RM QUIZ 2 (M4) Flashcards

1
Q
  • The overall process of risk identification, risk analysis and risk evaluation.

▪ It should be conducted systematically, iteratively and collaboratively, drawing on the knowledge and views of stakeholders, and should use the
best available information.

▪ Involves the recognition of risks and then rating them to determine the significant risks facing the organization, project or strategy.

A

RISK ASSESSMENT

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

▪ The purpose of _____ is to identify the SIGNIFICANT risks that could impact the corporate objectives, stakeholder expectations, core
processes and key dependencies.

A

risk assessment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

■ The purpose of ____ is to find, recognize and describe risks that might help or prevent an organization in achieving its objectives

A

risk identification

note:
- Relevant, appropriate and up-to-date information is important in identifying risks.
■ The organization should identify risks, whether or not their sources are under its control.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

factors to consider in risk Identification

A
  • Tangible and intangible sources of risks
    ■ Causes and events
    ■ Threats and opportunities
    ■ Vulnerabilities and capabilities
    ■ Changes in the external and internal context
    ■ Indicators of emerging risks
    ■ The nature and value of assets and resources
    ■ Consequences and their impact on objectives
  • Limitations of knowledge and reliability of information
    ■ Time-related factors
    ■ Biases, assumptions and beliefs of those involved
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

The purpose of ______ is to comprehend the nature of risk and its characteristics including, the level of risk.

A

Risk Analysis

Note:
■ Analysis techniques can be qualitative, quantitative or a combination of these, depending on the circumstances and intended use.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q
  • _______ involves a detailed consideration of uncertainties, risk sources, consequences, likelihood, events, scenarios, controls and their effectiveness and can be undertaken with varying degrees of detail and complexity, depending on the purpose of the analysis, the availability and reliability of information, and the resources available.
A

Risk analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

T or F

  • Highly uncertain events can be difficult to quantify and will require using a combination of techniques to provide greater insight.
A

T

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

■ Risk analysis provides an input to ______ , to decisions on whether risk needs to be treated and how, and on the most appropriate risk treatment strategy and methods

A

risk evaluation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Factors to consider in Risk Analysis

A

■ The likelihood of events and consequences
■ The nature and magnitude of consequences
■ Complexity and connectivity
■ Time-related factors and volatility
■ The effectiveness of existing controls
■ Sensitivity and confidence levels

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q
  • The purpose of _______ is to support decisions.
  • It involves comparing the results of the risk analysis with the established risk criteria to determine where additional action is required.
A

risk evaluation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Decisions after Risk Evaluation

A

– Do nothing Further
– Consider Risk Treatment options
– UNdertake further analysis to better understand the risk
– Maintain existing controls
– Reconsider objectives

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

______ is only useful if the conclusions of the assessment are used to inform decisions and/or to identify the appropriate risk responses for the type of risk under consideration.

A

Risk assessment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

______ recommend the assessment of inherent risk, while _____ states that risk assessment should be undertaken at inherent and at residual level.

A

– Internal auditors
– ISO31000

Note:
The benefit of undertaking assessment of inherent risk is that the difference between the current (residual) level and the inherent level can be identified.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

One of the approaches to Risk Assessment

■ When risk assessment is being undertaken by the Board of Directors, the Chief Executive Officer (CEO) and the other top-level management of an organization.

A

Top-down Risk Assessment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

One of the approaches to Risk Assessment

When risk assessments are undertaken by involving individual members of staff and local department management.

A

Bottom up Risk Assessment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Read only:

Top Down Risk Assessment advantage and Disadvantage

A

Adv:

– Enterprise wide Approach
– Significant risks quickly identified
– “Buy-in” from top

Dis Adv:
– Too much Focus on External Risks
– No focus on Internal ops
– Too Superficial

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Read only:
Bottom Up Risk Assessment advantage and Disadvantage

A

Adv
– Buy in at all levels
– Ops awareness of local risks
– Varied Methodology

Dis Adv
– No focus on External
–Time Consuming
– Too Detailed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Risk Assessment Techniques

  1. _________
    ■ The use of structured questionnaires and checklists to collect information that will assist with the recognition of the significant risks.
  2. ________
    ■ Collection and sharing of ideas at workshops to discuss the events that could impact the objectives, core processes or key dependencies.
  3. _______
    * Physical inspections of premises and activities and audits of compliance with established systems and procedures.
  4. _____________
    ■ Analysis of the processes and operations within the organization to identify critical components that are key to success
A

1– Questionnaires and Checklists
2– Workshops and Brainstorming
3– Inspections and Audits
4– Flowcharts and Dependency Analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Risk Assessment Techniques

____________

■ An analysis of the strengths, weaknesses, opportunities, and threats faced by the organization.

