Risk Management

Question 1

Known Unknowns and Unknown Unknowns

Answer 1

Known unknowns are uncertainties that we know exist but we don’t know much about their probability or impact.

Unknown unknowns are risks that we don’t know exist. They are the events that “blindside” an organization (or individuals or entire cultures).

Question 2

Kaplan & Mikes Categories of Risk

Answer 2

Internal and Preventable- come from within the org and can include violations of ethics and failures in routine processes

External- Outside the org and beyond its control. Include changes in economy or laws & regulations, disruptive tech, and availability of trained employees.

Strategy- Strategic cost/benefit. Ie. uncertainty as to whether loans an be repaid, employees will be productive, resource shortages, projects might fail.

Question 3

Enterprise Risk

Answer 3

Strategic—risks that affect the organization’s ability to achieve its objectives

Operational—risks that affect the myriad ways in which the organization creates value

Financial—risks that affect the accuracy and timeliness of information about the organization’s financial performance and condition

Hazard—risks that have the potential to cause physical harm to property or people (for example, an illness or injury) in the immediate and long term

Question 4

ISO Organizational Framework to support risk-aware, risk-intelligent cultures

Answer 4

Management commitment
Design of a framework for managing risk
Implementing risk management
Periodic monitoring and review of the framework
Continual improvement of the framework

Question 5

Risk Management Process

Answer 5

1. Establish the context of risk
2. Identify and analyze risks
3. Manage Risks
4. Evaluate

Question 6

Risk Position

Answer 6

the organization’s desired gain or acceptable loss in value.

Question 7

Risk appetite/tolerance

Answer 7

the amount of uncertainty the organization is willing to pursue or to accept to attain its risk management goals.

Question 8

Factor influencing Risk tolerance/appetite

Answer 8

• Orgs strategic goals
• Orgs characteristic attitude towards risk
• Orgs resources or risk capacity
• Externally imposed requirements
• Loss expectancy
  
  • Single Loss Expectancy (SLE)- the expected monetary loss every time a risk occur- SLE=Asset Value x exposure factor
  • Annualized loss expectancy (ALE)- the expected monetary loss for an asset due to a risk over a one-year period. ALE= SLE x Annualized rate of occurrence (ARO)E

Question 9

Examples of misaligned risks:

Answer 9

Moral Hazard- exists when one party engages in risky behavior knowing that it is protected against the risk because another party will incur any resulting loss

Principal-agent Problem- when an agent (such as an employee) makes decisions or takes actions on behalf of a principal (an employer or owner) but has personal incentives that may not align with those of the principal.

Conflict of Interest- when a person or organization has the potential to be influenced by two opposing sets of incentives, is exemplified in both moral hazard and the principal-agent dilemma.

Question 10

MECE

Answer 10

Mutually exclusive and comprehensively exhausted
(Risk Identification)

Question 11

Methods to understand risks

Answer 11

Consulting experts and information sources
Focus groups and individual interviews
Surveys
Process Analysis
Direct Observation

Question 12

Risk Equation

Answer 12

Risk Level=Probability of occurrence x magnitude of impact

Question 13

PAPA

Answer 13

Prepare- events are not likely to happen but will materialize quickly if they do occur. That means contingency plans must be in place and early indicators defined.
Act- events are both highly probable and fast-moving
Park - events are slow-moving and unlikely.
Adapt- events are actually slowly materializing trends that may affect the organization significantly

Question 14

Risk Scorecard

Answer 14

A risk scorecard starts by identifying the event or threat. After factoring in the event/threat probability, speed of onset, existing mitigation, and severity of the impact, the user will see a final number that displays a weighted threat ranking index.

Question 15

KRI (Key Risk Indicators)

Answer 15

Are important metrics or predictors that provide an early warning signal of an organization’s increased or increasing risk exposure.

KRIs are strategically aligned with key initiatives or strategic objectives, and they are developed by considering the root causes of risks and intermediate events that may signal changes

Question 16

Risk Management Tactics

Answer 16

Avoidance- The decision not to become involved in or action to withdraw from a risk situation.
Reduction- The actions taken to lessen the probability, negative consequence, or both associated with a risk.
Sharing- Sharing with another party the burden of loss or benefit of gain for a risk. Risk sharing can be done through insurance or other agreements. It can create new risks or modify existing risks. Relocation of the source of risk is not risk sharing.
Retention- The acceptance of the burden of loss or benefit of gain for a risk.

Question 17

Risk responses

Answer 17

Eliminate Uncertainty- optimize or avoid
Redefine ownership- Share or transfer
Enhance or mitigate

Question 18

Risk management targets should:

Answer 18

Be strategically focused
Combine activities and results
Combine lagging and leading metrics

Question 19

Emergency preparedness and business continuity require

Answer 19

Preparedness for foreseen and unforeseen events
Response capability to secure employee health & safety and continue productivity

Question 20

HR involvement in contingency plans

Answer 20

Policies
Evaluation and relocation
Communication
Training
Continuity

Question 21

Illness & Injury Actions

Answer 21

Notification and verification of disease risk
Understanding the disease and resources
Identifying the scope of the risk
Determining employer risk
Handling internal and HR compliance matters