Risk Management Flashcards
Protocol that an organization implements when an identified risk event occurs.
Contingency plan
A contingency plan is a protocol (predefined actions) that is activated when a risk event occurs, for example, activation of a severe weather work schedule.
Metrics that provide an early signal of increasing risk exposures for an enterprise.
Key risk indicators (KRIs)
*early warning signs/trends of things going in the wrong direction, not goals or end plan like KPIs
Amount of uncertainty an organization is willing to pursue or to accept to attain its risk management goals.
Risk tolerance/Risk appetite
Tool used to gather individual assessments of various characteristics of risk (e.g., frequency of occurrence; degree of impact, loss, or gain for the organization; degree of efficacy of current controls).
Risk scorecard
Principle that organizations should take all steps that are reasonably possible to ensure the health, safety, and well-being of employees and protect them from foreseeable injury.
Duty of care
Expected monetary loss for an asset due to a risk over a one-year period; calculated by multiplying single loss expectancy by annualized rate of occurrence.
Annualized loss expectancy (ALE)
Expected monetary loss every time a risk occurs; calculated by multiplying asset value by exposure factor.
Single loss expectancy (SLE)
Action taken to manage a risk
Risk control
Situation in which one party engages in risky behavior knowing that it is protected against the risk because another party will incur any resulting loss.
Moral hazard
*think financial crisis of 2008-2009 (high loans from banks and irresponsible individual behavior)
Situation in which an agent (e.g., an employee) makes decisions for a principal (e.g., an employer) potentially on the basis of personal incentives that may not be aligned with the principal’s incentives.
Principal-agent problem
Organization’s desired gain or acceptable loss in value.
Risk position
*influenced by one’s risk tolerance/appetite
Amount of uncertainty that remains after all risk management efforts have been exhausted.
Residual risk
Reporting of an organization’s violations of policies and processes by employees.
Whistleblowing
Actions that aim at reducing the probability that a risk will occur or decreasing the negative impact it will have. Prevention is a form of this.
Risk mitigation
- Example: Workers operating dangerous machinery cannot exceed a set shift length.*
- By limiting the length of the work shift, the company mitigates the risk of accidents caused by fatigue and inattention. This is aimed at reducing the probability of the occurrence of accidents.*
A report examines what happened, why it happened, what was done at the time, and what could have been done better
After-action debrief
After-action debriefs are a good way to examine the effectiveness of a specific risk response strategy, presenting an opportunity for learning and improvement.
What happened, why did it happen, and what were the results of the event?
What did we do in response?
Did we follow the plan?
What were the results relative to the requirements for managing this risk?
What unexpected events (beneficial or harmful) occurred? What do they suggest about our current plan or process?
How well did we communicate with each other, with external agencies, and with employees?
What could we have done differently to improve our handling of this risk?
Risk management process
Standard 31000/ISO’s 11 principles for risk management
In 2009 the International Organization for Standardization (ISO) released Standard 31000, “Risk Management: Principles and Guidelines.” ISO 31000 presented definitions related to risk, principles for organizations to follow in making themselves more resilient and capable of managing risk, and a risk management process.
A tool in which a simple grid in which the horizontal axis represents the probability that an event will occur and the vertical axis relates to the severity of the impact on the organization or function if the event occurs.
Risk Matrix
PAPA model
Crisis Management and Readiness Process