■ It has the benefit that it also considers the upside of risk by evaluating opportunities in the external environment.

  • One of its strengths is that it can be linked to STRATEGIC decisions.
A

SWOT ANALYSIS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Risk Assessment Techniques

_____________
* Considers the political, economic, social, technological, legal and ethical (or environmental) risks faced by the organization.

■ IT IS is a well-established structure with proven results for undertaking brainstorming sessions during risk assessment workshops.

A

PESTLE Analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Risk Assessment Techniques

_________
* A structured approach that ensures that NO RISKS s are omitted. IT studies are often undertaken of hazardous chemical installations and complex transport structures, such as railways and nuclear power stations.
■ It can also be applied to the analysis of the safety of products.
■ It is a very analytical and time consuming.

A

HAZOP (hazard and Operability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Risk Assessment Techniques

__________

■ it is a process that is being used by reliability engineers to understand potential industrial hazards and PREVENT ACCIDENTS.

■in risk management, it is used to evaluate the severe consequences of failure, how likely it is for the failure to occur and the chance of detecting the failure before it happens.

A

FMEA (Failures Modes and Effect Analysis

NOTE:
■ A very analytical and time-consuming approach

  • Problems and defects are expensive. Customers understandably place high expectations on manufacturers and service providers to deliver quality and reliability.

■ Often, faults in products and services are detected through extensive testing and predictive modeling in the later stages of development. However, finding a problem at this point in the cycle can add significant cost and delays to schedules. The challenge is to design in quality and reliability at the beginning of the process and ensure that defects never arise in the first place.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Risk Assessment Techniques

__________

■ The first stage is to put the risk description into the middle box.
■ The causes of the risk then need to be recorded along with the preventive controls to stop the risk occurring and these are placed on the left side of the tie.
■ The impact of the risk and the identified response controls to lessen the impact of the risk are then placed on the right side of the tie.

A

bow tie analysis

Source - Preventive controls

Impact - Response Contols

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

______ is a qualitative and systematic tool, usually created within a spreadsheet, to help practitioners anticipate what might go wrong with a product or process.

■ In addition to identifying how a product or process might fail and the effects of that failure, It also helps find the possible causes of failures and the likelihood of failures being detected before occurrence.

  • It is one of the best ways of analyzing potential reliability problems early in the development cycle, making it easier for manufacturers to take quick action and mitigate failure. The ability to anticipate issues early allows practitioners to design out failures and design in reliable, safe and customer-pleasing features.
A

■FMEA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q
  • When completing FMEA, it’s important to remember Murphy’s Law: “_______.” Participants need to identify all the components, systems, processes and functions that could potentially fail to meet the required level of quality or reliability. The team should not only be able to describe the effects of the failure, but also the possible causes.
A

Anything that can go wrong, will go wrong

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

THREE Criteria of FMEA

A

– Severity
– Occurence
– Detection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

■ To determine the significance of a risk, a test should be conducted using a “_____”

A

benchmark test

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Example of Benchmark test for risk significance

A

FIRM RISK SCORECARD
Financial
Infrastructure
Reputational
Marketplace

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

The most commonly use risk matrix is the ____, one that demonstrates the relationship between the likelihood of the risk materializing and the impact of the event should the risk materialize.

A

likelihood/impact matrix

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Identify each Likelihood
_____
Can reasonably be expected to occur, but has only occurred 2 or 3 times over 10 years in the organization or similar organizations.

_____
Has occurred in the organization more than 3 times in the past 10 years or occurs regularly in similar organizations, or is considered to have a reasonable likelihood of occurring in the next few years.

_____
Occurred more than 7 times over 10 years in the organization or in other similar organizations, or circumstances are such that it is likely to happen in the next few years.

_____
Has occurred 9 or 10 times in the past 10 years in this organization, or circumstances have arisen that will almost certainly cause it to happen.

