Module 1 Unit 4: Risk assessment 1: Introduction and identification Flashcards
What are the three stages of risk assessment in ISO 31000
ISO 31000:
Identification, analysis and evaluation
List 4 of the main risk assessment techniques
- Questionnaires and checklists
- Workshops and brainstorming
- Inspections and audits
- Flow charts and dependency analysis
Provide a definition of risk identification
The process of determining what events might occur to affect the objectives of the org and their root causes
List the four COSO ERM risk classifications
- Strategic
- Operations
- Reporting
- Compliance
Identify three reasons why orgs find it useful to classify risks
- Provide structure to the process of risk identification, which can facilitate the identification of more risks
- Helps with the development of consistent terminology across the org, which is essential to ERM
- Enable the org to group risks in order to assign responsibility, estimate exposure using expertise of professionals, determine level of risk, identify standard responses etc
List the 5 risk categories for the PESTLE classification acronym
PESTLE
POLITICAL
Tax policy, employment laws, environmental regulations
ECONOMIC
Growth/decline, interest rates, exchange rates, minimum wage
SOCIOLOGICAL
Cultural norms and expectations, health consciousness, age distribution
TECHNOLOGICAL
New tech, barriers to entry for certain markets, tech changes that impact products or services
LEGAL
Changes to legislation that impact employment, quotas, resources, taxation
ENVIRONMENTAL AND ETHICAL
Ecological and environmental aspects
Identify three advantages and disadvantages of PESTLE risk classification
⬆️ simple
⬆️ facilitates understanding of wider b/s environment
⬆️ encourages development of external and strategic thinking
⬇️ can over-simplify data used for decisions
⬇️ requires different people being involved with different perspectives
⬇️ access to quality external data sources can be costly and time consuming
Name three reasons why sometimes we will treat risks without knowing the underlying causes of that risk
- High cost of investigation may not be cost effective
- If the timescale between the risk event and its impact is too short there may not be time to look at the causes.
- If the severity is so great ie in a crisis then we must focus efforts on containing the symptoms
List the 4 IRM risk classifications
Financial
Strategic
Operational
Hazard
List the 4 risk classifications found on the FIRM score card
Financial
Infrastructure
Reputational
Marketplace
What three Rs relate to risk assessment in the 8Rs and 4Ts process?
Recognition, rating and ranking