Risk Management Flashcards

1
Q

Known Unknowns and Unknown Unknowns

A

Known unknowns are uncertainties that we know exist but we don’t know much about their probability or impact.

Unknown unknowns are risks that we don’t know exist. They are the events that “blindside” an organization (or individuals or entire cultures).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Kaplan & Mikes Categories of Risk

A

Internal and Preventable- come from within the org and can include violations of ethics and failures in routine processes

External- Outside the org and beyond its control. Include changes in economy or laws & regulations, disruptive tech, and availability of trained employees.

Strategy- Strategic cost/benefit. Ie. uncertainty as to whether loans an be repaid, employees will be productive, resource shortages, projects might fail.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Enterprise Risk

A

Strategic—risks that affect the organization’s ability to achieve its objectives

Operational—risks that affect the myriad ways in which the organization creates value

Financial—risks that affect the accuracy and timeliness of information about the organization’s financial performance and condition

Hazard—risks that have the potential to cause physical harm to property or people (for example, an illness or injury) in the immediate and long term

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

ISO Organizational Framework to support risk-aware, risk-intelligent cultures

A

Management commitment
Design of a framework for managing risk
Implementing risk management
Periodic monitoring and review of the framework
Continual improvement of the framework

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Risk Management Process

A
  1. Establish the context of risk
  2. Identify and analyze risks
  3. Manage Risks
  4. Evaluate
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Risk Position

A

the organization’s desired gain or acceptable loss in value.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Risk appetite/tolerance

A

the amount of uncertainty the organization is willing to pursue or to accept to attain its risk management goals.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Factor influencing Risk tolerance/appetite

A
  • Orgs strategic goals
  • Orgs characteristic attitude towards risk
  • Orgs resources or risk capacity
  • Externally imposed requirements
  • Loss expectancy
    • Single Loss Expectancy (SLE)- the expected monetary loss every time a risk occur- SLE=Asset Value x exposure factor
    • Annualized loss expectancy (ALE)- the expected monetary loss for an asset due to a risk over a one-year period. ALE= SLE x Annualized rate of occurrence (ARO)E
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Examples of misaligned risks:

A

Moral Hazard- exists when one party engages in risky behavior knowing that it is protected against the risk because another party will incur any resulting loss

Principal-agent Problem- when an agent (such as an employee) makes decisions or takes actions on behalf of a principal (an employer or owner) but has personal incentives that may not align with those of the principal.

Conflict of Interest- when a person or organization has the potential to be influenced by two opposing sets of incentives, is exemplified in both moral hazard and the principal-agent dilemma.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

MECE

A

Mutually exclusive and comprehensively exhausted
(Risk Identification)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Methods to understand risks

A

Consulting experts and information sources
Focus groups and individual interviews
Surveys
Process Analysis
Direct Observation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Risk Equation

A

Risk Level=Probability of occurrence x magnitude of impact

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

PAPA

A

Prepare- events are not likely to happen but will materialize quickly if they do occur. That means contingency plans must be in place and early indicators defined.
Act- events are both highly probable and fast-moving
Park - events are slow-moving and unlikely.
Adapt- events are actually slowly materializing trends that may affect the organization significantly

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Risk Scorecard

A

A risk scorecard starts by identifying the event or threat. After factoring in the event/threat probability, speed of onset, existing mitigation, and severity of the impact, the user will see a final number that displays a weighted threat ranking index.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

KRI (Key Risk Indicators)

A

Are important metrics or predictors that provide an early warning signal of an organization’s increased or increasing risk exposure.

KRIs are strategically aligned with key initiatives or strategic objectives, and they are developed by considering the root causes of risks and intermediate events that may signal changes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Risk Management Tactics

A

Avoidance- The decision not to become involved in or action to withdraw from a risk situation.
Reduction- The actions taken to lessen the probability, negative consequence, or both associated with a risk.
Sharing- Sharing with another party the burden of loss or benefit of gain for a risk. Risk sharing can be done through insurance or other agreements. It can create new risks or modify existing risks. Relocation of the source of risk is not risk sharing.
Retention- The acceptance of the burden of loss or benefit of gain for a risk.

17
Q

Risk responses

A

Eliminate Uncertainty- optimize or avoid
Redefine ownership- Share or transfer
Enhance or mitigate

18
Q

Risk management targets should:

A

Be strategically focused
Combine activities and results
Combine lagging and leading metrics

19
Q

Emergency preparedness and business continuity require

A

Preparedness for foreseen and unforeseen events
Response capability to secure employee health & safety and continue productivity

20
Q

HR involvement in contingency plans

A

Policies
Evaluation and relocation
Communication
Training
Continuity

21
Q

Illness & Injury Actions

A

Notification and verification of disease risk
Understanding the disease and resources
Identifying the scope of the risk
Determining employer risk
Handling internal and HR compliance matters

22
Q
A