Module 1 - Unit 2 - Approaches to Risk Management Flashcards
What are the components of a risk management standard?
A risk management standard is made up of a risk management framework and a risk management process.
What is a risk framework?
Also known as a risk management context. This comprises the risk management architecture, risk strategy, and risk protocols and forms the risk context which helps to drive the risk process (RaSP).
What is the IRM risk management process? NB NOT the IRM 2002 standard.
Identify the risks
Evaluate and prioritising the significant risks (and opportunities)
Managing the significant risks
What are the three main risk management standards?
The IRM (2002) model The COSO ERM Cube ISO 31000 (2018)
The 8Rs and 4Ts do not form part of and wider present day risk management standard but may still be a suitable framework.
What are the three elements relating to risk context?
RaSP
Internal context - divisions, departments, structures, culture, leadership, strengths and weaknesses
External context - industry, products, markets, logistics, supply chain, competitors, countries of operation
What are the 8 elements that form the risk process of the COSO ERM Cube?
Internal environment - encompasses the tone of an organisation and sets the basis for how risk is viewed and addressed
Objective setting - these must exist before management can identify potential events affecting their achievement
Event identification - internal and external events affecting achievement of objectives must be identified, distinguishing between risks and opportunities
Risk assessment - risks are analysed, considering likelihood and impact as a basis for how they should be managed
Risk response - management selects the responses based on avoiding, accepting, reducing or sharing the risk
Control activities - policies and procedures to ensure effective performance of risk responses
Information and communication - relevant information identified, captured and communicated so that people can fulfil responsibilities
Monitoring - the entirety of ERM is monitored and modified as necesary
What are the four categories of organisational objective in the COSO ERM cube?
Strategy - high level goals aligned with support for organisational mission
Reporting - reliability of reporting
Operations - effective and efficient use of resources
Compliance - compliance with applicable laws and regualtions
What are the 4 elements on the side of the COSO ERM Cube?
Entity
Division
Business unit
Subsidiary
What are the elements of the ISO31000 risk management process?
Scope, context, and criteria
Risk assessment (risk identification, risk analysis, risk evaluation)
Risk treatment
These are bordered by communication and consultation as well as. Monitoring and review. They are underpinned by recording and reporting.
What are the elements of the IRM (2002) risk management process.
Organisations strategic objectives Risk assessment (risk analysis, risk identification, risk description, risk estimation, risk evaluation) Risk reporting Decision Risk treatment Residual risk reporting Monitoring
Bordered by modification and formal audit.
Define the elements of RaSP.
Risk architecture - focuses on answering the question of who does what in relation to risk management.
Risk strategy - the agreed overriding purpose and aims of risk management in the organisation
Risk protocols - the set tools, procedures and instructions that the organisation has for managing risk. Involves publication of risk policy document and setting of risk appetite.
What are the Orange Books 5 principles of risk management?
Governance and leadership Integration Collaboration and best information Risk management process Continual improvement
