Module 1 unit 1 concepts and definitions of risk and risk management Flashcards
The ISO 31000 definition of a risk is?
The effect of uncertainty on objectives
Development of risk management
1950s: Escalating insurance costs
1960s-70s: Financial/Insurance based, hazard focused (e.g. H&S)
1980s: RM techniques applied to project management
1990s: Orgs consider ‘operational’ risks
2000s: Rise of holistic ERM approach and specialisation e.g. clinical/energy,IT
The difference between hazard, opportunity and control risks?
HAZARD: Pure - impact will be negative
OPPORTUNITY: Speculative - potentially positive impact
CONTROL: Speculative - impact is uncertain
Definition of risk management?
Activities undertaken to deliver the most favourable outcome, and to reduce the variability of that outcome.
Activities aimed at reducing the effect of uncertainty on objectives.
Three ways that risks can be attached?
- Objectives/stakeholder expectation (e.g. growth)
- Core processes (e.g. deliver healthcare)
- Key dependencies (e.g. commissioning arrangements)
5 benefits of good RM?
MADE2!
- MANDATORY obligations are met
- ASSURANCE that significant risks are being managed
- DECISIONS are properly considered re risk
- EFFECTIVE STOC processes
- EFFICIENT STOC processes
RM helps improve an org’s STOC core processes. What does STOC stand for?
Strategy
Tactics
Operations
Compliance
5 principles of an RM framework?
PACED!
- PROPORTIONATE to the level of risk
- ALIGNED with other b/s activities
- COMPREHENSIVE, systematic & structured
- EMBEDDED within b/s procedures and protocols
- DYNAMIC, iterative and responsive to change
What 4Ps are the sources of hazard risks?
People
Premises
Processes
Products
Give an example for each of the 4Ps
People: Lack of skill mix, resources
Premises: Damage, contamination, theft
Processes: IT or comms failure
Products: Poor service quality, suppliers