ST5 Flashcards
Briefly explain ISO 31000: 2009 (Risk management standard)?
Using ISO 31000 can help organizations increase the likelihood of achieving objectives, improve the identification of opportunities and threats and effectively allocate and use resources for risk treatment.
What are the categories of risk?
- Operational risk
Think: Risks at the shop floor level - Compliance risk
Think: The risk of law and industry standards - Financial or business risk
Think: Risks due to money and finance - Programme or project risk
Think: Risks relating to specific projects - Technological/data risk
Think: Risks arising from IT and communication systems
-Strategic risk
Think: Risk at the highest levels of an organisation
-Speculative risk
Think: Risky undertakings and ventures
Define Operational risk?
Think: Risks at the shop floor level
Operational risk is at the lower levels of the organisation, i.e. where things get done (where a product is actually made, a service is rendered, etc.).
Define compliance risk?
Think: The risk of law and industry standards
Compliance risks are those risk that are associated with the need to comply with laws and regulations.
Define Financial or business risk?
Think: Risks due to money and finance
Financial or business risks are the risks that can affect a business in terms of its general financial viability. Financial risks are associated with the financial structure of an organisation, the transactions the organisation makes and the financial systems that may already be in place.
Define Programme or project risk?
Think: Risks relating to specific projects
Projects can often have a major impact on the direction of an organisation and ultimately its very success or failure managing this project risk is, therefore, an essential skill for any project manager or HSE professional.
Define Technological/data risk?
Think: Risks arising from IT and communication systems
This is risk associated with bringing new technology products to market or introducing new technology and IT systems into the organisational setting, both of which are high risk ventures.
Remember: IT-related risk is a speculative risk and, therefore, inherently high risk.
Define Strategic Risk?
Think: Risk at the highest levels of an organisation
Strategic risks that can affect the strategic direction and survival of an organisation.
Strategic risk also includes risks associated with poor business decisions, or the direction an organisation takes by management, as well as those risks arising from:
• Merger and acquisition activity
• Changes in customers or in customer demand
• Industry sector changes
• Research and development
• Financial imperatives
• New ‘vision’ for an organisation
Define Speculative risk?
Think: Risky undertakings and ventures
Speculative risks are prone to so many different variables that they cannot be quantified or controlled easily.
What are the two fundamental that risk management is based on?
- Risk Control
- Risk Financing
Define Risk Control?
Risk control: Primarily preventing losses from occurring by reducing the severity of losses from risks and/or reducing the frequency of losses occurring because of risks.
Define risk financing?
No organisation can fully prevent or eliminate all losses from risks that may be present in the organisation.
Define and explain SWOT analysis?
SWOT = Strengths, Weaknesses, Opportunities, Threats
A SWOT analysis is a strategic approach to planning whereby an organisation tries to ascertain its primary strengths and weaknesses, as well as the potential treats and opportunities for the organisation.
Define PESTE Analysis?
PESTE = Political, Economic, Social, Technological, Environmental
PESTEL = Add Legal
PEST = Discard Environmental
A PESTE/PESTEL/PEST analysis is a measurement tool used by an organisation to assess markets for a particular product or service provision at a given timeframe.
Define VUCA and explain?
VUCA is an acronym that is used to describe or reflect on the volatility, uncertainty, complexity and ambiguity that an organisation may face.
Define Mega-Risk?
As the word mega denotes, these are risks that are huge in scope and risk potential. The most important aspect of a mega-risk is that it will never only affect one organisation or industry
Define the term ‘black swan theory’?
Black swan event is a metaphor for an event that is both very surprising and has a huge impact.
Black swan can be explained as?
- High-profile, hard-to-predict and very rare events. They are considered beyond the realm of what should normally occur in history, science, finance or in the world generally.
- Almost impossible to predict since their probability is so remote/small
- Events that create what is referred to as a ‘psychological bias’ amongst people
What are the Risk Assessment Steps?
- Step 1 - Preparation
- Step 2 - Hazard identification
- Step 3 - Converting hazards to risks
- Step 4 - Ranking the risks
- Step 5 - Evaluating effectiveness of existing controls.
What is a Risk Assessment team?
A critical part in any qualitative risk assessment process is to ensure that the team conducting the assessment consists of a ‘vertical slice’ of persons from within the organisation being assessed.
The scope of the risk assessment determines the level of training required and the composition of the teams.
Risk Assessment Team’s need to do the following and what knowledge should they have?
Team members need to:
• Understand the methodology that will be used in the assessment process.
• Have the ability to identify workplace hazards and risks.
• Have the ability to distinguish between pure physical hazards and behavioural or procedural hazards.
• Understand the main hazards of the energy sources in the workplace.
The process often requires the knowledge and participation of a wide range of people. Once the team has been assembled, a short preconditioning session should be conducted
Team’s should be taken through the process and?
the following issues should be highlighted to sensitise each team member regarding the risk assessment process:
• A clear understanding of what their role in the process will be.
• A good understanding of how the risk assessment process should be undertaken.
• Adequacy of training or knowledge required to work appropriately within the team in a way that is commensurate with their own strengths and expertise.
• If a team is to assess a process or procedure that may require specialist knowledge it should, as matter of course, include an expert in that discipline.
The team facilitator should be?
- Be independent from the area evaluated to ensure an unbiased evaluation.
- Have a complete understanding of the methodology and evaluation strategy used.
- Be able to communicate with a diverse group of people.
- Be able to focus the team and its activities.
- Be impartial, ethical and honest.
- Have good organisational skills in order that the risk assessment process run smoothly.
What are the risk controls in order of most desirable to least?
- Eliminate the hazard
- Reduce or substitute the hazard
- Engineering controls
- Administrative controls
- PPE