Risk Management

Question 1

the Capability to effectively answer the following questions

Answer 1

ERM

Question 1

Is the human activity which integrates recognition of risk, assessment, developing strategies to manage it.

Answer 1

RM - Risk Management

Question 2

Ranges from 0-70MPH - the amount of risk an organization is willing to accept to achieve objectives.

Answer 2

Risk appetite

Question 3

Ranges from 70-80 MPH:
the acceptable deviation from the organization’s risk appetite.

Answer 3

Risk Tolerance

Question 4

80 MPH and Above

Answer 4

Unacceptable risk

Question 5

organization risk exposure types

Answer 5

• Reputational Exposure
  -Compliance Exposure
  -Operational Exposure
  -Strategic Exposure

Question 6

Financial vs.

Answer 6

Non financial industries

Question 7

-Insurable
-One-dimensional assessment (severity)
- Manages risks one-by-one
- Occurs within one business department (“siloed”)
-Reactive & sporadic
- Disjointed activities
- Standardized
- Risk Averse

Answer 7

Traditional Risk Management

Question 8

-Non-Insurable
-multi-dimensional assessment
- Analyzes material risks and how they relate
- Spans the entire organization (holistic)
-Proactive & Continuous
- Embedded in Culture & mindset
- More nuanced; requires soft skills
- Risk taking

Answer 8

Enterprise Risk Management

Question 9

five step risk management process

Answer 9

1. Identify the risks
2. Analyze the likelihood and impact of each
3. Prioritize risk based on enterprise objectives.
4. Treat or respond to the risk conditions
5. Monitor results and adjust as necessary.

Question 10

Processes can be applied to managing positive risks:

Answer 10

1. Top-down, bottom-up
2. Risk By Category

Question 11

Risk by categories.

Answer 11

strategic risk (e.g., reputation, customer relations, technical innovations);

financial and reporting risk (e.g., market, tax, credit);

compliance and governance risk (e.g., ethics, regulatory, international trade, privacy); and

operational risk (e.g., IT security and privacy, supply chain, labor issues, natural disasters).

Four basic risk types for businesses: people risks, facility risks, process risks and technology risks.

The final task in the risk identification step is for organizations to record their findings in a risk register. It helps track the risks through the subsequent four steps of the risk management process.

Question 12

the importance of embedding risk into business strategies and linking risk and operational performance.

governance and culture
*
strategy and objective-setting
*
performance
*
review and revision
*
information, communication and reporting

Answer 12

COSO ERM Framework

Question 13

a framework to help organizations apply risk management mechanisms to operations, and a process for identifying, evaluating, prioritizing and mitigating risk.

Answer 13

ISO 31000.

Question 14

including functions like identify, assess, respond, report and review.

Answer 14

British Standard (BS) 31100.

Question 15

framework helps risk professionals assess their programs in five categories: strategy alignment; culture and accountability; risk management capabilities; risk governance; and analytics

Answer 15

The Risk and Insurance Management Society’s Risk Maturity Model (RMM).

Question 16

implements policies, technology, employee training and other steps designed to eliminate risk.

Answer 16

a risk avoidance strategy

Question 17

strategy implements policies, technology, employee, employee training and other steps to reduce risk to an acceptable level

Answer 17

Risk Reduction strategy

Question 18

contracts with a third party to bear some or all costs of a risk that may or may not occur.

Answer 18

a risk transfer strategy

Question 19

accepts the risk because its potential to harm the organization is very limited or the cost of mitigating it exceeds the damage it would inflict.

Answer 19

A risk acceptance

Question 20

Benefits of risk management include the following:

Answer 20

increased awareness of risk across the organization;
*
more confidence in organizational objectives and goals because risk is factored into strategy;
*
better and more efficient compliance with regulatory and internal compliance mandates because compliance is coordinated;
*
improved operational efficiency through more consistent application of risk processes and control;
*
improved workplace safety and security for employees and customers; and
*
a competitive differentiator in the marketplace.

Question 21

The following are some of the challenges risk management teams should expect to encounter:

Answer 21

*
Expenditures go up initially, as risk management programs can require expensive software and services.
*
The increased emphasis on governance also requires business units to invest time and money to comply.
*
Reaching consensus on the severity of risk and how to treat it can be a difficult and contentious exercise and sometimes lead to risk analysis paralysis.
*
Demonstrating the value of risk management to executives without being able to give them hard numbers is difficult.

Question 22

ISO 31000’s seven-step process is a useful guide to follow:

Answer 22

1. Communication and consultation
2. Establishing the context
3. Risk identification.
4. Risk analysis
5. Risk evaluation.
6. Risk treatment.
7. Monitoring and review

Question 23

risk leaders must also develop -communication plan to convey the organization’s risk policies

Answer 23

1. Communication and consultation.

Question 24

defining -risk appetite and risk tolerance

Answer 24

2. Establishing the context

Question 25

risk scenarios - positive or negative impact on the organization’s ability to conduct business.

Answer 25

Risk identification.

Question 26

Making a risk heat map

Answer 26

Risk analysis

Question 27

o
Risk avoidance
o
Risk mitigation
o
Risk sharing or transfer
o
Risk acceptance

Answer 27

5. Risk evaluation.

Question 28

Monitoring activities should measure key performance indicators and look for key risk indicators that might trigger a change in strategy.

Answer 28

7. Monitoring and review

Question 29

Risk management best practices is ISO 31000’s 11 principles of risk management.
*
create value for the organization;
*
be an integral part of the overall organizational process;
*
factor into the company’s overall decision-making process;
*
explicitly address any uncertainty;
*
be systematic and structured;
*
be based on the best available information;
*
be tailored to the project;
*
take into account human factors, including potential errors;
*
be transparent and all-inclusive;
*
be adaptable to change; and
*
be continuously monitored and improved upon.

Question 30

Risk management limitations and
examples of failures

Answer 30

poor governance

Question 31

Create stability favoring efficiency

Answer 31

Resilient Systems

Question 32

FRIGILE

Answer 32

Efficient Systems

Question 33

is the process of evaluating and implementing procedures to reduce the impact of risks in construction projects.

Answer 33

Construction risk management

Question 34

software like Project Manager makes the risk management process much easier.

Answer 34

Project management

Question 35

What Are the Types of Risk in Construction Projects?

Answer 35

*
Safety Risk
*
Financial Risk
*
Legal Risk
*
Project Risk
*
Environmental Risk

Question 36

The Construction Risk Management Process:

Answer 36

1.Identification
2.Assessment: Not all risks are equal
3. Mitigation
4. Monitoring
5. Reporting .

Question 37

How do construction disputes transpire?

Answer 37

*Issues with contracts
*Behavior
*Project Uncertainty

Question 38

Common types of construction disputes

Answer 38

*Change of finish date
*Delays
*Design
*Goals
*Quality of materials
*Difficult projects

Question 39

How to resolve a dispute

Answer 39

*Negotiation
*Mediation
*Arbitration
*Litigation

Question 40

Preventing disputes

Answer 40

*Clear payment terms
*Communication
*Keep records
*Follow the contract