A

Unlikely

Possible

Likely

Almost Certain

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Likelihood analysis and probability estimation

Source: ISO IEC 31010 Risk Assessment Techniques

a) The use of _____ to identify events or situations which have occurred in the past and hence be able to extrapolate the probability of their occurrence in the future.

b) ____ using predictive techniques.

c) ____ can be used in a systematic and structured process to estimate probability.

A

a.) relevant historical data
b.) Probability forecasts
c.) Expert opinion

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Identify each Magnitude
_____

Serious impact on health; serious loss of reputation that will influence trust and respect for a long time; violation of law that results; large economic loss that cannot be restored.

_____
No impact on patient health; minor reduction of reputation in the short run; no violation of law; negligible economic loss which can be restored.

_____
Death or permanent reduction of health of patient; serious loss of reputation that is devasting for trust; serious violation of law; considerable economic loss that cannot be restored.

_____
Minor temporary impact on patient health; small reduction of reputation that may influence trust for a short time; violation of law that results in a warning; small economic loss that can be restored.

A

Severe

Small

Catastrophic

Moderate

33
Q
  • ______determines the nature and type of impact which could occur assuming that a particular event situation or circumstance has occurred.
  • An event may have a range of impacts of different magnitudes and affect a range of different objectives and different stakeholders.
A

Consequence analysis

NOte:

  • Consequence analysis can involve:
    a. taking into consideration existing controls to treat the consequences, together with all relevant contributory factors that have an effect on the consequences;

b. relating the consequences of the risk to the original objectives;

c. considering both immediate consequences and those that may arise after a certain time has elapsed, if this is consistent with the scope of the assessment;

d. considering secondary consequences, such as those impacting upon associated systems, activities, equipment or org

34
Q

4Ts of Hazard Management

____ the risk to another party

____ the risk and its likely impact

____ the risk to reduce the likely impact or exposure

____ the activity generating the risk

A

Transfer

Tolerate

Treat

Terminate

35
Q
  • _____ is the amount of risk that remains after controls are accounted for.
A

Residual or current level risk

35
Q

___ represents the amount of risk that exists in the absence of controls.

A

Inherent risk

36
Q
  • ____ is the level of risk that is of interest to risk managers
A

Target level of risk

37
Q

■ ______ reflects the AMOUNT and TYPE of risks that an organization is willing to PURSUE or retain or the more immediate need to take risk in order to achieve objectives.

A

Risk appetite

NOTE
IMMEDIATE

38
Q

______ represents the long-term APPROACH of the organization to risks

A

Risk attitude

NOTE
LONGTERM

39
Q

RISK APPETITE MATRIX

____ includes all of the risks that have already been identified, plus any emerging risks that are starting to appear

A

UNIVERSE OF RISK

40
Q

RISK APPETTITE MATRIX

_____is the level of risk that the organization feels comfortable taking and embedding into core processes because, regardless of the likelihood of the risk materializing, the impact is so small that it would not be significant if it did materialize or there will be a likelihood of a risk materializing that is considered so remote that it is assumed that it will not occur, even though it would be very serious if it did

A

COMFORT ZONE

41
Q

____ includes all of the risks that have high likelihood/high-impact and will be intolerable for the organization.

A

CRITICAL ZONE

42
Q

_____

include all the risks with medium-likelihood/medium impact that will require some judgement before acceptance.

A

Concerned zone and cautious zone

NOTE:
RISK AVERSE = more Concerned zone

Risk Aggressive = Less concerned zone and more comfort zone

43
Q

Identify Classification headings

coso

A

Strategic

Operations

Reporting

Compliance

SORC

44
Q

Identify Classification headings

IRM

A

FINANCIAL

OPERATIONAL

STRATEGIC

HAZARD

FSOH - FOSH

45
Q

Identify Classification headings

BS 31100

A

FINANCIAL

OPERATIONAL

STRATEGIC

PROGRAMME

PROJECT

SPPFO - FOSPP

46
Q

Identify Classification headings

FIRM RISK SCORECARD

A

FINANCIAL

INFRASTRUCTURE

REPUTATIONAL

MARKETPLACE

FIRM

47
Q

Identify Classification headings

PESTLE

A

POLITICAL

ECONOMIC

SOCIOLOGICAL

TECHNOLOGICAL

ENVIRONMENTAL

48
Q

read only
Simplified business model

  1. Strategy
  2. Operations
  3. Tactics
  4. Events
  5. Results of Operations
49
Q

t or f

Categorizing risks according to a single risk classification system is always
helpful.

