Risk Management Flashcards
What is risk management?
Risk management is the process of identifying, assessing, and mitigating potential risks that could impact a project, business, or organization.
What is the difference between a risk and an issue?
A risk is a potential future event that may occur, while an issue is a problem that has already happened.
What is the purpose of a risk assessment?
A risk assessment evaluates potential hazards to determine their likelihood and impact, helping organizations take preventive actions.
What does the term “likelihood” mean in risk management?
Likelihood refers to the probability of a risk occurring.
What does “impact” mean in risk management?
Impact refers to the potential consequences or severity of a risk event.
What is the difference between inherent and residual risk?
Inherent risk is the risk level before controls are applied, while residual risk is the risk that remains after mitigation measures.
What is a risk appetite?
Risk appetite is the amount of risk an organization is willing to accept in pursuit of its objectives.
What are the five main risk responses?
Avoid, Mitigate, Transfer, Accept, and Exploit.
What is the role of a risk owner?
A risk owner is responsible for monitoring, managing, and implementing mitigation actions for a specific risk.
What is qualitative risk analysis?
Qualitative risk analysis assesses risks based on subjective criteria, such as likelihood and impact rankings.
What is quantitative risk analysis?
Quantitative risk analysis uses numerical data and models to assess risk impact, such as Monte Carlo simulations.
What is a risk matrix?
A risk matrix is a tool that plots risks based on their likelihood and impact to prioritize mitigation efforts.
How does risk management benefit an organization?
It helps minimize losses, improve decision-making, enhance compliance, and ensure business continuity.
What is the difference between preventive and corrective risk controls
Preventive controls reduce the likelihood of a risk occurring, while corrective controls address issues after they happen.
What is a black risk
Risk response planning
Avoidance - Eliminate the risk entirely - Using a different supplier to avoid supply chain disruptions
Mitigation -Reducing the likelihood or impact of the risk - Implementing cybersecurity controls to prevent data breach
Transfer - Shifting the risk to a third party eg insurance - buying insurance for construction accidents
Acceptance - Acknowledging the risk and preparing a contingency plan - Example accepting potential weather delays but planning for extra time
