporate governance and CSR
4. Shareholder information
5. Relevant news

Question 58

• A clear statement of strategy and vision Corporate profile and principal markets.

Answer 58

General

Question 59

• Annual report and financial statements Archived financial information for the past three years.

Answer 59

Financial data

Question 60

• Information related to compliance with Combined Code Information on the company CSR policies.

Answer 60

Corporate governance and CSR

Question 61

• Shareholder analysis by size and constituent Information on directors’ share dealings

Answer 61

Shareholder information

Question 62

Access to all news releases and presentations Developments that might affect the share value.

Answer 62

Relevant news

Question 63

to implement and maintain procedures that promote ethical business conduct

Answer 63

Rank policy

Question 64

has a fraud and unethical business conduct whistleblowing policy which sets out the ways in which employees can voice their concerns about suspected fraud, corruption or unethical business conduct.

Answer 64

Rank

Question 65

During the period under review two frauds came to light within the

Answer 65

Grosvenor retail casino business.

Question 66

deliver stakeholder expectations and are related to the internal and external context of the organization.

Answer 66

Core processes

Question 67

• can be defined as an event with the potential to impact the fulfilment of a stakeholder expectation.

Answer 67

Risk

Question 68

classification of core processes as strategic, tactical and operational is acknowledged in

Answer 68

British Standard BS 31100.

Question 69

set the future direction of the business;

Answer 69

Strategic perspectives

Question 70

are concerned with turning strategy into action by achieving change;

Answer 70

Tactical perspectives

Question 71

• are related to the day-to-day operations.

Answer 71

Operational perspectives

Question 72

are assumed to underpin the other types of core processes.

Answer 72

Compliance processes

Question 73

is also one of the fundamental requirements of the business process re-engineering (BPR) approach.

Answer 73

analysis of stakeholder expectations

Question 74

can be one of the most robust ways of identifying risks.

Answer 74

Analysis of stakeholder expectations

Question 75

can be a very timeconsuming exercise when undertaken thoroughly.

Answer 75

BPR

Question 76

• need to be the most robust processes in the organization,

Answer 76

Strategic core processes

Question 77

of an organization may be very different from those who are concerned with the organization’s operations.

Answer 77

Tactical stakeholders

Question 78

• are generally large organizations with a very diverse range of stakeholders.

Answer 78

Pharmaceutical companies

Question 79

• involves employee representatives who sit on the supervisory board, board of directors or similar structures in companies.

Answer 79

Board-level employee representation

Question 80

• also differs from other types of indirect participation such as works councils.

Answer 80

Board-level representation

Question 81

• may be considered to be the type of risk that will disrupt normal everyday activities.

Answer 81

Operational risk

Question 82

• is closely related to infrastructure risks described in the FIRM risk scorecard classification system

Answer 82

Operational risk

Question 83

• are usually hazard risks, and historically this has been an area of strong application of risk transfer by way of insurance.

Answer 83

Operational risks

Question 84

• now has a more extensive application and a more specific definition, especially in financial institutions.

Answer 84

Operational risk

Question 85

are required to have sufficient capital reserves available to meet the actual and potential financial losses and obligations faced by the organization.

Answer 85

Financial institutions

Question 86

assessment of capital requirements.

Answer 86

Economic Capital

Question 87

that set out recommendations on banking laws and regulations,

Answer 87

Basel II is the second of the Basel Accords

Question 88

is to create an international standard.

Answer 88

The purpose of Basel II (2004)

Question 89

have long been concerned with market risk and credit risk.

Answer 89

Banks

Question 90

• was initially defined as being any form of risk that was not market risk or credit risk.

Answer 90

Operational risk

Question 91

definition includes legal risk, but excludes strategic and reputational risk.

Answer 91

Basel II

Question 92

is a term that has a variety of meanings and that certain financial institutions use a different term or a broader definition.

Answer 92

Operational Risk

Question 93

Basel II definition identifies four types of risk categories:

Answer 93

people, process, system and external risks.

Question 94

include failure to comply with procedures and lack of segregation of duties.

Answer 94

People risks

Question 95

include process failures and inadequate controls.

Answer 95

Process risks

Question 96

include failure of applications systems to meet user requirements and the absence of built-in control measures.

Answer 96

System risks

Question 97

include action by regulators (change of regulation, but excluding enforcement or disciplinary action), unsatisfactory performance by service providers and fraud, both internal and external.

Answer 97

External Risks

Question 98

is the risk that the value of investments may decline over a period

Answer 98

Market risk

Question 99

is the risk that there will be a failure by a customer/client to repay the principal and/or interest on a loan.

Answer 99

Credit risk

Question 100

is also important for insurance companies;

Answer 100

Underwriting risk

Question 101

is at a crucial point in its development.

Answer 101

Operational risk management

Question 102

As economies and financial conditions change over time, so does the

Answer 102

operational risk exposure.

Question 103

is responsible for establishing the operational risk strategy.

Answer 103

Board

Question 104

is responsible for implementing the operational risk strategy.

