Risk Identification Techniques Flashcards
Names (i) six negative risks and (ii) one positive risk.
NEGATIVE RISK:
- Fire.
- Workplace accident.
- Creditor/debtor default on loan.
- Recession.
- Cyber attack.
- Sudden reduction in consumer demand.
POSITIVE RISK: Sudden increase in consumer demand.
Name five risk identification techniques.
- Checklists - specific or macroscopic.
- Focus groups - multi-disciplinary working groups.
- Analytical approaches.
- Expert judgement - reliant upon skills and expertise of specialists.
- Physical inspections.
What are the advantages and disadvantages of inspections?
ADVANTAGES:
- Visit undertaken by professional with relevant and specialist knowledge.
- Outcomes will usually include formal inspection report, including specific improvement recommendation to reduce the probability and impact of lossses.
DISADVANTAGES:
- Inspection of faults visible on examined day.
- Expensive.
- 3rd party risks not fully assessable by inspector.
- RM is ultimately employees’ responsibility, not the inspector.
- Erroneous view that risks are transferable to inspector.
What are six advantages and disadvantages of using checklists?
ADVANTAGES:
- Cheap and efficient way of gathering information.
- Simple and easy to use.
- Capable of gathering information from a variety of sources.
- Capable of being tailored to accommodate different scenarios and requirements.
- Useful for updating information on current usage and monitoring future trends.
- Helpful to ensure compliance with prevailing risk management regulations.
DISADVANTAGES:
- May be used by someone not skilled in subject checklist.
- May be used someone unfamiliar with checklist objectives and ultimate usage of outputs.
- Possible over-emphasis on mere ‘form-filling’, rather than the purpose of the checklist.
- Checklist may be ambiguous to user.
- May be completed too quickly, with insufficient thought.
- Risk that form-filler may have reasons for suppressing risk information.
What are analytical approaches to risk identification (and name four approaches)?
- Analytical approaches use various research and logic structuring methodologies to make risk identification more scientific and minimise human error.
- Techniques include:
- Delphi technique;
- Root cause analysis;
- SWIFT (structured ‘what-if’ tests); and
- System and process mapping.
What are the five key characteristics of the Structured What-If Technique (SWIFT)?
- Optimal for identification of health and safety, and environmental risks.
- No standardisation approach.
- Flexible.
- Supported by checklists for potential risk events.
- Efficient - avoids lengthy discussion on areas where risks known to exist.
What are the eight key steps of the Structure What-If Technique (SWIFT)?
- Definition of purpose and scope.
- Assembly of stakeholder team and identification of objectives.
- Collation of information, interviews and observations.
- Breakdown into tasks/elements and formulation of ‘what-if’ questions.
- Performance of checklist review for additional questions.
- Response to questions.
- Determination of additional controls.
- Reporting of findings.
What are the key characteristics of the Delphi Technique?
- Information-gathering exercise used to achieve consensus of experts on a risk subject.
- Each expert participates anonymously, via a facilitator, who uses a questionnaire to solicit responses.
- Responses are summarised and recirculated to experts for further comments.
- Consensus may be achieved in a few or many rounds.
What are the
What are the four principles of a root cause analysis?
Emphasis on investigating root causes of a hypothetical or actual risk event, with the following characteristics:
- Identifies causes of the relevant risk event.
- Establishes the timeline from the normal operations to the risk event.
- Distinguishes between immediate causes and root causes.
- Usage of results to improve controls and help manage future events.
What are the characteristics of a system and processing mapping / issue tree?
- Mapping of organisational systems and processes into flow charts.
- Distills a complex, singular risk event into simpler component issues via tree.
- The identified component issues may then be used to identify mitigating actions.
What are the six forms of emerging risk?
P-olitical: Government stability; taxation; regulation infrastructure.
E-conomic: Growth; inflation; monetary policy; employment rates.
S-ocial: Income distribution; demography; education; lifestyle factors.
T-echnological: International influences; tech. transfer; R&D; communication.
E-nvironmental: Restrictions; climate change; energy savings; workforce health.
L-egal: Regional laws; court system; health and safety; law enforcement.
What does a SWOT analysis comprise?
- SWOT = Strengths; Weaknesses; Opportunities; Threats.
- Comprises a tabular analysis of an organisation’s INTERNAL strengths (helpful) and weaknesses (harmful), and its EXTERNAL opportunities (helpful) and threats (harmful).
What risk reporting does the World Economic Forum produce?
- Annual WEF Global Risk Report provides a briefing on current and emerging areas of risk.
- Top 5 increasing risks identified in 2020:
- Economic confrontations amongst major powers;
- Domestic political polarisation;
- Extreme heatwaves;
- Destruction of natural ecosystems; and
- Cyberattacks.
What does a qualitative risk assessment comprise?
- Data is classified according to magnitude (1<2<3 and so on).
- No standard of measurement between classification - it is not possible to discern how much bigger ‘2’ is in comparison to ‘1’ and so forth.
- Classification values may be ascribed to risk probability, impact and exposure.
What does a quantitative risk assessment comprise?
- Predicated upon principles of STATISTICAL ANALYSIS to compute DISTRIBUTIONS for RISK PROBABILITY and IMPACT, combining the same to yield an OBJECTIVE ASSESSMENT of RISK EXPOSURE.
- Quantitative risk assessments use HISTORICAL DATA (backward-looking).
What does a hybrid approach risk assessment comprise?
- Combination of quantitative and qualititative risk assessment techniques, often used for low probability-high risk events.
- Provides a comparatively CONSISTENT and OBJECTIVE METHOD for risk assessment.
- No SIGNIFICANT DATA DEPENDENCY.
- Two key forms:
- STRESS TESTING; and
- SCENARIO ANALYSIS.
What does stress testing involve and name five variables typically used for these purposes?
- Assesses impact that EXTREME MOVEMENTS in KEY FINANCIAL VARIABLES may have, in isolation or together, upon an organisation - useful to gauge FINANCIAL STRENGTH.
- Key assessment variables comprise:
- Fall in INCOME;
- Rising INFLATION;
- Rising or falling INTEREST RATES;
- CASH FLOW fluctuations; and
- Sudden increase in COSTS.
What does scenario analysis involve?
- Scenario = outline, mode or description of risk events.
- Relevant risk managers or experts determine PLAUSIBLE but EXTREME SCENARIOS an assess the IMPACT on the organisation (if the scenario arose).
- May assess a SINGLE VARIABLE SCENARIO (e.g. instance of fraud).
- Possible to evaluate a MULTIPLE VARIABLE SCENARIO (e.g. systems failure at critical business time when a strategic transaction requires execution).
How do simple and complex risk registers differ?
- SIMPLE risk register comprises:
- Risk description;
- Risk categorisation;
- Risk owner;
- Probability / impact; and
- Risk controls. - COMPLEX risk register comprises:
- Qualitative probability and impact assessments of inherent and residual risks;
- Any maximum exposure limit assigned for residual risk exposure;
- Pottential causes of risk event;
- Information on potential (non-)financial impacts of the risk event; and
- Metrics used to monitor exposure to risk event.
What are four forms of risk reporting?
- Loss and near miss databases: Events that have/could have caused financial/non-financial loss.
- Narrative reporting: Explanation of how a risk exposure is changing (typically where there is no numerical data).
- Risk, control and performance indicators: Different indicators and reports may be applied to different management levels; may also use R-A-G status.
- Risk dashboards and balanced scorecards: Comprise risk reports that combine various risk and control indicators (e.g. heat maps, risk event and near miss data) concerning specific elements:
- Financial performance;
- Operational efficiency;
- Human resources; and
- Compliance.