Risk Management Flashcards
Risk Management
Fundamental process involving identification, analysis, treatment, monitoring, and reporting of risks
Risk Management Lifecycle (double check if this is correct)
Risk Identification
Proactive process recognizing potential risks
Goal
Create a comprehensive list based on events hindering
objectives
Risk Analysis
Evaluate likelihood and potential impact
Qualitative or quantitative methods
Outcome
Prioritized list for guiding risk treatment
Risk Treatment
Develop strategies
Avoidance
Reduction
Sharing
Acceptance
Risk Monitoring
Ongoing process tracking identified risks
Monitor residual risks, identify new risks, and review
risk management effectiveness
Ensures dynamic responsiveness to organizational
changes
Risk Reporting
Communicate risk information and effectiveness of risk
management to stakeholders
Various forms
Dashboards
Heat Maps
Detailed Reports
Crucial for accountability and informed decision-
making
4 Risk Assessment Frequency types
Ad-hoc
Recurring
One-time
Continuous
Risk Identification concepts
Recovery Time Objective
Recovery Point Objective
Mean Time to Repair
Mean Time Before Failure
Qualitative Riak Analysis vs Quantitative Risk Analysis
Qualitative Risk Analysis
Assess and prioritize risks based on likelihood and impact
Quantitative Risk Analysis
Numerically estimate probability and potential impact
4 Risk Management Strategy types
1 Risk Transfer
2 Risk Acceptance
3 Risk Avoidance
4 Risk Mitigation
Business Impact Analysis (BIA)
Evaluates effects of disruptions on business functions
Identifies and prioritizes critical functions
Assesses impact of risks on functions
Determines required recovery time for functions
4 Key Metrics in Business Impact Analysis (BIA)
1: Recovery Time Objective (RTO)
Maximum acceptable time before severe impact
Target time for restoring a business process
2: Recovery Point Objective (RPO)
Maximum acceptable data loss measured in time
Point in time data must be restored to
3: Mean Time to Repair (MTTR)
Average time to repair a failed component or system
Indicator of repair speed and downtime minimization
4: Mean Time Between Failures (MTBF)
Average time between system or component failures
Measure of reliability
Define Risk Register
Records identified risks, descriptions, impacts,
likelihoods, and mitigation actions
Key tool in risk management
May resemble a heat map risk matrix
Facilitates communication and risk tracking
Key component of project and business operations
5 Components of Risk Register
1 Risk Description
2 Risk Impact
3 Risk Likelihood
4 Risk Outcome
5 Risk Level or Threshold
Risk tolerance/acceptance vs risk appretite
Risk Tolerance/Risk Acceptance
An organization or individual’s willingness to deal with
uncertainty in pursuit of their goals
Maximum amount of risk they are willing to accept
Acceptance without countermeasures
Risk Appetite
Willingness to pursue or retain risk
Types:
Expansionary
Conservative
Neutral
Key Risk Indicators (KRIs)
Predictive metrics signaling increasing risk exposure
Provide early warning of potential risks
Tied to the organization’s objectives
Used to monitor risk changes and take proactive steps
Define Qualitative Risk Analysis
Primary method in risk management
Assesses risks based on potential impact and likelihood
Categorizes risks as high, medium, or low
Subjective and relies on expertise and experience
Avoids quantitative complexity
key components to Qualitative Risk Analysis
Likelihood/Probability
Chance of risk occurrence
Qualitatively expressed as low, medium, or high
Based on past experience, statistical analysis, or expert
judgment
Impact
Potential consequences if risk occurs
Qualitatively rated as low, medium, or high
Assess damage to project or business objectives
Impact Levels
Low Impact
Minor damage, essential functions operational
Medium Impact Significant damage, loss to assets
High Impact Major damage, essential functions impaired
Define Quantitative Risk Analysis
Provides objective and numerical evaluation of risks
Used for financial, safety, and scheduling decisions