Answer 104

Senior management

Question 105

attempts to protect the international financial system

Answer 105

Basel II

Question 106

aims to ensure that capital allocation is more risk sensitive.

Answer 106

Basel II

Question 107

Losses due to fraud, misappropriation or circumvention of regulations by internal party an authorized activity theft and fraud

Answer 107

Internal fraud

Question 108

Losses due to fraud, misappropriation or circumvention of the regulations by third party. System security theft and fraud

Answer 108

External fraud

Question 109

Losses arising from injury or noncompliance with the employment legislation.

Answer 109

Employees

Question 110

Losses arising from failure to meet professional obligations to clients. Disclosure and fiduciary

Answer 110

Clients

Question 111

Losses arising from loss or damage to physical assets. Disasters and other events

Answer 111

Physical assets

Question 112

Losses arising from disruption of business or system failures.

Answer 112

Systems

Question 113

Losses from failed transaction processing or process management.

Answer 113

Processes

Question 114

calculates the value of operational risk capital using a single indicator

Answer 114

Basic indicator approach:

Question 115

calculates the value for operational risk, using a broad financial indicator,

Answer 115

Standardized approach:

Question 116

uses the internal loss data and a combination of.qualitative and quantitative methods to calculate the operational risk capital.

Answer 116

Advanced approach

Question 117

are often larger, and include the loss of a customer.

Answer 117

Indirect costs

Question 118

refers to not-for-profit organizations, including charities, membership and voluntary bodies.

Answer 118

third sector

Question 119

the questions related to operational risk may well be: ‘What is the value of my assets, how do I protect them and to what extent and value (or limit of indemnity) do I need to purchase insurance?’

Answer 119

nonfinancial institution

Question 120

the questions are more likely to be: ‘What are the capital requirements attached to my assets?’ and ‘Can I afford to keep that amount of (non-productive) capital in reserve, or do I need to purchase insurance and to what value or limit of indemnity?’

Answer 120

financial sector

Question 121

is a requirement of Basel II, and financial institutions therefore have to undertake this work.

Answer 121

Calculation of operational risk exposure

Question 122

are driven by increasing regulatory demands and other corporate governance pressures.

Answer 122

Financial institutions

Question 123

has undertaken an evaluation of the causes of the global financial crisis.

Answer 123

The US-based Risk and Insurance Managers Society (RIMS)

Question 124

concluded that the global financial crisis was not a failure of ERM, but was caused by the following failures

Answer 124

RIMS

Question 125

– Failure to recruit, develop and retain suitable talent.

Answer 125

People risk:

Question 126

– A failure in processes or failure of their associated controls

Answer 126

Process risk

Question 127

Failure to invest and successfully implement, appropriate technology.

Answer 127

Technology risk

Question 128

Financial loss, data loss, business disruption or damage to reputation from failure of IT systems.

Answer 128

Cyber risk

Question 129

– Failure of products, processes or services to meet customer and regulator expectations

Answer 129

Customer outcome risk

Question 130

which is about delivering the project on time, within budget and to quality,

Answer 130

Project risk management,

Question 131

should be seen as an extension of conventional project planning

Answer 131

Project risk management

Question 132

is often defined in terms of uncertainty or deviation from the expected/required outcomes.

Answer 132

Risk

Question 133

should also be looking for opportunities that may arise when certain developments within the project are more favourable than expected.

Answer 133

project manager

Question 134

should take account of these positive developments and ensure that the structure for managing risks in projects is sufficiently flexible for the opportunities

Answer 134

Project risk management

Question 135

is a type of control management.

Answer 135

Project risk management

Question 136

is a well-developed discipline, with risk control and (especially) event management as the risk management activities that are most important.

Answer 136

Project risk management

Question 137

is the relationship between specification and performance

Answer 137

Quality

Question 138

There are risks associated with failure to obtain necessary permissions and approvals

Answer 138

(compliance risks).

Question 139

There are risks to the project that can prevent it being delivered on time and within budget

Answer 139

(hazard risks).

Question 140

There are risks to the project concerning the specification, performance and quality of the final outcome

Answer 140

(control risks).

Question 141

There are risks that can enhance the delivery of the project, such as earlier than expected availability of materials

Answer 141

(opportunity risks).

Question 142

accept uncertainty attached to each risk.

Answer 142

low-exposure/low-uncertainty risks,

Question 143

adapt activities and procedures and introduce controls, including (when appropriate) insurance.

Answer 143

high-exposure/lowuncertainty risks

Question 144

, the organization will adopt appropriate contingency plans and

Answer 144

low-risk/highuncertainty risks

Question 145

wish to avoid the uncertainty attached to the risk.

Answer 145

high-exposure/high-uncertainty risks

Question 146

plots the possible time delay that could result against the potential for cost increases associated with that even

Answer 146

Matrix

Question 147

should be populated and updated regularly throughout the duration of the project.

Answer 147

risk register or risk matrix

Question 148

can often be a cost-effective way of maintaining your risk register

Answer 148

risk management software tool

Question 149

must therefore be continually updated and reports generated at regular and frequent intervals.

