Risk Management Flashcards
Fundamental process involving identification, analysis, treatment, monitoring, and reporting of risks
■ Crucial for projects and business, it involves the identification and assessment of uncertainties that may impact objectives
Risk Management
Proactive process recognizing potential risks, with a goal of creating a comprehensive list based on events hindering objectives
■ Crucial first step in risk management
■ Involves recognizing potential risks that could impact an organization
■ Risks can vary from financial and operational to strategic and reputational
Risk Identification
Evaluate likelihood and potential impact.
It can be qualitative or quantitative method
The outcome is prioritized list for guiding risk treatment
Risk Analysis
Developing strategies to manage identified risk
Develop Strategies Include:
Risk Avoidance
Risk Reduction
Risk Sharing
Risk Acceptance
Risk Treatment
Ongoing process tracking identified risks, Monitor residual risks, Identify new risks, and Review risk management effectiveness
● Ensures dynamic responsiveness to organizational changes
Risk Monitoring
Communicate risk information and effectiveness of risk management to stakeholders
Various forms
○ Dashboards
○ Heat Maps
○ Detailed Reports
● Crucial for accountability and informed decision-makin
Risk Reporting
Regularity with which risk assessments are conducted within an organization
Risk Assessment Frequency
● Conducted as needed, often in response to specific events or situations
● Address potential new risks or changes in existing risks
Ad-Hoc Risk Assessments
● Conducted at regular intervals (e.g., annually, quarterly, monthly)
● Part of standard operating procedures for continual risk identification and management
Recurring Risk Assessments
● Conducted for specific projects or initiatives
● Not repeated, associated with a particular purpose
One-Time Risk Assessments
● Ongoing monitoring and evaluation of risks
● Enabled by technology, involving real-time data collection and analysis
● Used for proactive threat and vulnerability monitoring, facilitating quick responses
Continuous Risk Assessments
■ Evaluates effects of disruptions on business functions
■ Identifies and prioritizes critical functions
■ Assesses impact of risks on functions
■ Determines required recovery time for functions
Business Impact Analysis (BIA)
○ Maximum acceptable time before severe impact
○ Target time for restoring a business process
Recovery Time Objective (RTO)
(Key Metrics in BIA)
○ Maximum acceptable data loss measured in time
○ Point in time data must be restored to
Recovery Point Objective (RPO)
(Key Metrics in BIA)
○ Average time to repair a failed component or system
○ Indicator of repair speed and downtime minimization
Mean Time to Repair (MTTR)
(Key Metrics in BIA)
○ Average time between system or component failures
○ Measure of reliability
Mean Time Between Failures (MTBF)
(Key Metrics in BIA)
■ Records identified risks, descriptions, impacts, likelihoods, and mitigation actions
■ Key tool in risk management
■ May resemble a heat map risk matrix
■ Facilitates communication and risk tracking
■ Key component of project and business operations
Risk Register
Components of Risk Register
Risk Description - Identifies and describes the risk
Risk Impact - Potential consequences of risk occurrence
Risk Likelihood - Probability of risk occurrence
Risk Outcome - Result of the risk if it occurs
Risk Level or Threshold - Determined by combining impact&likelihood
Cost - Financial impact on the project
● An organization or individual’s willingness to deal with uncertainty in pursuit of their goals
● Maximum amount of risk they are willing to accept
● Acceptance without countermeasures
Risk Tolerance/Risk Acceptance
Willingness to pursue or retain risk
Types:
○ Expansionary
○ Conservative
○ Neutral
Can be the amount of residual risk an organization is willing to accept
Risk Appetite
■ Predictive metrics signaling increasing risk exposure
■ Provide early warning of potential risks
■ Tied to the organization’s objectives
■ Used to monitor risk changes and take proactive steps
Key Risk Indicators (KRIs)
■ Responsible for managing the risk
■ Monitors, implements mitigation actions, and updates Risk Register
■ Accountable for risk management
Risk Owner
■ Primary method in risk management
■ Assesses risks based on potential impact and likelihood
■ Categorizes risks as high, medium, or low
■ Subjective and relies on expertise and experience
■ Avoids quantitative complexity
Qualitative Risk Analysis
Key componenys Include:
Likelihood/Probability
Impact
■ Provides objective and numerical evaluation of risks
■ Used for financial, safety, and scheduling decisions
Quantitative Risk Analysis
Utilizes key components
● Single Loss Expectancy (SLE)
● Exposure Factor (EF)
● Annualized Rate of Occurrence (ARO)
● Annualized Loss Expectancy (ALE)