Module 2 - Unit 2 Risk Strategy And Framework

Question 1

What is RIMS?

Answer 1

Risk Maturity Model (RIMS) it’s a model used to assess an organisation’s risk maturity. Uses five leves:
•Ad-hoc
•Initial
•Repeatable
•Manager
•Leadership

Question 2

Explain the 3 Lines of Defence model

Answer 2

It’s a common risk governance structure

First Line - functions that own and manage risk ( service managers)
Second Line - oversight risk (risk management and compliance)
Third Line - Internal Audit

Question 3

7 elements of Risk Management Framework

Answer 3

Risk Policy
Risk Governance
Risk Appetite and tolerance
Risk identification process
Risk assessment process
Risk control process
Risk reporting
Key indicators
Risk typology and language
Risk culture

Question 4

What is a risk management framework

Answer 4

Risk Management framework is a system by which:
• risk management activity is linked to the organisation’s strategic objectives
• risks are identified, described and quantified
• risks are reported
• risks are controlled
• risks are monitored

Question 5

3 risk management standards

Answer 5

IRM Risk Management Standard
COSO ERM framework
ISO31000 - introduced in 2009
Basel II

Question 6

List McKinsey’s four levels of risk maturity

Answer 6

• initial transparency
• systematic risk reduction
• risk-return management
• risk as competitive advantage

Question 7

List 2 risk quantification approaches

Answer 7

1. Regulatory prescribed approaches (standard formulas)
2. Stress test ( historical and multiyear)
3. Internal models ora VaR approaches
4. Risk registers

Question 8

What are the advantages of a risk management information system?

Answer 8

• binds together work done by risk function and other teams
• uniformity of data gathering, storage and analysis
• reduced potential for errors and omissions
• ability to link audit findings to controls

Question 9

List 7 items set out by risk protocols and policies

Answer 9

1. The techniques used in risk identification
2. The format and content of the organisation’s risk register
3. How risk ownership is assigned to staff
4. Requirements on entering risk events into the issues and events log
5. Reporting requirements - such as weekly or monthly reports and risk analysis, performance against KRI
6. Approval processes for expenditure on risk improvement actions
7. Control and sign-off processes
8. Template documents for risk assessments and where required certification

Question 10

Risk Maturity Hopkins (4 N’s)

Answer 10

Naive
Novice
Normalised
Natural

Question 11

Explain the difference between centralised, decentralised and hybrid organisations

Answer 11

• Centralised businesses have a large head office with numerous functional divisions
• Decentralised business have a small head office with most functions being carried out at operational level
• Hybrid organisations may have certain functions at head office level (e.g., finance) whereas others are delegated to operating subsidiaries.

Question 12

Risk strategy

Answer 12

Risk Management strategy includes:
- risk appetite and tolerance statement
- risk policy
- risk identification process
- risk quantification approaches
- risk control processes