Chapter 7 - Assessing and managing risk Flashcards
Define fundamental risk
Those that affect society in general and are beyond the control of any one individual e.g. atmospheric pollution
Define particular risk
Those that an individual has some measure of control e.g. smoking can be mitigated through not smoking
Define speculative risk
Those from which either good or harm may result
Define pure risk
Those from which the only outcome is harmful.
What are the seven steps of the risk management process?
- Set responsibilities
- Set risk appetite
- Identify risks
- Assess risks
- Respond to risks
- Monitor and review process and adapt if needed
- Start again
Who has responsibility for risk management?
The board but they can delegate to risk committee
What is the role of the risk committee?
- Ensure system exists
- Set risk policy
- Assess risks
- Review internal audit work
- Review risk register
- Advise board
What does a risk manager do?
Supports the board by taking the lead on risk and developing policy on managing risks
Define risk appetite
The nature and strengths of risks that an organisation is prepared to bear
Define risk capacity
The nature and strength of risks that an organisation is able to bear
Define risk averse
Accepting risks up to a certain point as long as they represent an acceptable return
Define risk seeker
Pursuing the higher returns regardless of risk
Define strategic risk
Risk that arises from longer-term decisions or events
Define operational risk
Risk that arises from normal day-to-day activity of a company
What does a risk register do?
- Prioritises the main risks an organisation faces.
- Who is responsible for dealing with risks and the actions taken.
- Shows the risk levels before and after control action is taken
What are the methods for assessing risk?
- Regression analysis
- Simulation
- Sensitivity analysis
- Accounting ratios - gearing, interest cover
- Expected values
What do risk maps / heat maps do?
- Show risk from risk registers in a visual way by plotting on a chart according to impact and likelihood
- There is a risk tolerance boundary in middle which reflects risk appetite
What is the main disadvantage of risk assessment?
It is subjective
Explain the TARA model
Responses for risks are considered based on the axes of likelihood of risk and impact of risk
- Transfer (low likelihood, high impact)
- Avoid (high likelihood, high impact)
- Reduce (high likelihood, low impact)
- Accept (low likelihood, low impact)
Define gross risk
Risk without any mitigation
Define residual risk
Risk that remains once management action has been taken to accept them
What is ALARP?
A pragmatic approach to managing risks that seeks the most appropriate response by balancing cost and benefit - as low as reasonable practicable
