ORA RM QUIZ 2 (M1 - M2) Flashcards

1
Q

According to _____, risk is:

A chance or possibility of danger, loss, injury, or other adverse consequences.

A

Oxford English Dictionary

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

According to _____, risk is:

An effect of uncertainty on objectives, which may be positive, negative, or a deviation from the expected. It is often described by an event, a change in circumstances, or a consequence.

A

ISO Guide 73 ISO 31000

note
3 TYPES = POSITIVE , NEGATIVE, DEVIATION from expecttation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

According to _____, risk is:

The combination of the PROBABILITY of an event and its consequence, which can range from positive to negative.

A

Institute of Risk Management (IRM)

note:
PROBABILITY

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

According to _____, risk is:

Uncertainty of outcome, within a range of exposure, arising from a combination of the impact and the probability of potential events.

A

Orange Book from HM Treasury

NOTE:
no mention of positive or negative

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

According to _____, risk is:

The uncertainty of an event occurring that could have an impact on the ACHIEVEMENT of the objectives and is measured in terms of consequences and likelihood.

A

Institute of Internal Auditors

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

According to _____, risk is:

An event with the ability to impact (inhibit, enhance or cause doubt about) the effectiveness and efficiency of the core processes of an organization.

A

Hopkin, Paul (2018). Fundamentals of Risk Management (5th Edition)

note:
management focused

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

t or f

Risk may be considered to be related to an opportunity or a loss or the presence of uncertainty for an organization.

A

T

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

t or f

Every risk has its own characteristics that require particular management or analysis.

A

t

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

An event or anything that will prevent the organization from achieving its business objectives or the
effective execution of its strategies to achieve those objectives.

These are uncertainties that can be obstacles preventing the company from attaining its desired
outcome. A desired outcome usually provides the company the opportunity to create value for its
various stakeholders.

▪ Accordingly, companies take risks when they see that there are opportunities that they want to seize
and, to some extent, exploit to create value.

A

Business Risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What 4 are attributes of Business Risk

A

– Uncertain
– Emerging
– Associated more with intangibles (Tangible / Intangible)
– Sources (Internal / External)

note:
(Internal sources of risks: People, processes, technology, governance, and policy are much
EASIER to manage because these are usually within the control of management)

(External sources of risks, such as laws and regulations, market dynamics, and natural disasters, pose challenges to the company, as these are usually BEYOND the control of the organization)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are 4 risk classifications system

A

According to:

  1. the nature of the attributes of the risk, such as timescale for impact, and the nature of the impact and/or likely magnitude of the risk.
  2. the timescale of impact after the event occurs.
  3. the source or origin of the risks.
  4. the nature of the impact of the risks.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

what are 3 types of risk?

A

– hazards (or Pure) Risks (AKA absolute risk)
– Control (or UNcertainty) Risks
– Opportunity (Or Speculative) Risks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

One of the types of risks

■Best and the longest-established branch of risk management.
■ Associated with a source of potential harm or a situation with the potential to undermine objectives in a negative way.
■ The most common risks associated with organizational risk management, including occupational health and safety programs.

A

– hazards (or Pure) Risks (AKA absolute risk)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

One of the types of risks

■ Associated with unknown and unexpected events.
■ Sometimes referred to as extremely difficult to quantify.
■In this risk, it is known that the events will occur, but the precise consequences of those events are difficult to predict and control.

A

– Control (or UNcertainty) Risks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

One of the types of risks

  • This type of risk is often associated with project management.
A

– Control (or UNcertainty) Risks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

One of the types of risks

■ May not be visible or physically apparent, and they are often financial in nature.
■ Although this risks are taken with the intention of having a positive outcome, this is not guaranteed.
■ this risks are for small businesses include moving a business to a new location, acquiring new property, expanding a business and diversifying into new products.

A
  • Opportunity (or speculative) Risks
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What are two main aspects of opportunity risks:

A

(1) risks/dangers associated with taking an opportunity

(2) risks associated with not taking the opportunity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

(Long, Medium, Short) Term Risks?

  • are risks that will impact an organization several years, perhaps up to five years, after the event occurs or the decision is taken.
    ■ they relate to strategic decisions such as the risk associated with launching a new product.
A

Long Term

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

(Long, Medium, Short) Term Risks?

are risks that will impact an organization several years, perhaps up to five years, after the event occurs or the decision is taken.
■ they relate to strategic decisions such as the risk associated with launching a new product.

A

Medium term

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

(Long, Medium, Short) Term Risks?