A

f.

not always

British Standard states that the number and type of risk categories employed
should be selected to suit the size, purpose, nature, complexity and context of
the organization.

  • The categories should also reflect the maturity of risk management within the
    organization
50
Q

British Standard states that the number and type of risk categories employed
should be selected to suit the ___, ____, ____, ___ and context of
the organization.

A

Size
purpose
nature
complexity

51
Q

The purpose of ___

  • Enable the organization to identify where similar risks exist within the organization.
  • Enable the organization to identify who should be responsible for setting a
    strategy for the management of related or similar risks.
  • Enable the organization to better identify the risk appetite, risk capacity, and total risk exposure in relation to each risk, group of similar risks, or generic type of risk.
A

Risk Classification Systems

52
Q

________

  • Offers a classification system for the risks to the key dependencies in the organization.
    ■ It also reflects the idea that every organization should be concerned about its finances, infrastructure, reputation and marketplace success.
A

Firm Scorecard

53
Q
  • ______ is the measure of how much risk the organization SHOULD TAKE or can afford to take and this is compatible with the organization’s attitude to risks.
A

Risk capacity

  • Risk capacity of an organization will depend on:
    ■ organization’s financial strength
    ■ robustness of its infrastructure
    ■ strength of its reputation
    ■ the brands and the competitive nature of the marketplace in which it operates
54
Q

■ In simple terms, risk appetite should be within the _______ of the organization and greater than or equal to the ______ that the organization faces.

A

risk capacity

actual risk exposure

55
Q

___ is the actual risk the organization is taking and this may not be the same as the risk appetite of the organization.

A
  • Risk exposure
56
Q

MAJOR CATEGORIES OF RISKS

A

MARKET R
CREDIT R
LIQUIDITY R
OPERATIONAL R
LEGAL AND REGULATORY R
BUSINESS R
STRATEGIC R
REPUTATION R

MC LOL BSR

57
Q

8 MAJOR CATEGORIES OF RISKS

___ risk that changes in financial market prices and rates that will reduce the value of a security or a portfolio

A

MAKET RISKS

58
Q

UNDER MARKET RISKS

_____ -risk that the value of a fixed-income security will fall as a result of an increase in market interest rates.

_____ -RIsk associated with volatility in stock prices

  • _____arises from open or imperfectly hedged positions in particular foreign currency denominated assets and liabilities leading to fluctuations in profits or values as measured in a local currency.

_____ - risk associated with commodity prices volatility

A
  • Interest rate risk
  • Equity price risk
  • Foreign exchange risk-
  • Commodity price risk
59
Q

8 MAJOR CATEGORIES OF RISKS

____ risk of an economic loss from the failure of a counterparty to fulfill its contractual obligations, or from the increased risk of default during the term of the transaction

A

CREDIT RISK

60
Q

UNDER CREDIT RISK

____ -corresponds to the debtor’s incapacity or refusal to meet his/her debt obligations, whether interest or principel payments on the loan contracted, by more than a reasonable relief period from the due date..

_____
risk of taking over the collaterized, or escrowed, assets of a defaulted borrower or counterparty

______ -risk that the perceived creditworthiness of the borrower or counterparty might deteriorate.

_____ -risk due to the exchange of cash flows when a transaction is settled. This risk is greatest when payments occur in different time zones, especially for foreign exchange transactions, such as currency swaps, where notional amounts are exchanged in different currencies

A

Default risk
Bankruptcy risk
* Downgrade risk
Settlement risk

61
Q

LIQUIDITY RISK COMPRISES OF

A

FUNDING LIQUIDITY RISK

TRADING LIQUIDITY RISK

62
Q

UNDER LIQUIDITY RISK

_____ risk relates to a firm’s ability to raise the necessary cash to roll over its debt, to meet the cash, margin, and collateral requirements of counterparties, and to satisfy capital withdrawals.

