Risk: Issues For Directors Flashcards
What are the key stages within the strategic planning process?
- Description of the desired outcome (vision)
- Statement of the work done (mission)
- Development of strategic plans
- Implementation and monitoring
What is the definition of strategy?
The process of selecting goals and developing ways to achieve them long-term
What does VUCA stand for in the context of developing good strategy?
Volatility, Uncertainty, Complexity, Ambiguity
What is the time horizon for a strategic plan?
3-5 years, reviewed annually
What is the primary purpose of business plans?
Outlines actions to implement the strategic plan, including forecasts, financial plans, and budgets
True or False: Operational plans provide details that assist with the planning.
True
What must be aligned with the strategic plan?
Budget and financial sustainability
What role does the board play in setting strategy?
The board must be proactively engaged in strategic planning
In owner-operator organisations, what is the board’s role?
Assess risks and assist the owner in implementing strategy
What is the role of the board in not-for-profit organisations (NFPs)?
Set the plan with the CEO
What is a key responsibility of the board regarding strategy?
Ensuring the organisation has an appropriate strategy
What are the four key questions in the planning cycle?
- Where are we now
- Where do we want to be
- How do we get there
- How will we know we are on track
What does SWOT analysis help identify?
Areas to focus on to create value
What is the purpose of the Blue Ocean Strategy?
To create uncontested market space and make competition irrelevant
What is strategic intent?
Key deliverables that will be achieved during the plan period and the value it will create
What is the Ansoff Matrix used for?
To analyze growth strategies
Fill in the blank: A _______ strategy is undisciplined and enters the market with better, cheaper options.
disruptive
What are some methods for cost reduction?
- Scalability/Efficiency
- Sourcing supplies at reduced cost
- Vertical integration
- Process improvement
What are KPIs?
Key Performance Indicators used to measure the success of strategic plans
List some indicators of future performance.
- Innovation monitoring
- Culture health indicators
- Sales pipeline quality
- Sick leave trends
- Quality control/defects
What type of reporting should be used for exceptions in strategic plans?
Exception-based reporting
What is the purpose of a balanced scorecard?
To provide transparency, ensure alignment between mission and execution, and allow for customization
What is strategic risk?
Risks that could prevent the organisation from achieving its strategic goals
What is competitive risk?
The risk of falling behind competitors as they innovate faster
What does operational risk refer to?
The risk that operations and business processes are not up to standard
What are two common reasons strategies fail?
- Not understanding the problem
- Not understanding the organisation’s capabilities
What should be included in a strategic plan review?
- Value created for shareholders
- Consistency with vision, mission, and values
- Identification of strengths and opportunities
What are the four common reasons strategies fail?
- Not understanding the problem
- Not understanding the organization’s capabilities
- Not understanding the immovable pressures
- Not understanding the cultural landscape
These reasons highlight the importance of comprehensive understanding in strategic planning.
What does the term ‘organizational capabilities’ refer to in strategy execution?
The collective abilities of an organization to perform its functions effectively and efficiently.
This includes resources, skills, and processes available to the organization.
What percentage of employees spend less than three hours per week on strategic work according to a recent study?
76%
This statistic indicates a significant gap in strategic engagement among employees.
What are the five key culture questions for boards?
- Clear direction on culture
- Monitoring of organizational culture
- Support of structures and policies for desired culture
- Access to reliable data on culture realization
- Relevance of current cultural values for the future
These questions help boards assess and guide the culture within the organization.
What are the four steps in the strategic planning cycle?
- Formulation
- Approval
- Implementation
- Review
This cycle ensures that the strategic plan is developed, approved, executed, and evaluated effectively.
What is the purpose of the PESTELED framework?
To analyze various external factors that can impact an organization.
PESTELED stands for Political, Economic, Social-cultural, Technological, Environmental, Legal, Ethical, and Demographic factors.
What are Porter’s Five Forces?
- Rivalry among existing industry participants
- Bargaining power of customers
- Threat of new entrants
- Bargaining power of suppliers
- Threat of substitute products or services
These forces help analyze the competitive environment of an industry.
Define ‘risk capacity’.