■ risks have their impact immediately after the event occurs.
■ accidents at work, traffic accidents, fire and theft are examples of short-term risks that have an immediate impact and immediate consequences as soon as the event has occurred.
■they cause immediate disruption to normal efficient operations and are probably the easiest types of risks to identify and manage or mitigate.

A

Short term

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

It refers to the chances of an unlikely event happening, in risk management literature, the word “probability” will often be used to describe the likelihood of a risk materializing.

A

likelihood

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

It is the impact of the risk and can be considered as its gross or inherent level before controls are applied.

A

magnitude

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

it is a tool used to plot the nature of individual risks so that the organization can decide whether the risk is acceptable and within the risk appetite and/or risk capacity of the organization. It provides a visual representation of risks. It can also be used to indicate the likely risk control mechanisms that can be applied and to record the inherent, current (or residual), and target levels of the risk.

A

Risk Matrix

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

read only:

  1. Hazard risks undermines objective or may impede or prevent the achievement of the company’s objectives.
  2. Hazard risks when they materialize, will have a large impact on the organization such as potential financial costs, destruction of infrastructure, damage to reputation and the inability to function in the marketplace.
  3. Compliance risks can be substantial for many organizations, failure to achieve the level of compliance activities required by the relevant regulating body can have a significant impact on the reputation of the organization and substantial consequences for routine business activities.
  4. Risks can also impact the key dependencies that deliver the core processes of the organization.
  5. Risks are taken by organizations to achieve rewards.
A

.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Strategic / Tactical / Operational ?

set the future direction of the business

A

Strategic decisions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Strategic / Tactical / Operational?

concerned with turning strategy into action by
achieving change

A

Tactical

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Strategic / Tactical / Operational?

Related to the day-to-day operations of the
organization, including people, information security, health and safety, and business continuity

A

Operational

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Risk management according to ______

  • Coordinated activities to direct and control an organization with regard to risk.
A

ISO Guide 73 ISO 31000

note: CONTROL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Risk management according to ______

A process that aims to help organizations understand, evaluate, and take action on all their risks with a view to increasing the PROBABILITY of success and reducing the likelihood of failure

A

Institute of Risk Management (IRM)

NOTE: PROBABILITY

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Risk management according to ______

All the processes involved in identifying, assessing, and judging risks, assigning ownership, taking actions to mitigate or anticipate them, and monitoring and reviewing progress.

A

HM Treasury

31
Q

Risk management according to ______

■ Selection of those risks a business should take and those which should be avoided or mitigated, followed by action to avoid or reduce risk.

A

London School of Economics

NOTE:
AVOID MITIGATE AVOID REDUCE / NEGATIVE WORDS

32
Q

Risk management according to ______

The set of activities within an organization that are undertaken to deliver the most favorable outcome and reduce the volatility or variability of that outcome.

A

Hopkin, Paul (2018). Fundamentals of Risk Management (5th Edition). Kogan Page: London

NOTE:
volatility / favorable

33
Q

Risk management according to ______

A process that identifies loss exposures faced by an organization and selects the most appropriate techniques for treating such exposures.

A

Rejada, George (2017). Principles of Risk Management and Insurance (13th Edition) Pearson Education Ltd., England\

NOTE:
EXPOSURE

34
Q

Fill in the blank
RM as a discipline has been around for at least _____ years. The early origin of risk management is in the specialist activity of ________. Risk control standards increased, especially in relation to the insurance of _____ being transported by ships around the world.

A

100 years
insurance
Cargo

35
Q

_____ is one of the earliest development in the field of RM that determined the level of cargo that a ship could safely transport without being dangerously overloaded.

A

Plimsoll line

36
Q

■ The development of education and qualifications in risk management, as well as the more structured approach of regulators, led to the emergence of risk management standards such as the _____________, one of the early examples of a comprehensive approach to the management of risk.

A

AS/NZS 4360:1995

37
Q

In the 1960s and 1970s, there were considerable developments in the risk management approach adopted by __________ and __________.

A

occupational health and safety practitioners

38
Q

■In the 1980s, the application of RM techniques to project management developed substantially as well as in ___ and ____ risks.

A

market and credit1

39
Q

In the 1990s, financial institutions broadened their RM initiatives to include operational risks, greater emphasis on ________, & the 1st appointment of a Chief Risk Officer

A

Enterprise Risk Management (ERM)

40
Q

■During the ____, financial services firms started to develop internal risk management systems and capital models.
■During the _____ financial crisis, the contribution of RM to corporate success had been questioned because it was not able to prevent the financial crisis.

