Module 1 - Unit 4: Risk assessment 1: introduction and identification

Question 1

What are the three stages of risk assessment in ISO 31000

Answer 1

ISO 31000:

Identification, analysis and evaluation

Question 2

List 4 of the main risk assessment techniques

Answer 2

1. Questionnaires and checklists
2. Workshops and brainstorming
3. Inspections and audits
4. Flow charts and dependency analysis

Question 3

Provide a definition of risk identification

Answer 3

The process of determining what events might occur to affect the objectives of the org and their root causes

Question 4

List the four COSO ERM risk classifications

Answer 4

1. Strategic
2. Operations
3. Reporting
4. Compliance

Question 5

Identify three reasons why orgs find it useful to classify risks

Answer 5

1. Provide structure to the process of risk identification, which can facilitate the identification of more risks
2. Helps with the development of consistent terminology across the org, which is essential to ERM
3. Enable the org to group risks in order to assign responsibility, estimate exposure using expertise of professionals, determine level of risk, identify standard responses etc

Question 6

List the 5 risk categories for the PESTLE classification acronym

Answer 6

PESTLE

POLITICAL
Tax policy, employment laws, environmental regulations

ECONOMIC
Growth/decline, interest rates, exchange rates, minimum wage

SOCIOLOGICAL
Cultural norms and expectations, health consciousness, age distribution

TECHNOLOGICAL
New tech, barriers to entry for certain markets, tech changes that impact products or services

LEGAL
Changes to legislation that impact employment, quotas, resources, taxation

ENVIRONMENTAL AND ETHICAL
Ecological and environmental aspects

Question 7

Identify three advantages and disadvantages of PESTLE risk classification

Answer 7

⬆️ simple
⬆️ facilitates understanding of wider b/s environment
⬆️ encourages development of external and strategic thinking

⬇️ can over-simplify data used for decisions
⬇️ requires different people being involved with different perspectives
⬇️ access to quality external data sources can be costly and time consuming

Question 8

Name three reasons why sometimes we will treat risks without knowing the underlying causes of that risk

Answer 8

1. High cost of investigation may not be cost effective
2. If the timescale between the risk event and its impact is too short there may not be time to look at the causes.
3. If the severity is so great ie in a crisis then we must focus efforts on containing the symptoms

Question 9

List the 4 IRM risk classifications

Answer 9

Financial
Strategic
Operational
Hazard

Question 10

List the 4 risk classifications found on the FIRM score card

Answer 10

Financial
Infrastructure
Reputational
Marketplace

Question 11

What three Rs relate to risk assessment in the 8Rs and 4Ts process?

Answer 11

Recognition, rating and ranking