Chapter 7 – Risk-management processes, perspectives, and responsibilities

Question 1

What are the four elements of standard risk-management?

Answer 1

1. **Risk identification **– checklists, root cause analysis and the Delphi technique
2. **Risk assessment **– determine the potential significance of the risk – allows the risks to be placed in rank order to help establish their priority – probability x impact of risk event = exposure to risk event
3. Risk monitoring – comprehensive picture of an organisation’s current risk profile – KPIs, risk reports, etc
4. Risk control – application of tools and techniques to influence the probability and impacts of a risk event or to mitigate any secondary business disruption and reputation effects that may follow the initial risk event – e.g. door locks, financial tools, transfer risk, etc.

Question 2

What is enterprise risk management (ERM)?

Answer 2

COSOP - ‘Enterprise risk management is a process, effected by an entity’s board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.’

The tools used within ERM to undertake these activities are often the same as those that might be used by organisations using the standard process. What changes is the philosophy that underpins the process of risk identification, assessment, monitoring and control.

Question 3

What are the three essential characteristics of ERM?

Answer 3

1.** A holistic focus**
a. ERM embraces all types of risk in every part of an organisation, recognising that different risks, functions, business lines and processes are all interconnected (non-silo approach)
b. **Creation of an integrated risk function **– to build a comprehensive picture of where risk lies within the organisation and is likely to affect the strategic objectives
2. An emphasis on value-added risk management
a. RM should create and protect value for an organisation
3. The blending of formal and informal risk-management tools and activities
a. Formal factors – tangible systems – processes, procedures, policies, committees
b. Informal factors – intangibles – organisational culture, social networks, etc

Question 4

What are the organisation-wide benefits of ERM?

Answer 4

• Improved reporting to support strategic decision-making
• Avoidance of silos
• Improved operational efficiency and cost effectiveness
• Improved profitability and equity value
• Improved ability to achieve other business objectives

Question 5

What are the additional factors of ERM?

Answer 5

• ERM policy
• Risk appetite
• Risk reporting
• Risk and audit committees
• Escalation and whistleblowing
• Business continuity management

Question 6

What is the role of the chief risk officer (CRO)?

Answer 6

• Implement an enterprise risk-management framework for the organisation
• To support the board in the fulfilment of their risk responsibilities
• To direct the work of the organisation’s risk function
• To oversee the risk-management activities of the whole organisation
• Communicating to key stakeholders the risk profile of the organisation
• Organising training in risk management for the organisation – appoint risk champions