Chapter 9 Flashcards
9.1: Compare the costs and benefits of using the judgement of one expert versus a focus group.
Using one expert is cost effective in terms of time. But there is the possibility that the expert might miss something
important or that they exhibit some form of perceptual bias (Table 5.1). Focus groups cost more in terms of time but are
more likely to identify all of the relevant risks.
9.2: What are near misses and why should they be investigated?
Near misses are events that should have resulted in a financial or non-financial loss, but for one reason or another did not. Luck often plays a part in near misses. For example, monies that are lost may be recovered or a serious accident is narrowly averted.
Near misses are important learning opportunities. The next time they occur, an actual loss may be incurred. It is
important to learn from the near miss to help prevent future occurrences
9.3: Provide a definition for emerging risk, and two current examples of potential emerging risks.
Emerging risks are either significant new risks, or risks that were known about previously but which were not considered
to be significant. Emerging risks are characterised by high levels of uncertainty and may be ignored or underestimated
because of this.
Current examples of emerging risks include cyber risks such as ransomware and adverse social media coverage. Other
examples are linked to political uncertainty (such as Brexit) and global warming (the rise in severe weather events).
9.4: Compare and contrast the strengths and weaknesses of quantitative and qualitative risk-assessment approaches.
Quantitative approaches are more scientific and use statistical methods to ensure consistent and objective assessments of risk. Quantitative approaches are theoretically superior but require large amounts of data that may not be available in
practice.
Qualitative approaches do not need data, but they are much more subjective. They can only provide an order of
magnitude for probability and impact rather than a precise measurement.
9.5: What are the differences between risk, control and performance indicators?
Risk indicators provide information on an organisation’s inherent risk exposure to one or more risks.
Control indicators provide information on the effectiveness of controls. These indicators can help organisations to
understand how their residual risk exposures may be changing.
Performance indicators provide information on how efficiently an organisation is operating. Indicators may look at
financial performance or operational efficiency.
Note that performance indicators may also be risk indicators or control indicators in some circumstances. For example, staff absence rate is a common performance indicator but it may also be a risk indicator. High levels of staff absence will put pressure on systems and processes, increasing the chance of failure.
