ERM IRM M1U3.1 Establishing Internal & External Context Flashcards

1
Q

3 Components of Context

A

Hopkin and Thompson argue that there are three components of context:

the organisation’s risk management context

the internal context

the external context

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

ISO 31000 - Purpose of the establishing scope,the context and criteria

A

ISO 31000(2018)states that “the purpose of establishing the scope, the context and criteria is to customize the risk management process, enabling effective risk assessment and appropriate risk treatment. Scope, context and criteria involve defining the scope of theprocess andunderstanding the external and internal context”.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

PESTLE risk classification system

A

Many organizations use the political, economic, social, technological, legal and environmental/ethical (PESTLE) risk classification system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

FIRM risk scorecard

A

The finance, infrastructure, reputation, marketplace (FIRM) risk scorecard provides a structure for carrying out a detailed evaluation of the context of the organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

FIRM - Reputation - External

A

when evaluating the reputational component of the external context, the following issues should be addressed:

public perception of the industry sector in which the organization operates;

corporate social responsibility standards achieved by the organization;

governance standards and whether the sector is highly regulated;

quality of products or services and/or after-sales service standards.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

FIRM - Marketplace- External

A

The other component of the FIRM risk scorecard relevant to the external environment is the marketplace and the level of presence of the organization within the marketplace. This will impact the level of customer trade or expenditure. In particular, when evaluating the marketplace component of the external environment, the following issues should be addressed: level of revenue generation in the marketplace and return on investment;

presence of aggressive competitors and/or high customer expectations;

level of economic stability, including exposure to interest rates and foreign exchange rates;

complexity of the supply chain and volatility of raw material costs;

exposure to disruption through either technology or geopolitical reasons (political risks, war and terroris

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

FIRM - Financial - Internal

A

. In particular, when evaluating the financial component of the internal context, the following issues should be addressed:

availability of adequate funds and future flows of funds to fulfil strategic plans;

existence of robust procedures for correct allocation of funds for investment;

nature of internal financial control environment to prevent fraud; availability of funds to meet historical and anticipated future liabilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

FIRM - Infrastructure - Internal

A

The other component of the FIRM risk scorecard relevant to the internal context is infrastructure, as this influences the nature of the processes undertaken within the organization.

Infrastructure risks define the level of inefficiency and dysfunction that may arise during internal processes.

In particular, when evaluating the infrastructure component of the internal context, the following issues should be addressed:

senior management structure and the nature of the risk culture;

availability of adequate people resources and skills, including intellectual property;

availability of adequate physical assets to support operational activities;

information technology infrastructure sufficient to achieve resilience and protect data;

business continuity plans in place to ensure continuity of activities following major disruption;

arrangements for service delivery and/or transportation and reliable communication infrastructure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Mechanism to evaluate context

A

SWAT and FIRM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which risks PESTLE is most applicable?

A

More applicable to Hazard risks.

PESTLE should be used with SWOT analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

PESTLE Pros and Cons

A

There are several advantages and disadvantages to the PESTLE approach. The advantages are as follows: simple framework; facilitates an understanding of the wider business environment; encourages the development of external and strategic thinking; anticipates future business threats; helps identify actions to avoid or minimize impact of threats; facilitates identification of business opportunities. However, there are certain disadvantages associated with the use of the PESTLE analysis as a means of identifying risks. These disadvantages are as follows: can over-simplify the amount of data used for decisions; needs to be undertaken on a regular basis to be effective; requires different people being involved with different perspectives; access to quality external data sources can be time-consuming and costly; difficult to anticipate developments that may affect an organization in the future;

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

ISO Stakeholder Definition

A

ISO Guide 73 defines a stakeholder as a ‘person or group concerned with, affected by, or perceiving themselves to be affected by an organization’.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Stakeholder Types

A

There will be a wide range of stakeholders in a typical organization that can be summarized as CSFSRS, as follows: customers; staff; financiers; suppliers; regulators; society.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Analysis of stakeholder expectations & BPR

A

The analysis of stakeholder expectations is also one of the fundamental requirements of the business process re-engineering (BPR) approach.

BPR is a technique to ensure that an organization has the most effective and efficient processes and operations.

A starting point for many BPR exercises is to identify stakeholders and their expectations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Primary and Secondary Stakeholders

A

Primary and secondary stakeholders could include: Primary stakeholders: shareholders; employees; customers; suppliers.

Secondary stakeholders: government – central or local government bodies; media – press, broadcasters, online and especially social media; consumer groups, pressure groups, community groups; competito

How well did you know this?
1
Not at all
2
3
4
5
Perfectly