ST5

Question 1

Briefly explain ISO 31000: 2009 (Risk management standard)?

Answer 1

Using ISO 31000 can help organizations increase the likelihood of achieving objectives, improve the identification of opportunities and threats and effectively allocate and use resources for risk treatment.

Question 2

What are the categories of risk?

Answer 2

• Operational risk
  Think: Risks at the shop floor level
• Compliance risk
  Think: The risk of law and industry standards
• Financial or business risk
  Think: Risks due to money and finance
• Programme or project risk
  Think: Risks relating to specific projects
• Technological/data risk
  Think: Risks arising from IT and communication systems
  -Strategic risk
  Think: Risk at the highest levels of an organisation
  -Speculative risk
  Think: Risky undertakings and ventures

Question 3

Define Operational risk?

Answer 3

Think: Risks at the shop floor level
Operational risk is at the lower levels of the organisation, i.e. where things get done (where a product is actually made, a service is rendered, etc.).

Question 4

Define compliance risk?

Answer 4

Think: The risk of law and industry standards

Compliance risks are those risk that are associated with the need to comply with laws and regulations.

Question 5

Define Financial or business risk?

Answer 5

Think: Risks due to money and finance
Financial or business risks are the risks that can affect a business in terms of its general financial viability. Financial risks are associated with the financial structure of an organisation, the transactions the organisation makes and the financial systems that may already be in place.

Question 6

Define Programme or project risk?

Answer 6

Think: Risks relating to specific projects
Projects can often have a major impact on the direction of an organisation and ultimately its very success or failure managing this project risk is, therefore, an essential skill for any project manager or HSE professional.

Question 7

Define Technological/data risk?

Answer 7

Think: Risks arising from IT and communication systems
This is risk associated with bringing new technology products to market or introducing new technology and IT systems into the organisational setting, both of which are high risk ventures.
Remember: IT-related risk is a speculative risk and, therefore, inherently high risk.

Question 8

Define Strategic Risk?

Answer 8

Think: Risk at the highest levels of an organisation
Strategic risks that can affect the strategic direction and survival of an organisation.
Strategic risk also includes risks associated with poor business decisions, or the direction an organisation takes by management, as well as those risks arising from:
• Merger and acquisition activity
• Changes in customers or in customer demand
• Industry sector changes
• Research and development
• Financial imperatives
• New ‘vision’ for an organisation

Question 9

Define Speculative risk?

Answer 9

Think: Risky undertakings and ventures

Speculative risks are prone to so many different variables that they cannot be quantified or controlled easily.

Question 10

What are the two fundamental that risk management is based on?

Answer 10

• Risk Control

- Risk Financing

Question 11

Define Risk Control?

Answer 11

Risk control: Primarily preventing losses from occurring by reducing the severity of losses from risks and/or reducing the frequency of losses occurring because of risks.

Question 12

Define risk financing?

Answer 12

No organisation can fully prevent or eliminate all losses from risks that may be present in the organisation.

Question 13

Define and explain SWOT analysis?

Answer 13

SWOT = Strengths, Weaknesses, Opportunities, Threats
A SWOT analysis is a strategic approach to planning whereby an organisation tries to ascertain its primary strengths and weaknesses, as well as the potential treats and opportunities for the organisation.

Question 14

Define PESTE Analysis?

Answer 14

PESTE = Political, Economic, Social, Technological, Environmental
PESTEL = Add Legal
PEST = Discard Environmental
A PESTE/PESTEL/PEST analysis is a measurement tool used by an organisation to assess markets for a particular product or service provision at a given timeframe.

Question 15

Define VUCA and explain?

Answer 15

VUCA is an acronym that is used to describe or reflect on the volatility, uncertainty, complexity and ambiguity that an organisation may face.

Question 16

Define Mega-Risk?

Answer 16

As the word mega denotes, these are risks that are huge in scope and risk potential. The most important aspect of a mega-risk is that it will never only affect one organisation or industry

Question 17

Define the term ‘black swan theory’?

Answer 17

Black swan event is a metaphor for an event that is both very surprising and has a huge impact.

Question 18

Black swan can be explained as?

Answer 18

• High-profile, hard-to-predict and very rare events. They are considered beyond the realm of what should normally occur in history, science, finance or in the world generally.
• Almost impossible to predict since their probability is so remote/small
• Events that create what is referred to as a ‘psychological bias’ amongst people

Question 19

What are the Risk Assessment Steps?

Answer 19

• Step 1 - Preparation
• Step 2 - Hazard identification
• Step 3 - Converting hazards to risks
• Step 4 - Ranking the risks
• Step 5 - Evaluating effectiveness of existing controls.

Question 20

What is a Risk Assessment team?

Answer 20

A critical part in any qualitative risk assessment process is to ensure that the team conducting the assessment consists of a ‘vertical slice’ of persons from within the organisation being assessed.
The scope of the risk assessment determines the level of training required and the composition of the teams.

Question 21

Risk Assessment Team’s need to do the following and what knowledge should they have?

Answer 21

Team members need to:
• Understand the methodology that will be used in the assessment process.
• Have the ability to identify workplace hazards and risks.
• Have the ability to distinguish between pure physical hazards and behavioural or procedural hazards.
• Understand the main hazards of the energy sources in the workplace.
The process often requires the knowledge and participation of a wide range of people. Once the team has been assembled, a short preconditioning session should be conducted

Question 22

Team’s should be taken through the process and?

Answer 22

the following issues should be highlighted to sensitise each team member regarding the risk assessment process:
• A clear understanding of what their role in the process will be.
• A good understanding of how the risk assessment process should be undertaken.
• Adequacy of training or knowledge required to work appropriately within the team in a way that is commensurate with their own strengths and expertise.
• If a team is to assess a process or procedure that may require specialist knowledge it should, as matter of course, include an expert in that discipline.

Question 23

The team facilitator should be?

Answer 23

• Be independent from the area evaluated to ensure an unbiased evaluation.
• Have a complete understanding of the methodology and evaluation strategy used.
• Be able to communicate with a diverse group of people.
• Be able to focus the team and its activities.
• Be impartial, ethical and honest.
• Have good organisational skills in order that the risk assessment process run smoothly.

Question 24

What are the risk controls in order of most desirable to least?

Answer 24

1. Eliminate the hazard
2. Reduce or substitute the hazard
3. Engineering controls
4. Administrative controls
5. PPE

Question 25

Risk Rating to Follow?

Answer 25

Consequential = Likelihood
2 = E
3 = D
4 = C

Consequential
SAFETY: 2 = Burns, bruises, cuts and sprains
HEALTH: 2 = Lung (inhalation and irritants), TTS, Kidney (pain)
ENVIRONMENT: 2 = Ground and air pollution

Question 26

What is a CBA?

Answer 26

Quantifying the benefit the company obtains for a given control against the cost of the benefit.

Question 27

What are the three stages of a cost-benefit analysis?

Answer 27

1. Identify and quantify all potential costs that will be incurred by implementing a proposed control.
2. Identify and quantify all anticipated benefits associated with the proposed control.
3. Finally, subtract all identified costs from the expected benefits to determine whether the positive benefits of the control outweigh the negative costs thereof.

Question 28

How can risk be monitored?

Answer 28

• Risk models
• Risk analytics
• Web-enabled technologies
• Internal auditing
• Informal monitoring, such as inspections and planned job observations

Question 29

Define and explain the internet of things (Iot)?

Answer 29

Smart devices, also known as the Internet of Things (IoT), are equipped with a variety of sensors, communication and computing capabilities that also serve as risk monitoring and enforcement points.

Question 30

What are the benefits of Technology with regards to risk management?

Answer 30

• Smart devices that comprise the IoT have the potential to help organisations detect risk events.
• Crucial risk insights can be detected in real time.
• Risk management is made comprehensive and dynamic and can improve risk-related decision- making.
• Organisations can also potentially manage HSE-related risks due to contractors, suppliers or customers by analysing their behaviour through real-time data feeds.

Question 31

Explain the ‘Cost-Of-Risk’?

Answer 31

a. Insurance costs:
• Direct insurance cost (cost of insurance premiums).
• Opportunity cost (rand value spent on insurance that could have been used elsewhere).
b. Un-reimbursed losses (self-insured, retained). These include the following costs:
• Insurance excess payments.
• Inadequate sums insured.
• Losses from risks that cannot be insured.
• Uninsured (intentionally or unintentionally).
c. Risk control and loss prevention expenses (including but not restricted to):
• Depreciation on major capital cost to reduce risk, e.g. installing a sprinkler system.
• Cost of time consumed in risk assessments (internal and external, e.g. consultants):
- Risk control operational expenses.
- Risk control training.
- Management time.
d. Administrative costs (including but not restricted to):
• Clerical cost in handling insurance matters.
• Cost of reporting and investigating incidents.
• Cost of the in-house risk department.

Question 32

What is Pre-Loss Financing Mechanisms?

Answer 32

• Risk retention
• Commercial insurance
• Captive insurance companies
• State risk financing
• Capital market instruments
• Catastrophe bonds
• Post-Loss Financing