Module 1 - Unit 5 - Risk Assessment 2: Risk Analysis and Evaluation Flashcards
What is the purpose of risk analysis?
Risk analysis helps us to determine the severity of the risks our organisation faces by analysing the likelihood of the risk materialising together with the severity of the impact on the organisation
ISO 31000 (2018) states ‘The purpose of risk analysis is to comprehend the nature of risk and its characteristics, including, where appropriate, the level of risk’.
How can we determine likelihood?
- look at past records
- look at personal relevant experience (and intuition)
- look at industry-relevant experience of the risk
- look at published literature on the risk
- do some testing or experiments (for example, market research)
- use economic or statistical models to make forecasts
- use experts in the area of that risk to make judgements.
What are the key questions in control confidence?
‘How confident are we that this is the correct control?’ and
‘How confident are we that it is fully implemented and effective in practice?’
Potentially a third question is “Is the control good value for money?”
What is Risk Appetite?
The IRM (2011) defines risk appetite as follows: ‘The amount of risk that an organisation is willing to seek or accept in the pursuit of long-term objectives’.
Risk appetite is sometimes considered to be defined by the risk criteria established by the organization. The risk appetite or risk criteria are important components in the risk ranking phase of the risk management process.
What is the upside of risk?
The upside of risk is achieved when the benefits obtained from taking the risk are greater than any benefit that would have resulted from not taking it.
• Fewer disruptions to normal operations and greater operational efficiency resulting in less downside of risk.
• Ability to seize an opportunity because competitors did not identify the cost-effective solution to a risky feature of a contract.
• Specifically identifying positive events during the risk assessment and deciding how to encourage those events.
• Opportunity management, by completing a detailed review of a business opportunity before deciding to embrace it.
• Achieving a positive outcome in difficult circumstances as an unintended and/or automatic result of good risk management.
What is risk attitude?
Risk attitude and the risk criteria represent a longer-term view of risk in the same way as a person will have an immediate appetite for food and a longer-term attitude towards food
What are risk capacity and risk exposure?
Risk capacity is the capability of the organization to take risk. It is not the same as the cumulative total of all of the individual values at risk associated with the risks facing the organization. This cumulative total is the risk exposure of the organization.
What are risk capacity and risk exposure?
Risk capacity is the capability of the organization to take risk. It is not the same as the cumulative total of all of the individual values at risk associated with the risks facing the organization. This cumulative total is the risk exposure of the organization.
What awere the components of early Total Cost or Risk calculations?
The first method for total cost of hazard risk calculation had three main components: insurance premium, money spent on loss-control actions and cost of claims not covered by insurance
What are the stages in developing a risk appetite statement?
The stages that would be involved in developing this risk appetite statement are as follows:
- Identify stakeholders and their expectations, making reference to the possible range of stakeholders, as defined by CSFSRS.
- Define the company-wide risk exposure through an analysis of strategy, tactics, operations and compliance, as set out in the risk register.
- Establish the desired level of risk exposure that will lead to a risk appetite statement that provides a set of qualitative and quantitative statements.
- Define the range of acceptable volatility or uncertainty around each of the types of risks, leading to a statement of acceptable risk tolerances.
- Reconcile the risk appetite and risk tolerances with the current level of risk exposure and plan actions to bring exposure in line with risk appetite.
- Formalize and ratify a risk appetite statement, communicate the statement with stakeholders and implement accordingly.
How does EM3 relate to Strategy, Tactics, Operational, and Compliance risks?
The overall approach to personal and organizational issues should be to:
• embrace opportunity risks (strategy);
• manage uncertainty risks (tactics);
• mitigate hazard risks (operations); and
• minimize compliance risks (compliance).
What elements make up loss control?What do these focus on?
Loss control = loss prevention + damage limitation + cost containment
- Loss prevention: focuses on reducing likelihood.
- Damage limitation: focuses on reducing magnitude.
- Cost containment: focuses on reducing impact and consequence.
What is an example of Loss Prevention?
- H&S – eliminating the activity completely or ensuring that, for example, hazardous chemicals are no longer used.
- Premises - elimination of sources of ignition and the control, containment and segregation of flammable or combustible materials, restrictions on smoking and other actions taken to reduce hazardous behaviours by persons using the buildings.
- Fraud and theft - separation of responsibilities and security tagging of expensive items. Fraud prevention techniques may also involve pre-employment screening.
What is an example of damage limitation?
- Premises – Sprinklers, fire segregation, fire shutters and plans to remove or segregate people and property
- H&S – Provision of first aid and/or medical facilities on site
What is an example of cost containment?
- Premises - detailed arrangements for salvage and arrangements for decontamination of specialist items that have suffered water or smoke damage
- increased cost of operation cover - This may arise when an organization has to sub-contract certain production activities, or has to undertake manufacturing work at another one of its factories, which may be located some distance away.