Answer 149

risk register

Question 150

should provide clear visibility on the risks faced, enable prioritization of the activity and facilitate decision making.

Answer 150

Management reports

Question 151

has become one of the best-developed and respected branches of risk management.

Answer 151

Project risk management

Question 152

as applied to project management is similar to the standard risk management process

Answer 152

risk management process

Question 153

is often added as the fourth output from a project that has to be successfully delivered.

Answer 153

compliance

Question 154

is also used by some organizations as an alternative fourth output from a project.

Answer 154

Sustainability

Question 155

• collection of projects of this sort is referred to as a programme

Answer 155

Programme

Question 156

may be for additional time to complete a task, or additional costs that may arise to ensure that the final project deliverable operates to the required specification

Answer 156

Contingency

Question 157

is a process that enables the analysis and management of the risks associated with a project

Answer 157

Project risk analysis and management

Question 158

approach represents a continuous set of activities that can be started at almost any stage in the lifecycle of a project.

Answer 158

PRAM

Question 159

There are five points in a project where particular benefit can be achieved from using the PRAM model:

Answer 159

Feasibility
Sanction
Tendering
Post-tender
During implementation:

Question 160

at this stage the project is most flexible, enabling changes to be made that can reduce the risks at a relatively low cost.

Answer 160

Feasibility:

Question 161

: the client can view the risk exposure associated with the project and check that all steps

Answer 161

Sanction

Question 162

: the contractor can ensure that all risks have been identified

Answer 162

Tendering

Question 163

: the client can ensure that all risks have been identified by the contractor

Answer 163

Post-tender

Question 164

the likelihood of completing the project to cost and timescale will increase

Answer 164

During implementation:

Question 165

has two key characteristics:

Answer 165

Built-in risk management

Question 166

• is a set of interconnected processes and resources that starts with the sourcing of raw materials

Answer 166

Supply chain

Question 167

• is normally undertaken because it is assumed that costs can be reduced and risks transferred.

Answer 167

Outsourcing of operations

Question 168

means that the organization will not only have to focus on its own risks but should also look at the risks associated with other links in the supply chain.

Answer 168

Outsourcing

Question 169

are interrelated. Supply chain considerations are becoming more common, as well as much more complex.

Answer 169

Supply chain management and risk management

Question 170

• also extend to simple outsourcing decisions, such as the appointment of cleaners and caterers.

Answer 170

Supply chain issues

Question 171

can extend to strategic partnerships, joint ventures, support services

Answer 171

Scope of the supply chain

Question 172

• are those items that are delivered to you

Answer 172

Upstream supplies

Question 173

• refers to the goods that you deliver onwards.

Answer 173

Downstream supply chain

Question 174

• also allows the organization to have some management control over the operation of a supplier

Answer 174

Setting up joint ventures

Question 175

arrangements may also be an appropriate way of responding to competitor

Answer 175

Joint-venture

Question 176

• may also be a successful way of responding to technology changes

Answer 176

Joint ventures

Question 177

can ensure continuity of supply chains and also, if correctly executed, deliver competitive advantage.

Answer 177

Joint-venture operations

Question 178

will be available, including taking over the supplier or setting up a new organization jointly with your supplier as a separate jointventure organization.

Answer 178

Tactical options

Question 179

are a mechanism whereby an organization can exploit benefits but with a lower risk exposure.

Answer 179

Joint ventures

Question 180

is likely to include penalty clauses for failure to perform, but contracts that also include provisions for rewarding exceptional performance provide a greater sense of co-operation.

Answer 180

contract

Question 181

can also give rise to supply chain exposures.

Answer 181

Outsourcing of non-core operations

Question 182

is usually considered to be a mechanism for having non-core activities undertaken by a contractor.

Answer 182

Outsourcing of operations

Question 183

is often undertaken to save costs, but it may also be undertaken so that the work is fulfilled by a specialist company.

Answer 183

Outsourcing

Question 184

can cut costs by reducing overheads and having a professional perform the operation

Answer 184

Outsourcing

Question 185

The benefits of outsourcing can be divided into two types.

Answer 185

Direct Benefits and Indirect Benefits

Question 186

• is clearly an important component when setting up supply chain contracts or deciding to outsource certain activities.

Answer 186

Risk management

Question 187

• also enables organizations to focus on their own core operations and competencies

Answer 187

Outsourcing

Question 188

• arrangements should be introduced only when they offer a cost

Answer 188

Outsourcing

Question 189

• decisions based on a belief that risks are being completely transferred to a third party may prove to be incorrect

Answer 189

Outsourcing

Question 190

may be available for incidents that occur at the supplier premises Events such as poor quality of components, late delivery or the bankruptcy of the supplier are generally not insurable.

Answer 190

Insurance

Question 191

Damage to reputation may still be suffered if the outsource manufacturing activity produces substandard goods or is exposed as operating unethical business practices

Answer 191

Damage to reputation