Chapter 9 - Evaluating and Reporting Risk (techniques) Flashcards
What is expert judgement?
Expert judgement relies on the skills and experience of relevant specialists, either in isolation or working as a group. For example, an IT specialist should have a good understanding of the types of IT-related risk events to which an organisation may be exposed.
How can a focus group assist with risk identification?
Focus groups may comprise a mix of specialists, such as IT, finance and HR specialists or functional and departmental managers, such as operation managers or marketing managers. The idea behind a focus group is to share a range of different perspectives and experiences to achieve a consensus view.
What is the difference between a survey and checklist?
A checklist is a verification document formed based on the company’s existing standards and regulated processes, the monitoring of which is essential at any time. A survey is a form of collecting simple, unstructured information.
A checklist ensures that particular types of risk event are not forgotten. Experts, focus groups or survey respondents may accidentally overlook certain types of risk event. A checklist ensures that all relevant sources of risk are given consideration.
What are the benefits of checklists?
- Cheap and efficiency way of collating large amounts of information
- Simple and easy to use - ensures that relevant sources of risk are not missed
- Can be adapted to individual areas of risk focus (such as health ahd safety, environment, etc)
- Useful for putting diverse sources of information into a common format
What are the disadvantages of checklists?
- may be completed too quickly and therefore without much thought by someone who considers that their time is better spent elsewhere
- may be completed by someone who has their own reasons for suppressing risk information
- may be ambigious to the reader
- ‘form filling’ exercise
What are the advantages of a physical inspection?
There is a clear advantage when a workplace and its employees are visited, particularly by someone who has the specialised knowledge to take a professional view of what is there. A formal inspection report will normally conclude with recommendations to improve the control environment and reduce the probability and impact of loss.
What are the disadvantages of an inspection?
- An inspector can only see risk exposures that are visible on the day of the visit. A visit is a snapshot in time and can capture only the activity of the day.
- An inspection programme can be expensive, especially when visits are needed across many different workplaces.
- Some of an organisation’s greatest types or sources of risk may be those where third-party suppliers provide goods and services. The organisation may have difficulty obtaining authority to conduct detailed inspections in third-party premises unless this permission is negotiated within the original contract.
- Risk-management is and should remain the responsibility of every manager and employee throughout an organisation. Regular visits by an inspector, if not carefully managed, could encourage managers and employees to believe that they can abdicate responsibility for risk-management to the inspector.
What are analytical approaches and name four examples.
Analytical approaches use a range of research and logic structuring methods to make risk identification more scientific and less prone to human error. Techniques include:
- The structured what-if technique (SWIFT)
- The Delphi technique
- Root-cause analysis
- System and process mapping
What is the structured what-if technique (SWIFT)?
The structured what-if technique (SWIFT) is a systematic, team-oriented technique commonly used for the identification of health-and-safety and environmental-related risks in areas such as chemical processing and manufacturing. The technique uses a series of structured ‘what-if’ and ‘how-could’ type questions to consider deviations from the normal operation of systems and processes. The activity is supported by checklists to help identify potential risk events. SWIFT relies on expert input from the team to identify risk events.
What is the Delphi technique?
The Delphi technique is an information-gathering tool that is used to reach a consensus of experts on a subject, in this case the identification of risk events.
Each expert participates anonymously and a facilitator uses a questionnaire to solicit ideas about the important points related to the subject. The responses are summarised and re-circulated to the experts for further comment. Consensus may be reached in a few – or many – rounds of this process.
What are the advantages and disadvantages of the Delphi technique?
+ve’s
- reduce bias due to anonymity and prevents any one person from having undue influence
- a range of experts can be used
-ve’s
- time consuming, especially if a consensus is hard to reach
Outline the steps for a typical risk identification process via the Delphi technique
- Agree the function, department, project or process to be analysed.
- Select a panel of experts and keep the membership anonymous.
- Send out background information and a questionnaire that asks them to identify the relevant risks.
- Facilitator compiles responses.
- Facilitator sends out compiled information to experts for comment. Experts invited to revise their views based on responses.
- Repeat until a consensus is reached.
What is a root-cause analysis?
Root-cause analysis - focuses on investigating the root causes of risk events. It may be applied to hypothetical risk-event scenarios or actual risk events that have occurred, either within the organisation or in similar organisations.
Root-cause analysis is based on the assumption that many risk events have multiple causes. For example, a fire risk event needs material to burn, a spark and oxygen before it can cause damage
What is a common investigation technique used when conducting system and process mapping?
A common investigation technique is fault-tree analysis, which looks at what might cause a systems or process flow to fail. The fault tree does not look at the system or process leading to the end result. Instead, it tries to identify potential system or process failures (risk events) and then looks backwards to search out the possible causes of those failures.
The aim is to identify key points of failure and whether these can be overcome by adapting other parts of the system or process flow.
An advantage of the fault-tree approach is that it can highlight connected risk events that could combine to cause much larger risk events
A disadvantage of the fault-tree approach is that it can take a lot of time and money to flow-chart systems and processes and then analyse them for points of failure that may cause risk events.
What are the benefits of loss event and near miss investigations?
Loss events and near misses are learning opportunities. Whenever they occur, an organisation may decide to identify the causes of these events using techniques such as root-cause analysis. These investigations may help an organisation to identify new risks; they may also signify an increase in exposure to a previously identified risk or a control weakness.