Risk Identification and Management Flashcards
what are the 2 different approaches to risk identification and why are they needed?
top-down, bottom- up
Both approaches to risk identification are needed for a holistic view on the risks that can be identified and managed
what is the definition of risk?
the effect of uncertainty on objectives
what are the different types of risks?
Internal
external
employment/workplace practice
clients, products and business practices
what do risks need to be aligned to?
objectives (strategy and business for effective management)
what are the three key stages of the risk management framework? (SAT)
sequence (the risk event/cause)
actions (identification of the risk)
techniques (tools are established to engage in risk management)
what is operational risk?
not credit/market-risk, ‘non-financial risk’
what are the 4 key risk management actions? (IAMM)
identification, assessment, mitigation and monitoring
how often would top-down risk analysis take place?
1-4 x a year depending on the organisation
who would participate in top-down risk analysis?
senior risk owners, executive committee members and heads of business lines
what is the objective of top-down risk analysis?
to identify major business threats that could jeopardize strategic objectives
what the methods of engaging in top-down analysis?
BRAINSTORMING WORKSHOPS ARE CONDUCTED USING TOOLS SUCH AS EXPOSURE REVIEWS, RISK WHEELS, AND CAUSAL ANALYSIS.
what is the prevalence of bottom- up risk identification?
more common, especially in organizations new to risk management
what is the process of bottom- up risk identification?
Process mapping which identifies tasks and associated risks, providing a clear visual representation of how processes function and where risks may arise
what is the outcome of bottom- up risk identification?
A detailed risk register that often highlights smaller risks missed by top-down analysis, ensuring a comprehensive understanding
what is the focus of bottom- up risk identification?
concentrates on local vulnerabilities and process inefficiencies, providing a granular view
what are exposures in risk management?
Exposures include key clients, principal distribution channels, critical systems, primary revenue sources, regulatory exposure, and brand value (mainly external)
what are vulnerabilities?
weakest links within the organization, such as weak and fragile systems, unmaintained processes, resistance to risk management, and small, unmonitored operations.
what is the purpose of the risk wheel?
tool used to spark creativity during risk identification brainstorming
sessions - helps to ensure a wide range of risks are considered
what are the components of the risk wheel?
all the different sources of potential risks e.g., strategic
objectives, political and social risks, technological, legal, and
natural events, business continuity, and governance.
what are the benefits of the risk wheel?
highlights connections between different risk types, encouraging
comprehensive discussions on various risk themes - fosters a thorough understanding
what is the purpose of process mapping?
establishes tasks and maps controls with corresponding risks, providing a visual representation of processes and associated risks
where is process-mapping usually used?
commonly used in IT, operations, and project management to identify risks within specific business processes
What is the level of detail required for process mapping?
can be granular or high-level depending on level of preciseness required
what are the benefits of process mapping?
highlights under- or over-controlled risks, ensuring a balanced approach to risk management
