Module 2 unit 3: Risk culture, appetite & tolerance Flashcards
Define “risk culture”
Risk culture is a term describing the values, beliefs, knowledge and understanding about risk shared by a group of people with a common purpose, in particular the employees of an organisation or of teams or groups within an organisation.
Describe the difference between risk appetite and risk tolerance.
Risk appetite relates to the risks a business is willing or unwilling to take.
e.g. We will not tolerate high levels of staff turnover
Risk tolerance is the variance a business will allow around this appetite
e.g. We will tolerate staff turnover of up to 15%
How does IRM’s Risk Culture report indicate how a risk culture may be reinforced?
The report notes that risk culture may be reinforced in a virtuous cycle of positive actions and behaviours over time that match the organisation’s desired risk culture.
What are the three attributes of management and staff that are central to risk culture management?
The three attributes are:
attitudes,
behaviour
competencies
How can senior management embed the risk culture messages most effectively?
Organisations that take on a proactive communication programme will more effectively embed the risk culture messages.
Describe two skills of a risk manager associated with implementing a risk management architecture.
The two skills can be selected from: technical analytical skills, influencing skills and presentation skills (oral and written).
Provide the definition of a ‘significant risk’
A significant risk is a risk with the ability to impact above the established benchmark for that type of risk.
A risk aware culture is achieved by LILAC. What does LILAC stand for?
Leadership - must be strong across org
Involvement - all stakeholders in all stages of RM process
Learning - RM training and learning from events
Accountability - no automatic blame culture, accountability for actions
Communication - communication and openness on all risk management issues an lessons learnt