Module 2 Unit 2: Risk strategy & Framework

Question 1

Name three documents that are central to an organisation’s risk architecture.

Answer 1

Any of these:

a) risk policy
b) terms of reference for the risk committee and the head of risk management
c) risk appetite and tolerance statement
d) risk register
e) key risk indicators and risk dashboard
f) risk models
g) issues and events log.

Question 2

Give four areas of responsibility for a group risk committee in a large corporation.

Answer 2

a) formulation of strategy
b) compilation of the group risk register
c) receiving reports from divisions
d) tracking risk management activity.

Question 3

Who would you look to in an organisation to provide risk information for reporting to senior management?

Answer 3

The provision of risk information, data and risk status assessments are usually the responsibility of the stated risk owner.

Production of the information may be delegated to the risk owner’s department staff.

Question 4

Describe three key functions that are likely to be addressed in an organisation’s risk protocols.

Answer 4

a) The format and content of the organisation’s risk register, how it is to be completed and the requirements for regular updates.
b) How risk and control ownership is assigned to staff.
c) Reporting requirements – such as weekly or monthly reports and risk analysis, performance against key risk indicators.

Question 5

What are the main advantages of using an RMIS?

Answer 5

An RMIS serves as a coordinated risk repository and assists in analysing and managing the risk information in an organisation.

Question 6

List four types of info you might find in an RMIS

Answer 6

Policy and protocols

Emergency contact arrangements and contact detail

Insurance values and cost of risk data

Insurance claims handling and management process

Historical loss/claims information

Insurance policy coverage

Risk management action plans

Business continuity plans and responsibilities

Disaster recover plans and responsibilities

Corporate governance arrangements and reports

Question 7

List two objectives of internal controls

Answer 7

Achievement of objectives
Safeguard assets
Ensure accurate records are kept
Enhance reliability of reporting
Ensure compliance with regulations
Safeguard interests of stakeholders

Question 8

List four pieces of information that might be held in an RMIS

Answer 8

Risk management policy and protocols
Risk profile data, values and information
Emergency contact arrangements and contact details
Insurance values and cost of risk data
Insurance claims handling and management protocols
Historical loss/claims experience/information
Insurance policy coverage and other information
Risk management action plans (risk register)
Risk improvement plans and implementation
Business continuity plans and responsibilities
Disaster recovery plans and responsibilities
Corporate governance arrangements and reports

Question 9

Describe the role of a non-executive director

Answer 9

Not employed by the company and are therefore independent
Challenges and develops strategy
Scrutinises management performance
Challenges financial info
Seeks assurance that RM is robust
Determines the appropriate remuneration
Seeks to maintain confidence in the conduct of the company
Independent in judgement and promotes openness and trust
Is well informed about the company and the external environment in which it operates

Question 10

A framework is made up RASP. What does this stand for?

Answer 10

Risk architecture
Strategy
Protocols