The purpose and process of risk management

Question 1

Define Risk Management

Answer 1

The identification, analysis and control of the risks that threaten the operations, assets and other responsibilities of an organisation.

Question 2

Do risks arise as much from the possibility that opportunities will not be realised as it does from the possibility that threat will materialise or that mistake will be made?

Answer 2

Yes

Question 3

The potential benefits of Risk Management are…

Answer 3

• Compliance with legislation and regulation
• improved corporate governance (top management control)
• understanding operational risk
• understanding risks associated with opportunities
• improvements in both internal and external risk reports
• avoidance of disasters
• reduction in frequency of incidents
• reduced costs of incidents

Question 4

What should risk management activities include?

Answer 4

Measurement of benefits in financial terms (if possible) to justify the use of resources and budgets.

Question 5

Why do published plans only indicate some of the risks assessed?

Answer 5

Does not want to highlight its perceived weakness

Question 6

Do modern business tend to be leaner than traditional counterparts?

Answer 6

Yes

Question 7

What are risks?

Answer 7

Anything with the potential to threaten the operations, assets and other responsibilities of an organisation.

Question 8

What act made it unlawful to employ anyone not legally entitled to work in the UK?

Answer 8

Immigration Act 2016

Question 9

Are an organisation and their suppliers independent?

Answer 9

No, interdependent

Question 10

What needs to be done to protect against damage or loss?

Answer 10

• Safety of people
• Safety of assets
• Revenue and cash flow
• Legal obligations
• Delivery of promised goods and services

Question 11

What are the 6 categories to divide global and political risks?

Answer 11

• Global economic risks
• Global environmental risks
• Global social risks
• Global technology risks
• Geopolitical risks
• Political risks

Question 12

What is global economic risk?

Answer 12

Financial issues that affect particular market sectors or global trading environments

Question 13

What are global social risks?

Answer 13

Arise from ease with which people and ideas move

Question 14

What are technology and cyber risks?

Answer 14

• Data concentration
• Human intervention
• Cyber Crime

Question 15

What is one class of emerging risk deserving special mention?

Answer 15

Terrorist risk

Question 16

What is the risk management process?

Answer 16

1. Establish Context
2. Identify Risks
3. Analyse risks
4. Evaluate Risks
5. Treat Risks

Question 17

What are the ongoing activities which are at all stages of the risk management process?

Answer 17

• Monitor and review

- Communicate

Question 18

What does a clear organisation-wide risk management philosophy allow for?

Answer 18

Individual risk work to be done within a framework of long-term objectives and provides an effective benchmark for local decisions and activity.

Question 19

What specifies the roles and responsibilities of key people involved in the communication and risk reporting structure?

Answer 19

Risk Architecture of an organisation

Question 20

Who is best able to identify and understand what threats risks carry?

Answer 20

Function managers

Question 21

What is relevant in analysing risks?

Answer 21

Frequency and severity

Question 22

Where is the risk management philosophy embedded?

Answer 22

In the risk policy statement

Question 23

What does evaluating risks entail?

Answer 23

Deciding what risk levels are acceptable based on risk appetite and risk tolerance.

Question 24

Who sets risk appetite and tolerance in an organisation

Answer 24

Senior management

Question 25

How can an organisation control risk?

Answer 25

• retain
• reduce
• transfer

Question 26

What physical and non-physical controls are an example of…

Answer 26

risk reduction

Question 27

What is continuity planning?

Answer 27

(Business Cont. management; contingency planning; disaster recovery)

Process where an organisation will anticipate an incident and prepares a plan to manage the consequences so the incident does not threaten the survival of the organisation

Question 28

What do continuity plans set out?

Answer 28

Procedures to collect costs and other data for insurance recover claim

Question 29

How may organisation adopt form of quality control?

Answer 29

• Internal audits
• reporting to board regularly
• Owner/manager may assess quality of work personally e

Question 30

What is a suitable benchmark against risk control systems can be measured?

Answer 30

ISO 31000

Question 31

An organisation’s structure for reporting and monitoring risks is called its risk:

Answer 31

architecture.

Question 32

The failure to continue service delivery is most likely to become business critical within minutes for:

Answer 32

an on-line travel company whose website goes down.

Question 33

A large international organisation has a written policy that states that no more than two board members can travel together by plane. What method of risk treatment are they using?

Answer 33

Non-physical risk control.

Question 34

When risks are outsourced, what risk questions must be asked?

Answer 34

Whether risks inherent in the outsourced orgnaisation have been transferred or retained

Question 35

What choices are available to control unacceptable risks?

Answer 35

Retain, reduce, transfer