Module 1 unit 2: Risk management standards Flashcards

1
Q

Name five risk management processes

A
8Rs & 4Ts
IRM (2002)
COSO ERM
ISO 31000
The Orange Book
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which of these processes has “control activities” as a feature?

a) COSO ERM
b) ISO 31000
c) The Orange Book
d) IRM (2002)

A

a) COSO ERM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What’s the definition of a “risk standard”?

A

A published guide for managing risk, usually comprising a risk framework and (especially) a risk process.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What’s the definition of a “risk framework”?

A

Also known as the risk management context. This comprises the risk strategy, risk architecture and risk protocols and forms the risk context which helps to drive the risk process.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What’s the definition of a “risk process”?

A

The stages in the process of managing risk, which is driven mainly by how you set up the framework (but also affected by the internal and external environment).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What’s the definition of “risk architecture”?

A

Part of the risk framework, which focuses on answering the question “Who does what?” in the organisation in relation to risk management.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What’s the definition of “risk context”?

A

This covers three layers of organisation which together drive the risk process; they are the external environment, the internal environment and the risk management context (also known as the risk framework).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What’s the definition of “risk protocols”?

A

The set of tools, procedures and instructions that an organisation has for managing risk.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What’s the definition of “risk strategy”?

A

The agreed overriding purpose and aims of risk management in the organisation, which involves the publication of a risk policy document and the setting of the risk appetite.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

List the 5 clauses of the ISO 31000 standard

A
  1. Scope
  2. Definition of terms
  3. The Principles
  4. Framework for Implementation
  5. Process
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Describe the “Scope” clause of the ISO 31000 standard.

A

The standard is generic and is not specific to a specific industry or organisation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Name five of the ISO 31000 risk management “Principles” (Clause 3)

A
  1. Create & protect values e.g. achieve objectives
  2. Integrated into orgs. processes
  3. Used in decision making
  4. Addresses uncertainty
  5. Systematic, structured & timely
  6. Based on best available information
  7. Tailored to context, size and complexity
  8. Considers human & cultural factors
  9. Transparency
  10. Dynamic & iterative
  11. Facilitates continual improvement
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Describe Clause 4 of the ISO 31000 standard, “Framework for Implementation”

A
  1. Mandate & commitment by the Board
  2. Design of framework
  3. Implement risk management
  4. Monitor and review framework
  5. Improve framework
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Describe the five stages of the ISO 31000 risk management “Process” (Clause 5)

A
  1. Establish context
  2. Risk Identification
  3. Risk Analysis
  4. Risk Evaluation
  5. Risk Treatment
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What two features run throughout the five stages of the ISO 31000 “Process” (Clause 5)

A
  1. Communication/consultation

2. Monitoring & Review

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

List the 8Rs and 4Ts of hazard risk management

A
Recognition of risks
Rating of risks
Ranking against risk criteria
Response to risk
- Tolerate
- Treat
- Transfer
- Terminate
Resourcing controls
Reaction planning
Reporting on risk
Reviewing & monitoring
17
Q

What three aspect make up the faces of the COSO ERM “Cube”

A

TBD