ST5 Flashcards
Briefly explain ISO 31000: 2009 (Risk management standard)?
Using ISO 31000 can help organizations increase the likelihood of achieving objectives, improve the identification of opportunities and threats and effectively allocate and use resources for risk treatment.
What are the categories of risk?
- Operational risk
Think: Risks at the shop floor level - Compliance risk
Think: The risk of law and industry standards - Financial or business risk
Think: Risks due to money and finance - Programme or project risk
Think: Risks relating to specific projects - Technological/data risk
Think: Risks arising from IT and communication systems
-Strategic risk
Think: Risk at the highest levels of an organisation
-Speculative risk
Think: Risky undertakings and ventures
Define Operational risk?
Think: Risks at the shop floor level
Operational risk is at the lower levels of the organisation, i.e. where things get done (where a product is actually made, a service is rendered, etc.).
Define compliance risk?
Think: The risk of law and industry standards
Compliance risks are those risk that are associated with the need to comply with laws and regulations.
Define Financial or business risk?
Think: Risks due to money and finance
Financial or business risks are the risks that can affect a business in terms of its general financial viability. Financial risks are associated with the financial structure of an organisation, the transactions the organisation makes and the financial systems that may already be in place.
Define Programme or project risk?
Think: Risks relating to specific projects
Projects can often have a major impact on the direction of an organisation and ultimately its very success or failure managing this project risk is, therefore, an essential skill for any project manager or HSE professional.
Define Technological/data risk?
Think: Risks arising from IT and communication systems
This is risk associated with bringing new technology products to market or introducing new technology and IT systems into the organisational setting, both of which are high risk ventures.
Remember: IT-related risk is a speculative risk and, therefore, inherently high risk.
Define Strategic Risk?
Think: Risk at the highest levels of an organisation
Strategic risks that can affect the strategic direction and survival of an organisation.
Strategic risk also includes risks associated with poor business decisions, or the direction an organisation takes by management, as well as those risks arising from:
• Merger and acquisition activity
• Changes in customers or in customer demand
• Industry sector changes
• Research and development
• Financial imperatives
• New ‘vision’ for an organisation
Define Speculative risk?
Think: Risky undertakings and ventures
Speculative risks are prone to so many different variables that they cannot be quantified or controlled easily.
What are the two fundamental that risk management is based on?
- Risk Control
- Risk Financing
Define Risk Control?
Risk control: Primarily preventing losses from occurring by reducing the severity of losses from risks and/or reducing the frequency of losses occurring because of risks.
Define risk financing?
No organisation can fully prevent or eliminate all losses from risks that may be present in the organisation.
Define and explain SWOT analysis?
SWOT = Strengths, Weaknesses, Opportunities, Threats
A SWOT analysis is a strategic approach to planning whereby an organisation tries to ascertain its primary strengths and weaknesses, as well as the potential treats and opportunities for the organisation.
Define PESTE Analysis?
PESTE = Political, Economic, Social, Technological, Environmental
PESTEL = Add Legal
PEST = Discard Environmental
A PESTE/PESTEL/PEST analysis is a measurement tool used by an organisation to assess markets for a particular product or service provision at a given timeframe.
Define VUCA and explain?
VUCA is an acronym that is used to describe or reflect on the volatility, uncertainty, complexity and ambiguity that an organisation may face.
Define Mega-Risk?
As the word mega denotes, these are risks that are huge in scope and risk potential. The most important aspect of a mega-risk is that it will never only affect one organisation or industry
Define the term ‘black swan theory’?
Black swan event is a metaphor for an event that is both very surprising and has a huge impact.
Black swan can be explained as?
- High-profile, hard-to-predict and very rare events. They are considered beyond the realm of what should normally occur in history, science, finance or in the world generally.
- Almost impossible to predict since their probability is so remote/small
- Events that create what is referred to as a ‘psychological bias’ amongst people
What are the Risk Assessment Steps?
- Step 1 - Preparation
- Step 2 - Hazard identification
- Step 3 - Converting hazards to risks
- Step 4 - Ranking the risks
- Step 5 - Evaluating effectiveness of existing controls.
What is a Risk Assessment team?
