Module 1 unit 2: Risk management standards Flashcards
Name five risk management processes
8Rs & 4Ts IRM (2002) COSO ERM ISO 31000 The Orange Book
Which of these processes has “control activities” as a feature?
a) COSO ERM
b) ISO 31000
c) The Orange Book
d) IRM (2002)
a) COSO ERM
What’s the definition of a “risk standard”?
A published guide for managing risk, usually comprising a risk framework and (especially) a risk process.
What’s the definition of a “risk framework”?
Also known as the risk management context. This comprises the risk strategy, risk architecture and risk protocols and forms the risk context which helps to drive the risk process.
What’s the definition of a “risk process”?
The stages in the process of managing risk, which is driven mainly by how you set up the framework (but also affected by the internal and external environment).
What’s the definition of “risk architecture”?
Part of the risk framework, which focuses on answering the question “Who does what?” in the organisation in relation to risk management.
What’s the definition of “risk context”?
This covers three layers of organisation which together drive the risk process; they are the external environment, the internal environment and the risk management context (also known as the risk framework).
What’s the definition of “risk protocols”?
The set of tools, procedures and instructions that an organisation has for managing risk.
What’s the definition of “risk strategy”?
The agreed overriding purpose and aims of risk management in the organisation, which involves the publication of a risk policy document and the setting of the risk appetite.
List the 5 clauses of the ISO 31000 standard
- Scope
- Definition of terms
- The Principles
- Framework for Implementation
- Process
Describe the “Scope” clause of the ISO 31000 standard.
The standard is generic and is not specific to a specific industry or organisation.
Name five of the ISO 31000 risk management “Principles” (Clause 3)
- Create & protect values e.g. achieve objectives
- Integrated into orgs. processes
- Used in decision making
- Addresses uncertainty
- Systematic, structured & timely
- Based on best available information
- Tailored to context, size and complexity
- Considers human & cultural factors
- Transparency
- Dynamic & iterative
- Facilitates continual improvement
Describe Clause 4 of the ISO 31000 standard, “Framework for Implementation”
- Mandate & commitment by the Board
- Design of framework
- Implement risk management
- Monitor and review framework
- Improve framework
Describe the five stages of the ISO 31000 risk management “Process” (Clause 5)
- Establish context
- Risk Identification
- Risk Analysis
- Risk Evaluation
- Risk Treatment
What two features run throughout the five stages of the ISO 31000 “Process” (Clause 5)
- Communication/consultation
2. Monitoring & Review