41
Q

4 Benefits of Risk management

___________ - compliance refers to risk management activities designed to
ensure that an organization complies with legal and regulatory obligations

__________ – the Board of an organization will require assurance that
significant risks have been identified and appropriate controls put in place.

________- In order to ensure that correct business decisions are taken, the
organization should undertake risk management activities that provide
additional structured information to assist with business decision making.

__________– enhance the efficiency of the operations;
help ensure that business processes are effective; strategy is efficacious, in
that it is capable of delivering exactly what is required.

A

CADE3
Compliance
Assurance
Decisions
Efficiency/Effectiveness/Efficacy

42
Q

9 Specialist Areas of Risk Management

A
  1. Health and safety at work
  2. Quality Management

(insert field) Planning

  1. Disaster recovery planning
  2. Business continuity planning

(Insert field) Risk Management

  1. Project Risk Management
  2. Clinical/medical risk management
  3. Energy risk management
  4. Financial risk management
  5. IT risk management
43
Q

IN ORDER

What are the RISK MANAGEMENT PROCESS (7Rs) (4Ts)

A

– Recognition of Risks

– Ranking of Risks (Magni and Likeli)

– Responding to risks
—- Tolerate
—- Treat
—- Transfer
—- Terminate

– Resourcing Controls (sustain control and ensure adequate arrangements)

– Reaction Planning (eg. Disaster recovery / Continuity planning)

– Reporting on Risk

– Reviewing and Monitoring

44
Q

5 Principles of Risk Management (Module 1)

A

— Proportionate
— Aligned
— Comprehensive
— Embedded
— Dynamic

PACED

45
Q

Format for basic risk register

(State all columns involved)

A
  • Risk Index
  • Risk Description
  • Current level of risk (likeli, Magni, overall rating)
  • Controls in Place
46
Q

Sets out the overall approach to the successful management of risk, including a description of the risk management process, together with the suggested framework that supports that process.
■ The combination of a description of the risk management process, together with the recommended framework.

A

Risk Management Standard

47
Q

____ is one of the most popular standards of ISO (International Organization for Standardization), an independent, non-governmental international organization with a membership of 167 national standards bodies.

A

ISO 31000 Standard

48
Q

In the Philippines, the ISO member body is the
_____________

A

BPS (Bureau of Philippine Standards)

49
Q

ISO 31000 Standard is composed of 3 parts which are

A

■ ISO 31000:2018 (RM Guidelines)
■ IEC 31010: 2019 (RM Risk Assessment Techniques)
■ ISO GUIDE 73: 2009 (RM Vocabulary)

50
Q
  • Provides guidelines on managing risk faced by organizations.
    ■ Provides a common approach to managing any type of risk and is not industry or sector specific.
    ■ Can be used throughout the life of the organization and can be applied to any activity, including decision-making at all levels.
A

ISO 31000:2018 (Risk Management Guidelines)

51
Q
  • Provides guidance on the selection and application of techniques for assessing risk in a wide range of situations.
    ■ The techniques are used to assist in making decisions where there is uncertainty, to provide information about particular risks and as part of a process for managing risk.
A

IEC 31010:2019 (RM Risk Assessment Techniques)

52
Q

■ Provides the definitions of generic terms related to risk management.
■ It aims to encourage a mutual and consistent understanding of, and a coherent approach to, the description of activities relating to the management of risk, and the use of uniform risk management terminology in processes and frameworks dealing with the management of risk.

A

ISO Guide 73: 2009 (RM Vocabulary)

53
Q

ISO 31000:2018 Definition of Terminologies

effect of uncertainty on objectives.

54
Q

ISO 31000:2018 Definition of Terminologies

  • is a deviation from the expected, which can be positive, negative or both and can address, create or result in opportunities and threats.
55
Q

ISO 31000:2018 Definition of Terminologies

  • coordinated activities to direct and control an organization with regard to risk.
A
  • Risk Management -
56
Q

ISO 31000:2018 Definition of Terminologies

persons or organizations that can affect, be affected or perceive themselves to be affected by a decision or activity.

A

STAKEHOLDERS

57
Q

ISO 31000:2018 Definition of Terminologies

element, which alone or in combination, has the potential to give rise to risk.

A

RISK SOURCE

58
Q

ISO 31000:2018 Definition of Terminologies

occurrence or change of a particular set of circumstances; It can have 1 or more occurrences, and can have several causes and several consequences.

