Risk Management

Question 1

What is risk?

Answer 1

The chance the there will be a variation in outcome from what is expected to happen. An event may come along that adversely affects the achievement and objectives.

Question 2

What is opportunity?

Answer 2

The possibility that an event will occur and positively impact the achievement of objectives.

Question 3

What is uncertainty?

Answer 3

The inability to predict outcomes due to a lack of info.

Question 4

What is pure risk?

Answer 4

The chance something will go wrong.

Question 5

What is speculative risk?

Answer 5

The chance something will go well - but it is still a risk.

Question 6

What is business risk?

Answer 6

The risks businesses face.

Question 7

What is financial risk?

Answer 7

A non-business risk - risk of change in fianncial conditions etc. Not controlled by things the business does but also controlled by things the business does - debts.

Question 8

What is operational risk?

Answer 8

The risk that events can occur and the risk of disruption as a consequence.

Question 9

What is strategy risk?

Answer 9

The risk you will implement the wrong strategy.

Question 10

What is enterprise risk?

Answer 10

The risk that the enterprise will fail and so will the business.

Question 11

What is product risk?

Answer 11

When customers do not buy the anticipated amount but you have planned for a different outcome. Left without enough.

Question 12

What is economic risk?

Answer 12

The risk that comes from the fact that economic conditions can change unexpectedly.

Question 13

What is property risk?

Answer 13

The risk that you may lose property due to accidents. Often links to the risks that come from natural disasters.

Question 14

What are the stages of risk management?

Answer 14

Risk ID, Risk assessment, Risk response, Risk monitoring and reporting.

Question 15

Risk ID and awareness includes what?

Answer 15

Identifying all possible risks and any possible losses because of them. Includes taking on external advisers, doing risk audits, PEST/SWOT analysis. Have to consider if they are new, could they be limited, in what areas could they arise.

Question 16

Risk assessment and management includes what?

Answer 16

Identifying the nature and possible implications of a given risk.

Question 17

How is risk measured?

Answer 17

Probability x impact

Identifies how likely it is the risk will have any impact. This allows you to work out any potential loss.

Question 18

What is gross risk?

Answer 18

The potential loss associated with the risk, this is the name given to calculating the probabilty with the impact.

Question 19

What is exposure?

Answer 19

How likely is it that the business will be exposed to any risk. Does it face serious or not serious risks.

Question 20

What is volatility?

Answer 20

The measurement of the variability of the risk factor. Is it one that is always there or is it one that will potentially come out of no where.

Question 21

How is risk categorised?

Answer 21

High likelihood but low impact.
high likelihood and high impact.
Low likelihood and low impact.
Low likelihood and high impact.

Depending on where they fall a company might just accept them as a risk.
There is a map which allows companies to decide how they control the risks.

Question 22

What is risk response and control?

Answer 22

How you approach the risk impacts what you then do about. Do you rank It as serious or not.

Question 23

What is a risk averse attitude?

Answer 23

A business that doesn’t take risk at all, almost to a detriment. They will go for the options that have a lower return for lower risk over an option with higher return but slightly more risk.

Question 24

What is a risk neutral attitude?

Answer 24

They mainly focus on return and act accordingly. Everything is in line. They would choose investments based on return irrespective of risks.

Question 25

What is a risk seeker attitude?

Answer 25

They would pick investments based on risk not return. Even if they can go for an option with a more guaranteed return and less risk they would still choose it.

Question 26

What is the TARA model?

Answer 26

``` It provides a selection of potential responses to risk. Transfer/sharing Avoidance Reduction Acceptance and retention ```

Question 27

What is risk sharing?

Answer 27

You transfer or share the risk with a third party. Often exists in an insurance context. overall the cost to you would wind up as less because someone else will bear some of it.

Question 28

What is risk avoidance?

Answer 28

You do not undertake anything that carries risk. You lose any potential advantages as a consequence though.

Question 29

What is risk reduction?

Answer 29

Doing activities that don’t get rid of the risk but they do limit it to an acceptable level. You then have to work to keep the risk at that level constantly. You have to have quite stringent control measures in place.

Question 30

What is risk acceptance/retention?

Answer 30

You take the risk and tolerate the potential losses that come with it. This is often a last resort but often looking at risk this way ends up cheaper than the alternative.

Question 31

What is risk monitoring?

Answer 31

You look at the current risk management controls and monitor whether they are working. You also measure them against the risks you now face (as risks are always subject to change).

Question 32

What does the corporate governance code expect where risk is concerned?

Answer 32

Listed companies have to determine any risks they are willing to take to achieve their objectives and report risk management issues.

Question 33

What must be noted when risks arise?

Answer 33

Was corrective action taken. Was it a new risk or one previously identified. Had the risk been planned for and if so why were the signs it was coming to fruition ignored. How effective were any of the risk and response controls in place.

Question 34

What is a crisis in terms of risk?

Answer 34

Anything that impacts the wellbeing of the business and its normal operations.

Question 35

What are the three main types of crisis?

Answer 35

PR, strategy and finance

Question 36

What are the two axes for understanding an organisations resilience?

Answer 36

Axis 1 - processes and functions exist to PROTECT the organisation. Axis 2 - the way the organisation functions generally drives resilience at all times.

Question 37

What does axis 1 include?

Answer 37

Having risk management and disaster recovery plans. Knowing where the risks could come from so that if they arise you can see them coming.

Question 38

What does axis 2 include?

Answer 38

Creating strong relationships with all and instilling a strong sense of values in the behaviours of staff. Creating an environment that it would be harder for the product of risk to shake. Creating a flexible organisation environment that would be able to adapt and respond.

Question 39

What reduces resilience?

Answer 39

Lack of expertise Senior management not being involved enough It not being woven in to the culture of the business The tech not being well equipped enough Not having robust approaches to things

Question 40

What makes an organisation resilient?

Answer 40

Diversified resources Strong internal and external network of relationships Rapid and decisive responses to emerging crises Constant self review and adaptation

Question 41

How is resilience measured?

Answer 41

Compliance - with policy Completeness - how well rounded is the policy Value - how does the organisation itself measure these things Capability - how has it tested how capable it is in itself

Question 42

How can businesses ensure cyber resilience?

Answer 42

Having solid information security plans that would allow for prevention and recovery should a cyber threat arise

Question 43

What are the two disaster recovery plans?

Answer 43

Short term - for minor breakdowns | Long term - for breakdowns that would be more serious with longer term implications