Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

SP9- ERM > Mod 13: Business analysis, risk identification and initial assessment > Flashcards

Mod 13: Business analysis, risk identification and initial assessment Flashcards

1
Q

Outline the key stages of a risk identification and assessment process ©

A

Stages of a risk identification and assessment process

  1. establish / identify clear business objectives.
  2. undertake a business analysis (of its operations and its wider environment)
  3. identify the risks it faces (upside and downside) in a structured way
  4. obtain agreement on the risks faced, their inter-relationships and identify individuals who will be responsible for each risk and its management.
  5. evaluate risks, in terms of likelihood of occurrence, severity of impact and interdependencies (gross and net of existing controls)
  6. produce a risk register
  7. review the risk register regularly, and especially in times of change (eg for emerging risks)
    ©
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Outline the components of a business analysis / plan ©

A

Components of a business analysis / plan
1. statement of business objectives
2. description of business, products and services
3. description of external environment, eg economic outlook, competitors
4. description of key risks, including upside risks
5. description of strategy, including opportunities to be pursued, marketing plan, operating plan, resourcing / capital requirements, planned risk responses
6. description of organisational structure
7. forecast of expected financial outcomes
8.key assumptions, and sensitivity of expected outcomes to these ©

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Outline six risk identification tools ©

A

Risk identification tools
1. SWOT analysis = strengths, weaknesses, opportunities and threats
2. risk checklist (based on internal-experiential knowledge from past projects or external-documented knowledge)
3. risk prompt list (perhaps based on risk categories from industry-or supervisory-body, eg PESTELI), or risk trigger questions (from past events)
4. risk taxonomy (probably less project-specific than a risk checklist, and less industry-specific than a risk prompt list)
5. case studies (ie understand impact of risks in a specific context)
process analysis (including looking at the links between
6. processes, particularly suited to operational risks)
©

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Outline seven risk identification techniques

A

Risk identification techniques 1. brainstorming – facilitated, synchronous, risk of bias and group-think
2. independent group analysis – risks ranked independently (to avoid group-think) and responses aggregated by facilitator
3. surveys – asynchronous, risk of poor design (including framing) and poor response rate
4. gap analysis – between current risk exposures (from line management) and those desired (from Board)
5. Delphi technique – a survey technique involving multiple rounds designed to achieve convergence to a consensus
6. interviews – immediate but time-consuming, inconsistent interviewers
7. working groups – specialist input, synchronous risk analysis
Note: important to consider ‘Who?’ (mix by: unit, role, experience, seniority) and ‘How?’ (workshops and/or questionnaires, external/expert help)
©

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

State the key features of a company’s risk register

A

Key features of a risk register
1. a labelling or numbering system so risks can be identified easily
2. a categorisation of each risk identified, eg credit risk, and whether it is upside or downside
3. a description of each risk that is clear and understandable to all
4. information on the likelihood of the risk occurring, its impact, timeframe over which it is applicable, and correlation with other risks
5. the risk response action (ie what is to be done to retain, remove, reduce, or transfer the risk), its cost and expected residual / secondary risks
6. individuals involved in monitoring and managing the risk

The risk register should also be subject to rigorous document control, so it is clear when it was lasted updated and by whom.
©

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Describe a basic risk assessment technique

A

A basic risk assessment technique

Risks can be ranked by risk rating.

Risk rating:
1. assess likelihood and severity of risk
2. select from pre-set categories (eg probability ranges, L/M/H severity) and/or statistical distributions
3. determine overall risk rating based on ranges for probability x severity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Describe a risk mapping technique

A

Risk mapping

  1. plot likelihood & severity, often using pre-set categories
  2. both pre-and post-mitigation (so showing effectiveness of risk controls and potential impact if they fail)
    Impact

Alternatively a heat map plots risk impact against control effectiveness rating.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Explain what is meant by an emerging risk ©

A

Emerging risk
An emerging risk can represent either:
1. a change in nature of (or in the underlying effectiveness of risk management approaches to) a known risk, or
2. the development of a new risk, ie a risk for which there has been no explicit allowance already made within the existing RM framework

Generally, such risks are characterised by a much higher level of uncertainty.

Emerging risks are important since:
1. knowledge of such risks will influence corporate strategy
2. they may affect the profitability of the organisation
3. emerging risks may yield opportunities for a new product.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Describe the typical characteristics of emerging risks ©

A

Characteristics of emerging risks
Emerging risks are:

  1. subject to high levels of uncertainty and ambiguity due to lack of data and knowledge
  2. have a time horizon that is difficult to predict and subject to significant change
  3. difficult to quantify using traditional risk assessment techniques due to greater uncertainty over likelihood and severity
  4. generally external to an organisation, harder to control
  5. often significant in size and scale, covering a number of industries and territories
  6. often arising as a result of global trends.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Describe three areas of emerging IT risk

