Risk Management Flashcards

1
Q

Fundamental process involving identification, analysis, treatment, monitoring, and reporting of risks

■ Crucial for projects and business, it involves the identification and assessment of uncertainties that may impact objectives

A

Risk Management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Proactive process recognizing potential risks, with a goal of creating a comprehensive list based on events hindering objectives

■ Crucial first step in risk management
■ Involves recognizing potential risks that could impact an organization
■ Risks can vary from financial and operational to strategic and reputational

A

Risk Identification

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Evaluate likelihood and potential impact.

It can be qualitative or quantitative method

The outcome is prioritized list for guiding risk treatment

A

Risk Analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Developing strategies to manage identified risk

Develop Strategies Include:
Risk Avoidance
Risk Reduction
Risk Sharing
Risk Acceptance

A

Risk Treatment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Ongoing process tracking identified risks, Monitor residual risks, Identify new risks, and Review risk management effectiveness
● Ensures dynamic responsiveness to organizational changes

A

Risk Monitoring

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Communicate risk information and effectiveness of risk management to stakeholders

Various forms
○ Dashboards
○ Heat Maps
○ Detailed Reports

● Crucial for accountability and informed decision-makin

A

Risk Reporting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Regularity with which risk assessments are conducted within an organization

A

Risk Assessment Frequency

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

● Conducted as needed, often in response to specific events or situations
● Address potential new risks or changes in existing risks

A

Ad-Hoc Risk Assessments

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

● Conducted at regular intervals (e.g., annually, quarterly, monthly)
● Part of standard operating procedures for continual risk identification and management

A

Recurring Risk Assessments

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

● Conducted for specific projects or initiatives
● Not repeated, associated with a particular purpose

A

One-Time Risk Assessments

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

● Ongoing monitoring and evaluation of risks
● Enabled by technology, involving real-time data collection and analysis
● Used for proactive threat and vulnerability monitoring, facilitating quick responses

A

Continuous Risk Assessments

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

■ Evaluates effects of disruptions on business functions
■ Identifies and prioritizes critical functions
■ Assesses impact of risks on functions
■ Determines required recovery time for functions

A

Business Impact Analysis (BIA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

○ Maximum acceptable time before severe impact
○ Target time for restoring a business process

A

Recovery Time Objective (RTO)

(Key Metrics in BIA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

○ Maximum acceptable data loss measured in time
○ Point in time data must be restored to

A

Recovery Point Objective (RPO)

(Key Metrics in BIA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

○ Average time to repair a failed component or system
○ Indicator of repair speed and downtime minimization

A

Mean Time to Repair (MTTR)

(Key Metrics in BIA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

○ Average time between system or component failures
○ Measure of reliability

A

Mean Time Between Failures (MTBF)

(Key Metrics in BIA)

17
Q

■ Records identified risks, descriptions, impacts, likelihoods, and mitigation actions
■ Key tool in risk management
■ May resemble a heat map risk matrix
■ Facilitates communication and risk tracking
■ Key component of project and business operations

A

Risk Register

18
Q

Components of Risk Register

A

Risk Description - Identifies and describes the risk
Risk Impact - Potential consequences of risk occurrence
Risk Likelihood - Probability of risk occurrence
Risk Outcome - Result of the risk if it occurs
Risk Level or Threshold - Determined by combining impact&likelihood
Cost - Financial impact on the project

19
Q

● An organization or individual’s willingness to deal with uncertainty in pursuit of their goals
● Maximum amount of risk they are willing to accept
● Acceptance without countermeasures

A

Risk Tolerance/Risk Acceptance

20
Q

Willingness to pursue or retain risk

Types:
○ Expansionary
○ Conservative
○ Neutral

Can be the amount of residual risk an organization is willing to accept

A

Risk Appetite

21
Q

■ Predictive metrics signaling increasing risk exposure
■ Provide early warning of potential risks
■ Tied to the organization’s objectives
■ Used to monitor risk changes and take proactive steps

A

Key Risk Indicators (KRIs)

22
Q

■ Responsible for managing the risk
■ Monitors, implements mitigation actions, and updates Risk Register
■ Accountable for risk management

A

Risk Owner

23
Q

■ Primary method in risk management
■ Assesses risks based on potential impact and likelihood
■ Categorizes risks as high, medium, or low
■ Subjective and relies on expertise and experience
■ Avoids quantitative complexity

A

Qualitative Risk Analysis

Key componenys Include:
Likelihood/Probability
Impact

24
Q

■ Provides objective and numerical evaluation of risks
■ Used for financial, safety, and scheduling decisions

A

Quantitative Risk Analysis

Utilizes key components
● Single Loss Expectancy (SLE)
● Exposure Factor (EF)
● Annualized Rate of Occurrence (ARO)
● Annualized Loss Expectancy (ALE)

25
Proportion of asset lost in an event (0% to 100%) ● Indicates asset loss severity
Exposure Factor (EF)
26
Monetary value expected to be lost in a single event ● Calculated as Asset Value x Exposure Factor (EF)
Single Loss Expectancy (SLE)
27
Estimated frequency of threat occurrence within a year ● Provides a yearly probability
Annualized Rate of Occurrence (ARO)
28
Expected annual loss from a risk ● Calculated as SLE x ARO
Annualized Loss Expectancy (ALE)
29
Shifts risk to another party ● Common methods: Insurance Contract Indemnity Clause
Risk Transference (Risk Management Strategies)
30
● Acknowledge and deal with risk if it occurs ● Used when cost of managing the risk outweighs potential loss or risk is unlikely to have a significant impact ● No actions to mitigate the risk are taken
Risk Acceptance (Risk Management Strategies)
31
● Change plans or strategies to eliminate a specific risk ● Chosen when the risk is too great to accept or transfer
Risk Avoidance (Risk Management Strategies)
32
● Take steps to reduce likelihood or impact of risk ● Common strategy involving various actions
Risk Mitigation (Risk Management Strategies)
33
Process of ● Tracking identified risks ● Monitoring residual risks ● Identifying new risks ● Evaluating risk response plans ■ Involves ongoing tracking of risks and their response actions ■ Helps determine Residual Risk and Control Risk
Risk Monitoring
34
The likelihood and impact of the risk after mitigation, transference, or acceptance measures have been taken on the initial risk
Residual Risk
35
Assessment of how a security measure has lost effectiveness over time
Control Risk
36
■ Communicating information about risk management activities to stakeholders ■ Includes results of risk identification, assessment, response, and monitoring ■ Often presented in the form of a risk report
Risk Reporting