Module 2 Unit 2: Risk strategy & Framework Flashcards
Name three documents that are central to an organisation’s risk architecture.
Any of these:
a) risk policy
b) terms of reference for the risk committee and the head of risk management
c) risk appetite and tolerance statement
d) risk register
e) key risk indicators and risk dashboard
f) risk models
g) issues and events log.
Give four areas of responsibility for a group risk committee in a large corporation.
a) formulation of strategy
b) compilation of the group risk register
c) receiving reports from divisions
d) tracking risk management activity.
Who would you look to in an organisation to provide risk information for reporting to senior management?
The provision of risk information, data and risk status assessments are usually the responsibility of the stated risk owner.
Production of the information may be delegated to the risk owner’s department staff.
Describe three key functions that are likely to be addressed in an organisation’s risk protocols.
a) The format and content of the organisation’s risk register, how it is to be completed and the requirements for regular updates.
b) How risk and control ownership is assigned to staff.
c) Reporting requirements – such as weekly or monthly reports and risk analysis, performance against key risk indicators.
What are the main advantages of using an RMIS?
An RMIS serves as a coordinated risk repository and assists in analysing and managing the risk information in an organisation.
List four types of info you might find in an RMIS
Policy and protocols
Emergency contact arrangements and contact detail
Insurance values and cost of risk data
Insurance claims handling and management process
Historical loss/claims information
Insurance policy coverage
Risk management action plans
Business continuity plans and responsibilities
Disaster recover plans and responsibilities
Corporate governance arrangements and reports
List two objectives of internal controls
Achievement of objectives Safeguard assets Ensure accurate records are kept Enhance reliability of reporting Ensure compliance with regulations Safeguard interests of stakeholders
List four pieces of information that might be held in an RMIS
Risk management policy and protocols
Risk profile data, values and information
Emergency contact arrangements and contact details
Insurance values and cost of risk data
Insurance claims handling and management protocols
Historical loss/claims experience/information
Insurance policy coverage and other information
Risk management action plans (risk register)
Risk improvement plans and implementation
Business continuity plans and responsibilities
Disaster recovery plans and responsibilities
Corporate governance arrangements and reports
Describe the role of a non-executive director
Not employed by the company and are therefore independent
Challenges and develops strategy
Scrutinises management performance
Challenges financial info
Seeks assurance that RM is robust
Determines the appropriate remuneration
Seeks to maintain confidence in the conduct of the company
Independent in judgement and promotes openness and trust
Is well informed about the company and the external environment in which it operates
A framework is made up RASP. What does this stand for?
Risk architecture
Strategy
Protocols