A critical part in any qualitative risk assessment process is to ensure that the team conducting the assessment consists of a ‘vertical slice’ of persons from within the organisation being assessed.
The scope of the risk assessment determines the level of training required and the composition of the teams.
Risk Assessment Team’s need to do the following and what knowledge should they have?
Team members need to:
• Understand the methodology that will be used in the assessment process.
• Have the ability to identify workplace hazards and risks.
• Have the ability to distinguish between pure physical hazards and behavioural or procedural hazards.
• Understand the main hazards of the energy sources in the workplace.
The process often requires the knowledge and participation of a wide range of people. Once the team has been assembled, a short preconditioning session should be conducted
Team’s should be taken through the process and?
the following issues should be highlighted to sensitise each team member regarding the risk assessment process:
• A clear understanding of what their role in the process will be.
• A good understanding of how the risk assessment process should be undertaken.
• Adequacy of training or knowledge required to work appropriately within the team in a way that is commensurate with their own strengths and expertise.
• If a team is to assess a process or procedure that may require specialist knowledge it should, as matter of course, include an expert in that discipline.
The team facilitator should be?
- Be independent from the area evaluated to ensure an unbiased evaluation.
- Have a complete understanding of the methodology and evaluation strategy used.
- Be able to communicate with a diverse group of people.
- Be able to focus the team and its activities.
- Be impartial, ethical and honest.
- Have good organisational skills in order that the risk assessment process run smoothly.
What are the risk controls in order of most desirable to least?
- Eliminate the hazard
- Reduce or substitute the hazard
- Engineering controls
- Administrative controls
- PPE
Risk Rating to Follow?
Consequential = Likelihood 2 = E 3 = D 4 = C
Consequential
SAFETY: 2 = Burns, bruises, cuts and sprains
HEALTH: 2 = Lung (inhalation and irritants), TTS, Kidney (pain)
ENVIRONMENT: 2 = Ground and air pollution
What is a CBA?
Quantifying the benefit the company obtains for a given control against the cost of the benefit.
What are the three stages of a cost-benefit analysis?
- Identify and quantify all potential costs that will be incurred by implementing a proposed control.
- Identify and quantify all anticipated benefits associated with the proposed control.
- Finally, subtract all identified costs from the expected benefits to determine whether the positive benefits of the control outweigh the negative costs thereof.
How can risk be monitored?
- Risk models
- Risk analytics
- Web-enabled technologies
- Internal auditing
- Informal monitoring, such as inspections and planned job observations
Define and explain the internet of things (Iot)?
Smart devices, also known as the Internet of Things (IoT), are equipped with a variety of sensors, communication and computing capabilities that also serve as risk monitoring and enforcement points.
What are the benefits of Technology with regards to risk management?
- Smart devices that comprise the IoT have the potential to help organisations detect risk events.
- Crucial risk insights can be detected in real time.
- Risk management is made comprehensive and dynamic and can improve risk-related decision- making.
- Organisations can also potentially manage HSE-related risks due to contractors, suppliers or customers by analysing their behaviour through real-time data feeds.
Explain the ‘Cost-Of-Risk’?
a. Insurance costs:
• Direct insurance cost (cost of insurance premiums).
• Opportunity cost (rand value spent on insurance that could have been used elsewhere).
b. Un-reimbursed losses (self-insured, retained). These include the following costs:
• Insurance excess payments.
• Inadequate sums insured.
• Losses from risks that cannot be insured.
• Uninsured (intentionally or unintentionally).
c. Risk control and loss prevention expenses (including but not restricted to):
• Depreciation on major capital cost to reduce risk, e.g. installing a sprinkler system.
• Cost of time consumed in risk assessments (internal and external, e.g. consultants):
- Risk control operational expenses.
- Risk control training.
- Management time.
d. Administrative costs (including but not restricted to):
• Clerical cost in handling insurance matters.
• Cost of reporting and investigating incidents.
• Cost of the in-house risk department.
What is Pre-Loss Financing Mechanisms?
- Risk retention
- Commercial insurance
- Captive insurance companies
- State risk financing
- Capital market instruments
- Catastrophe bonds
- Post-Loss Financing
