Module 1 Unit 1 - Concepts and Definitions of Risk & Risk Management Flashcards
The ISO 31000 definition of risk is?
The effect of uncertainty on objects
Describe the development of risk management
1950 - Escalating insurance costs
1960-70’s - Financial and insurance based, hazard focused
1980 - Risk Management technique applied to Project Management
1990’s - Organisations start to consider Operational risks
2000’s - Holistic ERM approach and specialisation
What is the difference between Hazard Risk Opportunity Risk Control Risk Compliance Risk
HAZARD - Pure Risk - Impact will be negative
OPPORTUNITY - Speculative Risk - Potential positive impact
CONTROL - Uncertain Risk - Impact is uncertain
COMPLIANCE - Mandatory - Impact can be negative
Definition of Risk Management
Activities undertaken to deliver the most favourable outcome, and to reduce the variability of that outcome.
Activities aimed at reducing the effects of uncertainty on objects.
Name three ways that risks can be attached (Risk attachment theory)
- Stakeholder and Objectives expectations(e.g. Growth) - Group of individuals with stake in business or are affected by what the organisation does i.e. inventors, suppliers, customers
- Core Processes (e.g. deliverable healthcare) - Means of delivering strategy and continuity of operations ‘ Collection of activities to deliver stakeholder expectation’
- Key Dependencies (e.g. Commissions arrangements) - Things the organisation needs to be successful. Can be internal or external
Five benefits of good Risk Management
(MADE2)
Mandatory - Obligations are met Assurance - Significant risks are managed Decisions - Are properly considered Effective STOC processes Efficient STOC processes
Risk Management helps an organisations core processes.
What does STOC stand for?
Strategic
Tactics
Operations
Compliance
Five Principles of Risk Management framework
(PACED)
Proportionate - to the level of risk
Aligned - with other business activities
Comprehensive - systematic and structured
Embedded - within business procedures and protocols
Dynamic - interactive and responsive to change
What 4P’s are the source of hazard risk
People
Premises
Processes
Product
Give an example for each of the 4P’s
People - Lack of skill mix, resource
Premises - Damage, contamination, theft
Process - IT or comms failure
Product - Poor service quality, suppliers
Which of these best describes ‘residual’ risk
A. A risk before any actions have been taken to manage it
B. A risk associated with speculative opportunities
C. A risk after risk Management actions have been taken
C. A risk after risk management actions have been taken
Which of these best describes ‘hazard risk’
A. Risk associated with the benefit of speculative opportunities
B. Risk associated with sources of harm
C. Risks associated with the management of uncertainty
B. Risk associated with sources of harm
What are core processes
A. Key components of a companies business model
B. The key activities that the organisation needs to be successful
C. Operational requirements that impact a businesses significant risk
A. Key Components of a companies business model
Which of these best describes the term ‘ Mandatory’ in relations to risk management objectives as set out in MADE2?
A. To ensure that risk management complies with the five principles of PACED
B. To ensure that appropriate risk management information is available.
C. To ensure conformity with rules, regulation and obligation
C. To ensure conformity with rules, regulation and obligation
Frank Knight (1921) Father of modern risk management) said what about risk?
Risk can be applied to a situation where there are several possible outcomes.
Where there is past relevant experience probability can be assigned to the outcomes
