ERM Chapter 6 Flashcards
What are the key principles embedded in “the Orange Book”?
- The importance of linking risks to objectives
- The distinction between a risk and its impact
- The need to distinguish inherent and residual risks
- Prioritisation of risks is more important than quantification
- Risk appetite should be subdivided into corporate, delegated and project
- A dedicated risk committee is recommended.
What are the key principles embedded in The Treasury Board of Canada Integrated Risk Management Framework?
- The importance of the establishment of a comprehensive understanding of an organisation’s risk profile, appetite and tolerance
- The focus on the RMF and the integration of risk management activities
- The value of a continuous and supportive learning environment
- The need to establish the ‘relationship between the organisation and its operating environment, revealing the interdependence of individual activities and the horizontal linkages’.
What are the four elements of the Canadian Integrated Risk Management Framework?
- Developing the corporate risk profile:
- Organisation’s risks are identified through environmental scanning
- The current status of risk management within the organisation is assessed
- The organisation’s risk profile is identified - Establish an integrated RMF
- Management direction on RM is communicated, understood and applied
- The approach to making integrated RM operational is implemented through existing decision-making and reporting structures - Practising Integrated RM
- A common RM process is applied consistently at all levels
- The results of RM practices at all levels are integrated into informed decision-making and priority setting
- Consultation and communication with stakeholders is ongoing - Ensuring continuous RM learning
- A supportive work environment is established where learning from experience is valued and lessons are shared
- The results of RM are evaluated to support innovation, learning and continuous improvement
- Experience and best practices are shared internally and across government.
What are the key features and principles embedded in AS/NZS 4360?
- The detail on risk analysis for non-financial organisations (which can be useful for considering operational risk for financial organisations)
- The recommendation that the RM process is formulated into a RM plan
- The stressing of the importance of senior management buy-in
- The need for adequate resources being allocated to RM.
List the 7 elements of the process set out by AS/NZS 4360.
- Establish the internal and external context
- Identify risks
- Analyse risks
- Evaluate risks
- Treat risks
- Monitor and review
- Communicate and consult
What are the distinguishing characteristics of the new global Risk Management Guidance Standard ISO 31000?
- Emphasis on the possibility of an effect, rather than the possibility of an event
- Focus on how such effects could affect objectives
- Viewing the risk framework as being dynamic - developing through a continuous cycle
Outline how the Risk Assessment and Management for Projects (RAMP) process, developed jointly between the Institute and Faculty of Actuaries and Institute of Civil Engineers, is different to the AS/NZS 4360 process.
The eight steps in the RAMP process are similar to those in AS/NZS 4360 process, other than the inclusion of:
- both a project launch stage and project shutdown stage
a go/no-go decision step.
What are the key features and principles embedded in (IRM/AIRMIC/Alarm Standard) the Institute of RM/Association of Insurance and Risk Managers/ALARM National Forum for RM in the Public Sector?
- Similar to the COSO framework, proposes a methodical approach to RM and a structured approach to risk reporting
- A strong focus on the role of a RM champion
- An in-house approach to RM
- Internal audit is an important control
- Clarity over the roles of stakeholders is important
- A highly-structured approach to risk reporting is beneficial.
List examples of advisory RM frameworks
- RAMP
- COSO ERM Integrated Framework
- IRM/AIRMIC/Alarm Risk Management Standard
- The Treasury Board of Canada Risk Management Framework
- Management of risk - Principles and Concepts (“The Orange Book”)
- AS/NZS 4360
- ISO 31000