Module 1 Unit 4: Risk assessment 1: Introduction and identification Flashcards

1
Q

What are the three stages of risk assessment in ISO 31000

A

ISO 31000:

Identification, analysis and evaluation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

List 4 of the main risk assessment techniques

A
  1. Questionnaires and checklists
  2. Workshops and brainstorming
  3. Inspections and audits
  4. Flow charts and dependency analysis
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Provide a definition of risk identification

A

The process of determining what events might occur to affect the objectives of the org and their root causes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

List the four COSO ERM risk classifications

A
  1. Strategic
  2. Operations
  3. Reporting
  4. Compliance
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Identify three reasons why orgs find it useful to classify risks

A
  1. Provide structure to the process of risk identification, which can facilitate the identification of more risks
  2. Helps with the development of consistent terminology across the org, which is essential to ERM
  3. Enable the org to group risks in order to assign responsibility, estimate exposure using expertise of professionals, determine level of risk, identify standard responses etc
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

List the 5 risk categories for the PESTLE classification acronym

A

PESTLE

POLITICAL
Tax policy, employment laws, environmental regulations

ECONOMIC
Growth/decline, interest rates, exchange rates, minimum wage

SOCIOLOGICAL
Cultural norms and expectations, health consciousness, age distribution

TECHNOLOGICAL
New tech, barriers to entry for certain markets, tech changes that impact products or services

LEGAL
Changes to legislation that impact employment, quotas, resources, taxation

ENVIRONMENTAL AND ETHICAL
Ecological and environmental aspects

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Identify three advantages and disadvantages of PESTLE risk classification

A

⬆️ simple
⬆️ facilitates understanding of wider b/s environment
⬆️ encourages development of external and strategic thinking

⬇️ can over-simplify data used for decisions
⬇️ requires different people being involved with different perspectives
⬇️ access to quality external data sources can be costly and time consuming

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Name three reasons why sometimes we will treat risks without knowing the underlying causes of that risk

A
  1. High cost of investigation may not be cost effective
  2. If the timescale between the risk event and its impact is too short there may not be time to look at the causes.
  3. If the severity is so great ie in a crisis then we must focus efforts on containing the symptoms
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

List the 4 IRM risk classifications

A

Financial
Strategic
Operational
Hazard

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

List the 4 risk classifications found on the FIRM score card

A

Financial
Infrastructure
Reputational
Marketplace

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What three Rs relate to risk assessment in the 8Rs and 4Ts process?

A

Recognition, rating and ranking

How well did you know this?
1
Not at all
2
3
4
5
Perfectly