Introduction To Risk Management

Question 1

Risk definition

Answer 1

The possible variation of an outcome from what is expected

Question 2

COSO Definition of risk

Answer 2

The possibility that an event will occur and adversely affect the achievement of objectives

Question 3

COSO definition of opportunity

Answer 3

The possibility that an event will occur and positively affect the achievement of objectives

Question 4

Uncertainty definition

Answer 4

Inability to predict due to lack of information

Question 5

3 attitudes to risk

Answer 5

Risk averse
Risk neutral
Risk seeker

Question 6

Risk averse attitude

Answer 6

More certainty less reward

Question 7

Risk neutral attitude

Answer 7

Investment chosen based on return

Question 8

Risk seeker attitude

Answer 8

Chosen due to high risk even if return lower

Question 9

Three types of risk

Answer 9

{Bof}

Business risk
Operational risk
Financial risk

Question 10

5 types of business risk

Answer 10

{Pepe’s}

Product
Economic
Property
Enterprise
Strategy

Question 11

2 types of financial risk

Answer 11

Controllable
Uncontrollable

Question 12

5 types of operational risk

Answer 12

{Pecs}

Process
People
Event
Cyber
Systems

Question 13

4 types of event risk

Answer 13

{DRReSs well for the event}

Disaster
Regulatory
Reputation
Systemic (participant in business’ supply chain)

Question 14

4 terms in measuring risk

Answer 14

Probability
Impact
Exposure
Volatility

Question 15

Measures of central tendency

Answer 15

Mean
Median
Mode
Expected value

Question 16

Measures of dispersion/spread

Answer 16

Range
Deviation
Variance
Standard deviation
Coefficient of variation

Question 17

Deviation

Answer 17

How far away from the mean

Question 18

Variance =

Answer 18

The average of all squared deviations

Σ(x-Av)^2/n

Question 19

Standard deviation

Answer 19

Square root of the variance

Question 20

Coefficient of variation

Answer 20

Standard deviation divided by the mean

Useful to compare variations across different means (often %)

Lower = better return to risk

Question 21

Frequency distributon

Answer 21

Based on sets of values e.g. 10-20, 21-30…
Often shows normal distribution

Question 22

Normal distribution

Answer 22

Bell curve
Mean in centre
Mean median and mode the same
Area under curve = 1

Question 23

Normal distribution standard deviations

Answer 23

34% values mean-1 (68% -1-1)
47.5% values mean-2
49.9% values mean-3

Question 24

For a normal distribution, what can we work out if we know the mean and standard deviation?

Answer 24

The probability of a certain value occurring

Question 25

Left skewed data

Answer 25

Aka negatively skewed Concentrated on the right Median and mean to left of mode

Question 26

Right skewed data

Answer 26

Aka positively skewed Concentrated on the left

Question 27

4 stages of the risk management process

Answer 27

Awareness and identification Assessment and measurement Response and control Monitoring and reporting

Question 28

Techniques to identify risks

Answer 28

PESTLE/SWOT External advisors Interviews/Questionnaires Internal audit Brainstorming

Question 29

5 types of loss

Answer 29

Property loss (assets) Liability loss (legal) Personell loss (injury, sickness, death) Pecuniary loss Interruption loss (inability to operate)

Question 30

Risk assessment

Answer 30

Nature and goal implications

Question 31

Risk measurement

Answer 31

Probability of risk, quantifies impact, calculates potential loss using expected values for gross risk

Question 32

Gross risk

Answer 32

Probability x impact (and considering control measures)

Question 33

Risk assessment map

Answer 33

Matrix of impact and probability

Question 34

High impact low probability risk

Answer 34

Sharing Reduction

Question 35

High impact high probability risk

Answer 35

Avoidance Reduction Share

Question 36

Low impact low probability risk

Answer 36

Accepted

Question 37

Low impact high probability risk

Answer 37

Reduction

Question 38

TARA model of risk responses

Answer 38

Transfer (sharing) Avoidance Reduction Acceptance (retention)

Question 39

TARA model of risk responses: Transfer

Answer 39

Transfer risk to 3rd party E.g. insurance, hedging

Question 40

TARA model of risk responses: Avoidance

Answer 40

Don’t do risky activities But loose upside potential too

Question 41

TARA model of risk responses: Acceptance

Answer 41

Tolerate losses Can be cheaper than insurance for small risks

Question 42

TARA model of risk responses: Reduction

Answer 42

Retain activity but reside risk Mitigating controls: Preventative Corrective Directive Detective

Question 43

Benefits of risk monitoring

Answer 43

Current effectiveness Change to risk profile

Question 44

What risks does the Corporate Governance Code require listed companies to report on?

Answer 44

1. Nature and extent of risks willing to take to achieve objectives 2. Management issues

Question 45

Corporate Governance Code: 4 additional board disclosures (risk reporting)

Answer 45

1. Responsible for internal control systems 2. Systems designed to manage not eliminate risk 3. How dealt with internal control aspects of significant problems highlighted in accounts 4. Weaknesses of internal control that have resulted in material losses

Question 46

7 types of crisis

Answer 46

Natural event Industrial accident (e.g. fire, collapse) Product/service failure PR disaster Business crisis (e.g. loss of key supplier/customer) Management crisis (e.g. hostile takeover bid/loss of key management) Legal/regulatory crisis

Question 47

2 things crisis management should consider

Answer 47

Contingency plans Crisis prevention

Question 48

ICSA 2 axes of business resilience

Answer 48

1. PROCESSES and functions to protect the organisation 2. General ORGANISATIONAL characteristics driving resilience

Question 49

ICSA: Processes and functions to protect the organisation

Answer 49

Risk management Business continuity planning Security IT disaster recovery Health and safety Crisis management Internal audit Governance

Question 50

ICSA: General organisational characteristics driving resilience

Answer 50

Employee trust in management Customer trust in organisation Ability to innovate Clear values Values liked to behaviour Effective risk management Morale Leadership involvement

Question 51

2 types of business resilience changes

Answer 51

External (laws, recession) Internal/panned (overseas investment, closure of significant operations, new strategic direction)

Question 52

ICSA 4 features of resilient organisations

Answer 52

1. Diversified RESOURCES 2. Strong internal and external RELATIONSHIP network 3. Rapid and decisive RESPONSE to emerging crisis 4. Self-REVIEW and adaption to meet changing circumstances

Question 53

Challenges to achieving resilience

Answer 53

Lack of expertise Lack of input from leadership Lack of cohesive thinking between departments

Question 54

ICSA 4 key metrics to measure resilience

Answer 54

1. Compliance (internal) 2. Completeness (breadth of readiness, multiple issues concurrently!) 3. Comparability/capability (testing+reviewing responses to potential shocks) 4. Value (hitting goals quantitative+qualitative)

Question 55

Disaster definition

Answer 55

(Part of) OPERATIONS break down causing losses to equipment/data/funds

Question 56

Crisis definition

Answer 56

Unexpected event that threatens well-being/normal operations of business. Affecting customers, employees, investors and other stakeholders.

Question 57

6 components of disaster recovery plan

Answer 57

{Disaster recovery CREEP} Define responsibilities Communicate with staff Risk assessment Establish back-ups and standbys Establish PR Prioritise actions