59
Q

ISO 31000:2018 Definition of Terminologies

the outcome of an event affecting objectives, either positive or negative and direct or indirect effects.

A

cONSEQUENCE

60
Q

ISO 31000:2018 Definition of Terminologies

  • the chance of something happening, the equivalent term being used is probability.
A

LIKELIHOOD

61
Q

ISO 31000:2018 Definition of Terminologies

  • measure that maintains or modifies risk, and may include any process, policy, device, practice or other conditions and/or actions which can maintain or modify risk.
62
Q

wHAT ARE 8 ISO 31000:2018 PRINCIPLES

A

Integrated
Structured and Comprehensive
Customized
Inclusive
Dynamic
Best Available Information
HUman and Cultural Factros
continual improvement

ISCI DB HC

63
Q

What are the 6 components of Risk Management Framework (and ano young NASA center)

A

Leadership and Commitment (Center)
Integration
Design
Implementation
Evaluation (measure RM framework against purpose, place, expected behavior)
Improvement (adapt to internal and external)

LIDI IE

64
Q

___ involves the systematic application of policies, procedures and practices to the activities of communicating and consulting, establishing the context and assessing, treating, monitoring, reviewing, recording & reporting risk.

A

Risk management process

65
Q

Risk management process

6 components of risk management process?

IN ORDER

A
  • Communication and Consultation
  • Scope Context And criteria
  • Risk Assessment (risk identification, risk analysis, risk evaluation)
  • risk treatment
  • Monitoring and Review
  • Recording and Reporting
66
Q

Establishing the Context
ISO 31000 states that the fist stage in the risk management process is to establish the context.

■ The three (3) components of organizational context are:

  • _________ is described as the risk architecture, strategy and protocols or the risk management framework within the organization.
  • _________ refers to the organization itself, the activities it undertakes, the range of skills and capabilities available within the organization, and how it is structured.
  • __________ is the environment within which the organization exists. This environment will include consideration of the business sector within which the organization operates, external stakeholders and their expectations and the external financial environment.
A

Risk management context
Internal context
External context

67
Q

_____________ is the leading professional body for Enterprise Risk Management (ERM), with over 30 years of experience, the company has set the leading industry standards for risk management.

■A not-for-profit membership body with members in all industries, in all sectors all over the world.

68
Q

according to IRM

____ is The process whereby organizations methodically address the risks attaching to their activities with the goal of achieving sustained benefit within each activity and across the portfolio of all activities.

69
Q

_____ is a joint initiative of the five private sector organizations listed below and is dedicated to providing thought leadership through the development of FRAMEWORKS and guidance on ENTERPRISE risk management, internal control and fraud deterrence.

A

The Committee of Sponsoring Organizations of the Treadway Commission (COSO)

70
Q

Read only

The five (5) organizations that comprise COSO are:
■ American Accounting Association
■ American Institute of Certified Public Accountants
■ Financial Executives International
■ The Association of Accountants and Financial Professionals in Business
■ The Institute of Internal Auditors

71
Q

The ______ provides a framework against which risk management and internal control systems can be assessed and improved.

72
Q

____ use the cube to illustrate the links between business objectives on the top of the cube and the eight components shown on the front. These categories of business objectives are also the categories of risks that organizations face. The third dimension of the cube represents the business units of the organization and illustrates that ERM should be implemented across all locations and all activities within the organization.

73
Q

COSO ERM FRAMEWORK (read only)

  • Internal environment - The internal environment encompasses the tone of an organization and sets the basis for how risk is viewed and addressed.
  • Objective setting - Objectives must exist before management can identify potential events affecting their achievement.
  • Event identification - Internal and external events affecting achievement of objectives must be identified, distinguishing between risks and opportunities.
  • Risk assessment - Risks are analysed, considering likelihood and impact, as a basis for determining how they should be managed.
  • Risk response - Management selects risk responses - avoiding, accepting, reducing, or sharing risk.
  • Control activities - Policies and procedures are established and implemented to help ensure the risk responses are effectively carried out.
  • Information and communication - Relevant information is identified, captured, and communicated so that people can fulfil their responsibilities.
  • Monitoring - The entirety of enterprise risk management is monitored and modifications made as necessary.
74
Q

_____ is

A non-profit organization representing accounting professionals in Canada. The organization represents Canadian chartered accountants (CAs) both nationally and internationally.
■ It was responsible for developing generally accepted accounting principles (GAAP) for Canadian accounting techniques and also publishes guidance and educational materials on a number of accounting-related topics.

A

Canadian Institute of Chartered Accountants’ Standard