Risk Management

Question 1

The ability to not just withstand high-impact events or shocks, but to improve and benefit from them

Answer 1

Antifragility

Question 2

Designed to change the probability of a risk event occurring and/or the degree of its impact on the org’s objectives

Answer 2

Risk Management Strategies

Question 3

Known Knowns (ISO)

Answer 3

Events to be expected, involve little uncertainty

Question 4

Known Unknowns

Answer 4

Uncertainties we know exist, but don’t know about their probability or impact

Question 5

Unknown Unknowns

Answer 5

Risks we don’t know exist - rare, major impact

Question 6

Kaplan and Mike’s 3 risk categories

Answer 6

1. Internal and preventable
2. Strategy
3. External

Question 7

Components of Enterprise Risk

Answer 7

strategic, operational, financial, and hazards

Question 8

Recognized as meeting the highest level of social responsibility, sustainability, and well-being of employees, communities, and environment

Answer 8

Certified B Corporations

Question 9

3 Barriers to risk management

Answer 9

1. Structural
2. Cognitive
3. Cultural

Question 10

Steps of the Risk Management process

Answer 10

1. Establish the context of the risk
2. Identify and analyze risks
3. Manage risks
4. Evaluate

Question 11

Risk Position

Answer 11

The org’s desired gain or acceptable loss in value, influenced by its risk appetite and risk tolerance

Question 12

Single loss expectancy

Answer 12

Expected monetary loss every time a risk occurs

Question 13

Annualized loss expectancy

Answer 13

Expected monetary loss over a 1-yr period

Question 14

One party engages in risky behavior knowing it is protected because another party will incur any resulting loss

Answer 14

Moral Hazard

Question 15

An agent makes decisions on behalf of a principal but has personal incentives not aligned with principal

Answer 15

Principal-Agent Problem

Question 16

Person or org has potential to be influenced by two opposing incentives

Answer 16

Conflict of interest

Question 17

Risk Control

Answer 17

Action taken to manage a risk

Question 18

Mutually Exclusive and Comprehensively Exhaustive (MECE)

Answer 18

The org wants to be confident it has identified all plausible risks for all strategic and operational aspects, but wants to avoid duplication or overlapping identification

Question 19

Orgs should take all possible steps to ensure health, safety, and well-being of employees and protect from foreseeable injury

Answer 19

Duty of Care

Question 20

How an org can improve its understanding of broad risk

Answer 20

• consult experts and information sources
• focus groups and individual interviews
• surveys
• process analysis
• direct observation

Question 21

Risk Equation

Answer 21

probability of occurrence x magnitude of impact

Question 22

Risk Scorecard

Answer 22

Rating the expected probability, speed of onset, existing mitigation, and severity of impact on a 1-3 scale

Question 23

Risk Matrix

Answer 23

plots risks on axis by impact and probability

Question 24

PAPA model

Answer 24

Evaluates risks by speed of change and likelihood:
-Prepare
-Act
-Park
-Adapt

Question 25

Predictions that provide early warning signal of an org’s increasing risk exposure

Answer 25

Key Risk Indicators

Question 26

Lists info about and responsibility for managing specific risks

Answer 26

Risk Register

Question 27

Tactics to eliminate uncertainty of a risk

Answer 27

Optimize or Avoid

Question 28

Tactics to redefine ownership of a risk

Answer 28

Share or Transfer

Question 29

Tactics to employ levers to increase or decrease a risk’s effect

Answer 29

Enhance or Mitigate

Question 30

Tactics to take no action on a risk

Answer 30

Ignore or Accept

Question 31

What must an org weigh in order to choose a risk management approach?

Answer 31

the costs of doing nothing against the costs of the response and level of confidence in the response

Question 32

First step of implementing the Risk Management Plan

Answer 32

Defining risk management performance objectives

Question 33

What do contingency plans address?

Answer 33

• policies
• evacuation/relocation
• communication
• training
• continuity

Question 34

The best way to help employees learn the appropriate response to crisis situations, and to test the risk management plan

Answer 34

Simulations and drills

Question 35

Acquire valuable info/data that can be used or sold to competitors

Answer 35

Espionage

Question 36

Hindering an org’s ability to function properly by damaging equipment, IT capabilities, org reputation, or harming employees

Answer 36

Sabotage

Question 37

Most important factor to consider for drug test policies

Answer 37

Federal and state law compliance

Question 38

How to prevent group think

Answer 38

prioritize and gather facts before soliciting opinions

Question 39

How to prevent normalization of deviance

Answer 39

pay attention to warning signs, ensure standards are taken seriously and deviance is addressed/remedied

Question 40

How to prevent risk incubation

Answer 40

stress importance of planning for and prioritizing risks before they materialize

Question 41

When should specific risk management programs be evaluated?

Answer 41

After every incident and and at regular agreed intervals

Question 42

Meetings to determine the effectiveness of a risk response strategy

Answer 42

After-action debrief

Question 43

Reporting of an org’s violation of policies and processes by employees

Answer 43

Whistleblowing

Question 44

Conducts area safety inspections and evaluates hazards

Answer 44

Safety committee

Question 45

The probability of a risk occurring

Answer 45

Vulnerability

Question 46

How to best ensure a risk management plan has adequately prioritized and addressed the risk(s)

Answer 46

Examine the near misses

Question 47

The amount of uncertainty that remains after all possible management strategies have been exhausted

Answer 47

Residual Risk

Question 48

The amount of uncertainty an org is willing to accept to attain its goals

Answer 48

Risk Appetite

Question 49

Activities in the ISO risk management process

Answer 49

Communication and consultation, monitoring and review