____ often simply called liquidity risk, is the risk that an institution will not be able to execute a transaction at the prevailing market price because there is, temporarily, no appetite for the deal on the other side of the market

A

FUNDING LIQUIDITY RISK

TRADING LIQUIDITY RISK

63
Q

8 MAJOR CATEGORIES OF RISKS

____ refers to potential losses resulting from a range of operational weaknesses including inadequate systems, management failure, faulty controls, fraud, and human errors, in the banking industry, operational risk is also often taken to include the risk of natural and man-made catastrophes (e.g.. earthquakes, terrorism) and other nonfinancial risks

A

OPERATIONAL RISKS

64
Q

OPERATIONAL RISKS COMPRISES OF

A

HUMAN FACTORS RISK

TECHNOLOGY RISKS

FRAUD RISKS

65
Q

8 MAJOR CATEGORIES OF RISKS

___ are risks related to legal or governmental actions that can have a material impact on the achievement of business objectives.

A

LEGAL AND REGULATORY RISK

66
Q

8 MAJOR CATEGORIES OF RISKS

___ refers to the classic risks of the world of business, such as uncertainty about the demand for products, or the price that can be charged for those products, or the cost of producing and delivering products.

A

BUSINESS RISK

67
Q

8 MAJOR CATEGORIES OF RISKS

___ refers to the risk of significant investments for which there is a high uncertainty about success and profitability. It can also be related to a change in the strategy of a company vis-à-vis its competitors.

A

STRATEGIC RISK

68
Q

8 MAJOR CATEGORIES OF RISKS

_____ the potential loss to financial capital, social capital and/or market share resulting from damage to a firm’s reputation. It can be divided into two main classes: the belief that an enterprise can and will fulfill its promises to counterparties and creditors, and the belief that the enterprise is a fair dealer and follows ethical practices.

A

REPUTATIONAL RISK

69
Q

8 MAJOR CATEGORIES OF RISKS

__-concems the potential for the failure of
one institution to create a chain reaction or domino effect on other institutions and consequently threaten the stability of financial markets and even the global economy

A

SYSTEMIC RISK

70
Q

____ * Are being applied to lessen the likelihood of the risk occurring and minimize the impact of the risk to the organization

A

LOSS CONTROL

71
Q

ELEMENTS OF LOSS CONTROL

___ is about reducing the likelihood of an adverse event occurring, although it will also be concerned with reducing the magnitude of an event that does occur

A

LOSS PREVENTION

NOTE LIKELIHOOD

72
Q

ELEMENTS OF LOSS CONTROL

____ is concerned with reducing the magnitude of the event when it does materialize

A

DAMAGE LIMITATION

NOTE MAGNITUDE

73
Q

ELEMENTS OF LOSS CONTROL

  • is concerned with reducing the impact and consequences of the event. It will be concerned with ensuring the lowest cost of repairs, as well as business continuity plans to ensure that the organization can continue operations following damage to the asset that has been affected
A

COST CONTAINMENT

NOTE CONSEQUENCE AND IMPACT

74
Q

3 SEGRAGATION OF DUTIES

A

SAFEKEEPING
AUTHORIZATION
RECORD KEEPING

75
Q

____

  • The reward for taking the risk in the first place.
    ■ It is simply achieving what the organization set out to achieve, by taking the risks that were embedded in the strategy, tactics and/or operations that were involved.
    ■ when an organization realizes that solving a particular risk-based problem has brought a benefit, rather than a cost.
A

UPSIDE OF RISK

76
Q
  • The benefits of good risk management within projects are that the project is more likely to be delivered on time, to budget and at the required quality.
  • Risk management activities will assist the delivery of the project and, at the same time, help manage a situation when an outcome is different from what was expected as the project progresses.
A

UPSIDE OF PROJECTS

77
Q
  • Strategic issues are vitally important, and failure to implement strategy or the selection of an inappropriate strategy can be amongst the most devastating risks to hit an organization.
  • The upside of risk in strategy is that risk management efforts help with the design of an effective and efficient strategy
A

UPSIDE OF STRATEGY

78
Q
  • Risk management evaluation of operations can enable the organization to deliver the most effective and efficient activities, operations and processes.
  • By delivering the most effective and efficient operations, an organization can achieve advantages over a competitor and undertake work for a lower cost and still make a profit.
A

UPSIDE OF OPERATIONS