The broad-based amount of risk an organization can accept in pursuit of its objectives.
This term is crucial for understanding how much risk an organization is willing to undertake.
What is the difference between inherent risk and residual risk?
- Inherent risk: identified but not treated
- Residual risk: identified and treated, but some risk remains
Understanding both types of risk is essential for effective risk management.
What is meant by ‘risk appetite’?
The amount of risk an organization is willing to take in achieving its goals.
This concept varies between different risks and informs decision-making processes.
Fill in the blank: The process of identifying potential events that may impact an entity and managing the risk according to the organization’s risk appetite is known as _______.
risk management
Effective risk management is vital for organizational success.
What are the components of the International Risk Management Framework?
- Integrated
- Structured and comprehensive
- Customized
- Inclusive
- Dynamic
- Best available information
- Human and cultural factors
- Continual improvement
These components ensure a comprehensive approach to risk management.
What should directors ensure regarding risk appetite?
It aligns with the organization’s risk culture, vision, mission, and values.
Alignment is essential for effective risk governance.
What is the role of directors in risk management?
- Establishing risk appetite levels
- Revisiting risk appetite regularly
- Receiving active reports on key issues
- Conducting ‘deep dives’ for assurance
Directors play a crucial role in overseeing and guiding risk management processes.
True or False: Directors should only focus on financial risks in risk management.
False
Directors need to consider a broad range of risks, including operational, strategic, and compliance risks.
What factors influence organizational risk cycles?
- Size of the organization
- Financial health
- Stage of maturation
- Competition
- Changing regulatory environment
- Nature of the decision
- Industry speed of change
- State of the economy
These factors impact how an organization manages risks over time.
What is risk velocity?
How quickly one goes from the onset of the risk to the impact of the risk.
Understanding risk velocity helps organizations prepare for potential impacts.
What are the two types of cycles most organisations operate on?
Short-term or annual cycle and a longer-term strategic cycle of 5 years.
What is the purpose of a reporting culture?
To encourage people to report errors, unsafe conditions, inappropriate procedures, and other concerns.
Who sets the reporting parameters in an organisation?
Directors, board, CEO.
What systems should be established for effective complaints handling?
Internal and external complaints handling, near-miss reporting, whistleblowing systems.
What is the role of a whistleblowing system?
To protect the reporter and encourage a reporting culture.
True or False: Blame should be attached to reporting in a just culture.
False.
What does a thinking and learning culture encourage?
Thinking about new technologies and business models.
What should a risk-aware culture promote among directors and boards?
Mindfulness of risk without fear.
Fill in the blank: An ethical culture must consider the _______ of the organisation on its risk framework.
[ethics]
What are the key components of ISO 2018 Risk Management Guidelines regarding communication?
- Bring different areas of expertise together
- Ensure different views are considered
- Provide sufficient information for risk oversight
- Build a sense of inclusiveness
What is involved in the scope, context, criteria aspect of risk management?
- Define the scope of risk management activities
- Establish external and internal context
- Specify acceptable levels of risk
What are the three steps in risk assessment?
- Risk identification
- Risk analysis
- Risk evaluation
What should monitoring and review systems establish?
Monitoring and reporting systems in all stages of the risk management process.
What personal risks do directors face?
- Inability to meet governance challenges
- Reputation
- Defamation
- Secrets and surprises
- Board dysfunctionality
- Financial viability
- Conflicts of interest
What is the first step in business continuity planning?
Understanding areas of business vulnerability.
What is a crucial component of crisis management?
- Have a plan
- Identify a spokesperson
- Be honest and open
- Keep employees informed
What actions should directors take regarding risk management?
- Undertake due diligence
- Understand risk terms
- Develop and renew risk appetite
- Review risk management framework
Fill in the blank: It is critical to ensure a review process is _______.
[in place]
True or False: Complacency around business continuity and crisis management planning is acceptable.
False.
What should be the focus of training, testing, and maintaining the business continuity plan?
Testing in a real environment when key personnel are unavailable.
What does the ISO 22301 standard provide?
Guidance for establishing a business continuity system (BCM).
What is a key aspect of effective risk culture?
Aligning culture throughout the entire organisation.