A

Emerging IT risks
1. Cyber risk – financial loss, disruption or damage to the reputation of an organisation from some sort of IT systems failure
‒ hacking, security breaches, espionage, data theft, extortion, privacy breaches and cyber terrorism
2. Cloud computing – use of external computing resources (hardware, software and data)
‒shares similar operational risks to outsourcing any other service to a third-party
3. Social media – eg Facebook, X (formerly Twitter) ‒
offers upside opportunities, eg new routes to market
‒introduces operational and reputational risks
©

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Define climate change risk ©

A

Climate risk

The risks arising from adverse changes in the physical environment and secondary impacts in the economy at a regional or a global scale

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

List the three categories of climate change risk:
©

A
  1. physical risk
  2. transition risk
  3. liability risk
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Outline the three categories of climate change risk:

A

Three categories of climate change risk

1.Physical risk – risks arising from first-order effects of environmental changes such as greenhouse emissions, pollution and land use. Short term: acute weather events (eg hurricanes) lead to property damage, busines interruption. Long term: chronic effects (eg rising sea levels) affect land use and workforce availability, potentially leading to migration, social unrest and disrupted economic activity.
2.Transition risk – risks from economic, political and market changes in moving to a low-carbon economy (lower greenhouse gas emissions, negative emission technologies). Sources include policy measures (eg carbon taxes), technological changes (eg renewable energy and electric vehicles), changing customer preferences (eg increased demand for green products).
3.
Liability risk – the potential costs from injured third parties seeking compensation from the impacts of climate change
©

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Outline the current state of play in terms of climate-related reporting and disclosure requirements
©

A

Climate-related reporting and disclosure requirements

  1. Exposure to climate change risk, actions and metrics are forming a more prevalent component of reporting disclosures.
  2. Market practice is being driven by the framework introduced by the Taskforce for Climate Related Financial Disclosures (TCFD).
  3. As regulatory interest and frameworks continue to develop, formal requirements are likely to increase.
    ©
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Outline the trends giving rise to emerging RM challenges

A

Trends giving rise to emerging RM challenges

  1. globalisation – the increased interdependency of the world’s economies and markets
  2. technology – the new operational risks arising from technology-driven business
  3. changing market structures – as markets are deregulated and privatised
  4. restructuring – the effects of mergers and acquisitions, joint ventures, outsourcing and business re-engineering

In general, there is a greater connectedness between actions of regulators, governments and individuals (eg in relation to climate change) – magnifying systemic risks and leading to more uncertainties than demonstrated in historic data.
©

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Give examples of emerging risks

A

Example emerging risks

  1. significant shifts in power between world economies, including the possible economic collapse of previously secure nations
  2. contagion in asset markets
  3. new or unexpected sources of insurance claims, for example potential claims arising from: developments in nanotechnology, high levels of mobile phone usage, driverless vehicles and drones, genetically modified foods, shifts in level and sources of terrorism, climate change, prolonged power blackouts, pandemic diseases, unexpected changes in mortality or longevity
  4. use of social media changing the way in which information is stored and distributed
  5. rapid changes in the nature / sources of cyber risk
  6. unexpected behaviour of financial guarantees embedded in products
  7. non-linear dependencies between current known risks
17
Q

Describe how to identify and analyse emerging risks

A

Identification and analysis of emerging risks
1. A more holistic view is initially required for emerging risk identification.
2. A key identification tool is systematic long-term horizon scanning: searching for potential changes that are at the edges of current thinking
 requires input from (external, costly) experts on the underlying drivers
 sources of information include academic journals and websites although it is unlikely that there will be a single definitive source.
3 RM decision weightings (based on the credibility and reliability of the underlying ‘evidence’) should be monitored continuously.
5. More alarmist media reports can be useful in alerting the organisation to investigate further, eg changing legal approaches.
6. An analysis of trends and dependencies is important, as is the need to monitor regulatory and lobbying activity in that sector.
©

18
Q

Describe bias in the context of RM

A

Bias

Bias is present when risks are not identified, assessed and / or reported in a true and honest way.

Bias may arise due to the absence of supportive risk culture.

Bias may occur:
1. intentionally, eg to distort management actions so as to further an individual’s career
2. unintentionally, eg due to lack of experience

19
Q

List possible reasons why might bias occur in project appraisal

A

Reasons bias may occur in project appraisal
1. insufficient care in identifying and analysing risks
2. omission of key risks
3. incorrect assumptions of independence
4. underestimation of likelihood of disaster
5. cashflows guessed or deliberately biased towards optimism 6. insufficient account taken of the economic cycle
6. inadequate attention given to technological risks
7. not all the effects on the sponsor’s other business considered 8. credit taken for benefits not directly attributable to the project
9. assumptions may not correspond with senior management’s views
10. errors in arithmetic / spreadsheets leading to incorrect evaluation

20
Q

List possible methods of avoiding / reducing bias

A

Methods of avoiding / reducing bias

  1. incorporating checks and balances into the risk identification and assessment process, eg:
    independent validation of project appraisal
     making comparisons with prior similar projects
  2. increasing the capital cost (an ‘optimism bias’) of projects

    reduces the estimated project return and may result in the project not going ahead; however, if it does proceed then its presence may reduce the project manager’s incentive to keep costs to a minimum
    ©

SP9- ERM (24 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions