Tools and Techniques 2: Assessment and measurement of risk Flashcards
What are the problems with aggregating risks across an organisation?
- Wide variety of risks involved
- Combining qualitative with quantitative
- different risk appetite thresholds at different levels of organisation
- risks not confined to individual hierarchies
- relationships between risks
- Continually changing business external and internal environment.
How do you overcome difficulty in aggregating risks?
Select more important risks and assign scores to them.
When do you multiply probabilities?
When the risks are independent
When do you add probabilities?
When the risks have a common exposure
When is there a correlation between two items?
When the value of one is directly related to the change in value of another
What must assessments take into consideration?
Likely future changes and whether they are within the organisation and it’s environment
What is the objective of a risk assessment?
To assess all identified risks in a consistent way and describe them in a common format
What is the objective of ERM?
To identify, analyse and control all the risks associated with an enterprise.
What is risk categorisation?
Put risks into categories and then look within the category to determine which risks are important and which can be ignored.
Why are risk categorisation systems important?
Enable an organisation to identify accumulations of similar risks and apply common risk control strategies
What will a good categorisation system allow for?
Risk to be looked at in various ways.
True of false - It is worth spending time experimenting with different categorisations systems before making a final decision?
True
What is one crucial distinction in classification of risks?
Timescale of risk
Map the risks to the impact in the business
Long term impact of risk - linked to strategic objectives
Medium term impact of risk - projects; processes; change programmes (acquisitions)
Immediate impact - disrupt current operations
Is there an international recognised risk categorisation standard?
No
What is frictional risk?
Effect of changes in legal, accounting, regulatory or credit agency requirements.
What is aggregation and diversification risk?
Risk of insurance claims not falling into planned distribution patterns.
What is COSO reporting?
US legal requirements to report accurate financial data
What is the FIRM classification?
Uses infrastructure to include core processes, marketplace to reflect business plans and opportunities.
This classification breaks down the external environment in which an organisation operates.
PESTLE
What does PESTLE stand for?
Politics, Economics, Social, technological, legal and environment.
Specification, timescale and budget are all things which can threaten…
a project and hence are project risks
Why is it important to carefully select risk categories?
Compilation of annual reports become easier
Information presented in a comprehensible way
Questions can be more readily answered
Define maximum possible loss
It is impossible for the loss to exceed the stated value
Define maximum probable loss
only probable that the loss will not exceed the stated amount
When we assess risks we should…
involve business managers as they know the business best
How can different risks be compared?
By reducing their prime characteristics to a simplifies numerical classification
The process of comparing different risks and presenting them in an order of priority is called…
Risk ranking
Are people who rank risk in a position to make subsequent decisions?
No
The extent to which an organisation will tolerate risk is known as its…
Risk appetite
How can risk controls be divided?
Preventive
Corrective
Directive
Detective
Define preventive risk controls?
Measurers to stop a risk happening or an unwanted outcome arising
Define corrective risk controls?
Measures to limit scope for loss and reduce undesirable outcomes
Define directive risk controls
To ensure particular aim is realised
Define detective risk controls
After the event, measures to identify when an incident has happened
What are most controls implemented in organisations?
Preventative
What are examples of preventative controls?
Separation of duties
Limit actions to specific personnel
Insurance is a form of…
Corrective control
Audits, inspections and similar quality controls are…
detective controls
Reconciliation is a…
detective control
How can cost effectiveness of risk controls be estimated?
By comparing impact of an uncontrolled risk with impact of the same risk but controlled
Risk register…
a way to store data. Aim to build a complete picture or risk profile
What dual role can a risk register fulfil?
Facilitating a pratical management of risk and helping instil RM culture
If all claims payments must be authorised by the claims manager before being paid, this is an example of what type of risk control?
Preventive.
As part of a risk assessment process, an engineering firm has identified the risks faced by the organisation. When categorising these risks, typically the most suitable method is by:
Events.
Why are risk categorisation systems important?
Allow organisations to consider where similar risks may lie and clarify potential for applying generic controls
What information does a risk register contain?
information which an organisation needs to manage risks
Why are financial risk models commonly used for stress testing?
Explore the effect of variations in individual parameters
What is the objective of producing risk reports?
Provide accurate and concise information in a format the recipient can understand
Can we add up individual loss estimates to estimate total potential losses?
no - aggregate lossess need to be considered
