Risk Classification Systems

Question 1

Why might a firm classify its risks?

Answer 1

1. Structure - provide structure to the risk identification process.
2. Consistent terminology- helps develop consistent risk terminologies across the firm.
3. Grouping risks - similar risks can be grouped to improve knowledge and for similar treatments and avoid duplication.
4. Assign responsibilities to different risk types.
5. Estimate risk exposure by type of risk using experts for each type of risk.

Question 2

What are short, medium and long term risks?

Answer 2

Short - Immediate impact on STOC.

Medium - Impact on STOC after between 1 and 3-5 years after risk event.

Long - Impact on STOC in excess of 3-5 years after risk event.

Question 3

What are the 4Ps?

Answer 3

Four areas that a risk event can impact.

People, Premises, Processes and Products.

Question 4

What is the risk classification system used by COSO ERM Cube?

Answer 4

SORC - Strategic, Operational, Reporting, Compliance

Question 5

What is the risk classification system used by IRM standard?

Answer 5

FSOH - Financial, Strategic, Operational, Hazard

Question 6

What is the risk classification system used by the FIRM risk scorecard?

Answer 6

FIRM - Financial, Infrastructure, Reputational and Marketplace.

Question 7

What does BS31100 say that risk classification systems should be based on?

Answer 7

A firm’s:

1. Size
2. Complexity
3. Nature
4. Purpose
5. Context

Question 8

What is a risk classification system that can be used for external risk events?

Answer 8

PESTLE - Political, Economic, Sociological, Technological, Legal, Environment/Ethical

Question 9

What does the Orange Book recommend as a way to analyse external risks?

Answer 9

Use SWOT analysis on each component of PESTLE.