Introduction to Risk Management

Question 1

Define risk in general terms

Answer 1

The possible variation in an outcome from what is expected to happen

Question 2

Define variation

Answer 2

Range of possible outcomes

Question 3

Define expectation

Answer 3

What we expect to happen

Question 4

Define outcomes

Answer 4

What actually does happen

Question 5

Define risk according to COSO

Answer 5

The possibility than an event will occur and adversely affect the achievement of objectives

Question 6

Define opportunity according to COSO

Answer 6

The possibility than an event will occur and positively affect the achievement of objectives

Question 7

Define uncertainty

Answer 7

The inability to predict outcomes because of a lack of information

Question 8

What are the two types of non-business risk?

Answer 8

1. Financial risk

2. Operational risk

Question 9

Define strategy risk

Answer 9

Choosing and implementing the wrong corporate strategy

Question 10

Define enterprise risk

Answer 10

Success or failure of a business operation

Question 11

Define product risk

Answer 11

Customers do not buy the anticipated amount of product

Question 12

Define economic risk

Answer 12

Unexpected changes in economic conditions

Question 13

Define property risk

Answer 13

Losing property or losses arising from accidents

Question 14

Define business risk

Answer 14

Risks that arise from the nature of the entity’s business, its industry, and the conditions it operates in

Question 15

What are examples of business risk?

Answer 15

PEEPS

1. Property risk
2. Enterprise risk
3. Economic risk
4. Product risk
5. Strategy risk

Question 16

What are examples of controllable financial risks?

Answer 16

1. Gearing risk
2. Credit risk
3. Liquidity risk

Question 17

What is an example of uncontrollable financial risk?

Answer 17

Market risk

Question 18

Define gearing risk

Answer 18

Increased interest charges due to high debt levels

Question 19

Define credit risk

Answer 19

The economic loss suffered due to the default of a customer

Question 20

Define liquidity risk

Answer 20

An unexpected shortage of cash

Question 21

Define market risk

Answer 21

Exposure to changes in market prices or rates

Question 22

What are examples of operational risk?

Answer 22

1. Process risk
2. People risk
3. Systems/cyber risk
4. Event risk

Question 23

Define process risk

Answer 23

Company’s processes are ineffective or inefficient

Question 24

Define people risk

Answer 24

Arising from staff constraints, incompetency, or dishonesty

Question 25

Define systems/cyber risk

Answer 25

The risk of financial loss, business disruption, or reputation damage that are a consequence of accidents and poor systems integrity

Question 26

Define event risk

Answer 26

Loss due to single events that are unlikely but serious

Question 27

What are examples of cyber risk?

Answer 27

1. Phishing
2. Webcam manager
3. File hijacker/ransomware
4. Keylogging

Question 28

Define phishing

Answer 28

Bogus emails that ask for personal or security information

Question 29

Define webcam manager

Answer 29

Where the user’s webcam is taken over

Question 30

Define file hijacker/ransomware

Answer 30

Where the user’s files are hijacked and held to ransom

Question 31

Define keylogging

Answer 31

Where criminals record what users type

Question 32

What are examples of event risk?

Answer 32

1. Disaster risk
2. Regulatory risk
3. Reputation risk
4. Systemic risk

Question 33

Define disaster risk

Answer 33

Catastrophe occurs such as a fire, flood, etc

Question 34

Define regulatory risk

Answer 34

New laws or regulations are introduced

Question 35

Define reputation risk

Answer 35

Risk of damage to the business’s reputation

Question 36

Define systemic risk

Answer 36

Failure by a participant in the business’s supply chain

Question 37

Define risk management

Answer 37

The identification, analysis, and economic control of risks that threaten the assets or earning capacity of a business

Question 38

What are the stages of the risk management process?

Answer 38

1. Risk awareness and identification
2. Risk assessment and measurement
3. Risk response and control
4. Risk monitoring and reporting

Question 39

Define risk identification

Answer 39

The identification of the whole range of possible risks and the likelihood of losses occurring as a result of these risks

Question 40

What are examples of techniques to identify risk?

Answer 40

1. PEST analysis
2. SWOT analysis
3. External advisors
4. Interviews
5. Questionnaires
6. Internal audit
7. Brainstorming

Question 41

What is the purpose of risk assessment?

Answer 41

To consider the nature of each risk and the implications it might have for the business achieving its objectives

Question 42

What is the purpose of risk measurement?

Answer 42

1. To identify the probability of the risk occurring
2. To quantify the resultant impact
3. Calculates the amount of potential loss using expected values for gross risk

Question 43

Define gross risk

Answer 43

The potential loss associated with the risk, calculated by combining the impact and probability of the risk before taking any control measures into account

Question 44

What is the equation for calculating gross risk?

Answer 44

gross risk = probability x impact

Question 45

Define probability

Answer 45

Measures likelihood

Question 46

Define impact

Answer 46

Measures the size of the loss

Question 47

Define exposure

Answer 47

A measure of the way in which a business is faced by risks

Question 48

Define volatility

Answer 48

A measurement of the variability of a risk factor

Question 49

What are the five different categories of loss?

Answer 49

1. Property loss
2. Liability loss
3. Personnel loss
4. Pecuniary loss
5. Interruption loss

Question 50

What is a risk assessment map used for?

Answer 50

To assess each risk

Question 51

What are the key responses to high likelihood, low impact risks?

Answer 51

1. Reduction

2. Sharing

Question 52

What are the key responses to high likelihood, high impact risks?

Answer 52

1. Avoidance
2. Reduction
3. Sharing

Question 53

What is the key response to low likelihood, low impact risks?

Answer 53

Acceptance

Question 54

What is the key response to low likelihood, high impact risk?

Answer 54

Reduction

Question 55

Define risk-averse attitude

Answer 55

An investment would be chosen if it has more certainty but possibly a lower return than an alternative less certain, potentially higher return investment

Question 56

Define risk-neutral attitude

Answer 56

An investment would be chosen according to its expected return, irrespective of the risk

Question 57

Define risk seeker attitude

Answer 57

An investment would be chosen based on it offering higher levels of risk, even if its expected return is lower than an alternative no-risk investment with a higher expected return

Question 58

Define crisis

Answer 58

An unexpected event that threatens the wellbeing of a business or a significant disruption to the business and its normal operations that impact on its customers, employees, investors, and other stakeholders

Question 59

What are examples of crisis?

Answer 59

1. Natural event
2. Industrial accident
3. Product or service failure
4. Public relations disaster
5. Business crisis
6. Management crisis
7. Legal/regulatory crisis

Question 60

Define crisis management

Answer 60

The identification of a crisis, planning a response to the crisis and confronting and resolving the crisis

Question 61

What are the features of crisis management?

Answer 61

1. Contingency plans

2. Crisis prevention

Question 62

Define disaster

Answer 62

When the business’s operations, or a significant part of them, break down for some reason leading to potential losses of equipment, data, or funds

Question 63

What are the two types of disaster?

Answer 63

1. A major crisis causing a breakdown in operations and resultant losses
2. An event that results in serious consequences

Question 64

What are the main components of a disaster recovery plan?

Answer 64

1. Define responsibilities
2. Prioritise actions
3. Establish back-up and standby arrangements
4. Communicate with staff
5. Establish PR
6. Risk assessment