ORA 7 Flashcards
It is the overall process of risk identification, risk analysis and risk evaluation.
It should be conducted systematically, iteratively and collaboratively, drawing on the knowledge and views of
stakeholders, and should use the best available information
Risk Assessment
Involves the recognition of risks and the rating them to determine the significant risks facing the organization,
project or strategy.
Risk Assessment
The purpose of ____ is to identify the significant risks that could impact the corporate objectives,
stakeholder expectations, core processes and key dependencies.
Risk Assesment
3 Activities during Risk Assessment
– Risk identification
– Risk Analysis
– Risk evaluation
_____ is to FIND, RECOGNIZE and DESCRIBE risks that might help or prevent
an organization in achieving its objectives
Risk Identification
true or false
Relevant, appropriate and out-to-date information is important in identifying risks
false; up to date
t or f : The organization should identify risks, whether or not their sources are under its control.
True
Read only
Factors to Consider in Risk Identification
▪ Tangible and intangible sources of risks
▪ Causes and events
▪ Threats and opportunities
▪ Vulnerabilities and capabilities
▪ Changes in the external and internal context
▪ Indicators of emerging risks
▪ The nature and value of assets and resources
▪ Consequences and their impact on objectives
▪ Limitations of knowledge and reliability of information
▪ Time-related factors
▪ Biases, assumptions and beliefs of those involved
ok
its purpose is to COMPREHEND the NATURE of risk and its characteristics including, the LEVEL of risk.
Risk analysis
____ involves a detailed consideration of UNCERTAINTIES, risk sources, consequences,
LIKELIHOOD, events, scenarios, controls and their effectiveness and can be undertaken with varying
degrees of detail and complexity, depending on the purpose of the analysis, the availability and
reliability of information, and the resources available
Risk analysis
true or false
Analysis techniques can be qualitative or quantitative, but never a combination of these, depending on the circumstances and intended use.
false, sinve may combination
T or F
Highly uncertain events can be difficult to quantify and will require using only quantative techniques to provides greater insight.
F. combine quali and quanti techniques
T or F
Risk identification PROVIDES an INPUT to RISK EVALUATION, to decisions on whether risk needs to be treated
and how, and on the most appropriate risk treatment strategy and methods.
F
should be R. analysis, not R. identification
Read only
Factors to Consider in Risk Analysis
▪ The likelihood of events and consequences
▪ The nature and magnitude of consequences
▪ Complexity and connectivity
▪ Time-related factors and volatility
▪ The effectiveness of existing controls
▪ Sensitivity and confidence levels
ok
Activity in risk assessment that SUPPORT DECISIONS
risk evaluation
_____ involves COMPARING the results of the risk analysis with the established risk criteria to determine where additional action is required.
Risk evaluation
t or f
Risk eval decision could be:
▪ Do nothing further
True
Bonus:
other decisions in r. eval
▪ Consider risk treatment options
▪ Undertake further analysis to better understand the risk
▪ Maintain existing controls
▪ Reconsider objectives
ANY ACTIONS CONCERNING THE RISK
Which Risk management approach?
When risk assessment is being undertaken by the Board of Directors, the Chief Executive Officer
(CEO) and the other top-level management of an organization
Top down risk assessment
— focus on external than internal
— too superficial
Which Risk management approach?
When risk assessments are undertaken by involving individual members of staff and local department management.
Bottom-up Risk Assessment
— Focus more on Internal than Exteranal
— Time Consuming
– Very Detailted
Risk Assessment Techniques
THE USE OF ___ o collect information that will assist with the recognition of the
significant risks
QUESTIONNAIRES AND CHECKLISTS
Risk Assessment Techniques
Collection and sharing of ideas at workshops to discuss the events that could impact the objectives, core processes or key dependencies.
Workshops and Brainstorming
Risk Assessment Techniques
Physical inspections of premises and activities and audits of compliance with established systems and procedures.
Inspections and Audits
TRUE OR FASE
Questionnaires and
Checklists are Difficult to use for strategic risks
false.
should be Flow Charts and
Dependency Analysis
ANALYSIS of the processes and operations within the organization to identify critical components that are key to success
Flocharts and dependency analysis
R. Assessment techniques
It has the benefit that it also considers the upside of risk by evaluating OPPORTUNITIES in the external
environment.
▪ One of its strengths is that it can be linked to strategic decisions.
SWOT Analysis
strengths, weaknesses, opportunities, and threats
well-established structure with proven results for undertaking brainstorming sessions during risk assessment workshops
pestle analysis
R. Assessment techniques
- A structured approach that ensures that NO RISKS are omitted. It studies are often undertaken of hazardous chemical installations and complex transport structures, such as railways and nuclear power
stations.
▪ It can also be applied to the analysis of the safety of products.
▪ It is a very analytical and time consuming
HAZOP (Hazard and Operability)
▪ It is a process that is being used by reliability engineers to understand potential industrial hazards and
prevent accidents.
▪ It in risk management is used to evaluate the severe consequences of failure, how likely it is for the
failure to occur and the chance of detecting the failure before it happens
FMEA (Failures Modes and Effect Analysis)
- very analytical and time-consuming approach
The most commonly use risk matrix is the _____, one that demonstrates the relationship between the likelihood of the risk materializing and the
impact of the event should the risk
materialize
likelihood/impact matrix
___ s a simple visual
presentation of the significant risks that have been recognized or identified
Risk matrix
Definitions of likelihood
Can reasonably be expected to occur, but has only occurred 2 or 3 times
over 10 years in the organization or similar organizations
unlikely
Definitions of likelihood
Has occurred in the organization more than 3 times in the past 10 years
or occurs regularly in similar organizations, or is considered to have a reasonable likelihood of occurring in the next few years.
POssible
Definitions of likelihood
Occurred more than 7 times over 10 years in the organization or in other
similar organizations, or circumstances are such that it is likely to happen
in the next few years
Likely
Definitions of likelihood
has occurred 9 or 10 times in the past 10 years in this organization, or
circumstances have arisen that will almost certainly cause it to happen
Almost certain
Definitions of Impact/Magnitude
No impact on patient health; minor reduction of reputation in the short
run; no violation of law; negligible economic loss which can be restored
Small
Definitions of Impact/Magnitude
Minor temporary impact on patient health; small reduction of reputation
that may influence trust for a short time; violation of law that results in a
warning; small economic loss that can be restored.
moderate
Definitions of Impact/Magnitude
Serios impact on health; serious loss of reputation that will influence
trust and respect for a long time; violation of law that results; large
economic loss that cannot be restored.
Severe
Definitions of Impact/Magnitude
Death or permanent reduction of health of patient; serious loss of
reputation that is devasting for trust; serious violation of law;
considerable economic loss that cannot be restored.
Catastrophic
