IRM M1 U1.3 Importance of ERM for organisations Flashcards

1
Q

Why is risk management important

A

Positive ROI

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Purpose of risk management

A

Consistency of decision making
Increase confidence
Retain brand / reputational value
Improve working relationships
Increase ability to hit strategic targets
Improve Transparency of risk culture

Ocado’s risk management process is designed to improve the likelihood of delivering our business objectives, protect the interests of our key stakeholders, enhance the quality of our decision making, and assist in the safeguarding of our assets, including people, finances, property and reputation.

They explain that their risk management process: is designed to identify key risks and to provide assurance that these risks are understood and managed in line with the agreed risk appetite.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Benefits of risk management

A

Strategy; Align risk appetite & strategy; Link growth, risk & return

Governance; - Comply, Improve governance

Org performance; - Increase likelihood of meeting org objective; Improve org resilience, minimise Ops lossess

People - Improve org learning, Optimise allocation of resources

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

The EY (2019) paper on “Why risk-informed decision-making matters” highlights

A

a risk informed strategy should be a Board priority, with the C-suite expecting ERM (Enterprise Risk Management) to play an increasing role in setting and implementing an organisation’s strategy.

been a disconnect between the ERM programme and strategic planning, ERM is not able to add value to an organisation as it is not informing business decision making, or ensuring limited resources are allocated to the principal risks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

The EY ‘Board priorities 2022’ report considers

A

that boards should start to focus their attention more on the fast-evolving business environment, and at the same time keep an eye on emerging risks rather than limiting their and their audit committee’s focus on financial reporting.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Risk and reward. Ex. Launch of a new product

A

Risk can be desirable and deliver benefits or rewards. A business will launch a new product because it sees opportunities from the successful marketing of that product. In undertaking the launch, the organization will allocate resources which may be wasted if the launch is not successful. These resources represent the value at risk and need to be within the risk appetite of the organization.

Risk management effort should produce rewards.

hazard risks, that reward will be fewer disruptive events in

project risks, the reward for increased risk management effort will be that the project is more likely to be delivered on time, within budget and to specification/quality.

For opportunity risks, risk management should result in a higher rate of successful new products launches or (at worst) a lower level of loss for all new activities or new products.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Attitudes to risk ISO

A

Risk attitude is the organization’s approach to assess, pursue, retain or avoid risks

Some organizations may be considered to be risk averse, whilst others will be risk aggressive.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Risk attitude vs Risk appetite

A

Risk attitude indicates the way the organization perceives the likelihood and impact of uncertainty (including what it can do about the uncertainty). Risk appetite indicates the amount of risk an organization is willing to seek or accept in pursuit of its long-term objectives

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Risk management and the bow-tie

A

Sx. Kitchen Fire

The most popular method of analysing a risk is using a bow-tie.

A bow-tie is a simple way of analysing a risk to gain a greater understanding. The first stage is to put the risk description into the middle box. The causes of the risk then need to be recorded along with factors to influence its impact. This can be either preventive controls to minimize a threat or actions to optimize an opportunity. A hazard is used as an example in the figure below. The impact of the risk is also considered. This enables the identification of response controls to lessen the impact of the risk, should it occur

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

5 objectives of RM?

A

A
MADE2!

MANDATORY obligations are met
ASSURANCE that significant risks are being managed
DECISIONS are properly considered re risk
EFFECTIVE STOC processes
EFFICIENT STOC processes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What do RMS tools help achieve?

A

Risk management tools and techniques should be used to achieve the following:

compliance management provides risk governance;

hazard management makes outcomes less negative;

control management reduces the range of possible outcomes;

opportunity management maximizes the benefits of possible outcomes.

The most important point to make is that the support of senior management and (ideally) the sponsorship of the board are essential.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly