SU4 - The ERM Process - Stage 5 - Risk Treatment

Question 1

What is the purpose of the Risk Treatment Stage.

Answer 1

It will help a business to design a specific action plan and produce strategic responses to address the risks and opportunities identified in the business to secure business objectives.

Question 2

What are the Process Mechanisms used in the Risk Treatment Stage?

Answer 2

1. Resolution strategy - predefined plan designed to respond to a particular reoccurring risk
2. Risk response flow chart - illustrates the decision options that are made to arrive at the desired risk response category

Question 3

The Process Activities for the Risk Treatment stage assist in transforming the prioritised list of risks into a concrete action plan. Name these these 11 activities.

Answer 3

1. Conducting Risk research
2. Developing appropriate alternative responses
3. Develop Risk response for each risk.
4. Assessing the cost of the response against the risk impact
5. Identify the Risk Owner
6. Identify the Risk Manager
7. Identify the Risk actionee
8. Decide when the responses need to be implemented.
9. Consider the importance of secondary risk arising from the planned risk response.
10. Establish early warning indicators.
11. Define the Business Risk Appetite

Question 4

Explain the meaning of risk appetite.

Answer 4

It can be defined as the amount of risk a business is prepared to tolerate.

AKA Risk Attitude, tolerance, preference or capacity.

It is important for senior managers to know in what risk appetite environment it needs to conducts its business. Thus, what is the culture of the business.

Question 5

Provide 4 risk response strategies that can be used in the risk treatment stage.

Answer 5

1. Risk Reduction (mitigation)
2. Risk Removal (avoidance)
3. Risk Reassignment (transfer)
4. Risk Retention (acceptance)

Question 6

Explain Risk Reduction (mitigation)

Answer 6

It can also be seen as risk diversification. There are two approaches to reduce risk:

1. reduce the likelihood of risk occurring
2. limiting the loss should the risk occur

Question 7

When consider risk removal (avoidance), 3 tests needs to be applied. Name and explain them.

Answer 7

1. Opportunity - will a significant opportunity be lost?
2. Business objectives - when the risk is removed, will business objectives still be satisfied?
3. Costs - does the cost of the removal outweigh the impact should it materialise.

Question 8

Explain risk reassignment (transfer).

Answer 8

It means that the risk is being transferred to another business. Thus, it does not remove the risk, just the severity of the impact of the risk. It is commonly done through insurance.

Question 9

There are 4 tests that need to be considered when transferring risk. Name them.

Answer 9

1. Consider the objectives of the parties.
2. Their ability to manage the risk
3. The context of the risk.
4. The cost effectiveness of the transfer.

Question 10

Explain Risk Retention (acceptance).

Answer 10

It might be that the other options are not available or that it might be more economical to rather except the risk. Should this be the case, 3 tests needs to be considered:

1. Is there no other options available.
2. Timing
3. The ability to absorb the risk.