Tools and Techniques 2: Assessment and measurement of risk

Question 1

What are the problems with aggregating risks across an organisation?

Answer 1

• Wide variety of risks involved
• Combining qualitative with quantitative
• different risk appetite thresholds at different levels of organisation
• risks not confined to individual hierarchies
• relationships between risks
• Continually changing business external and internal environment.

Question 2

How do you overcome difficulty in aggregating risks?

Answer 2

Select more important risks and assign scores to them.

Question 3

When do you multiply probabilities?

Answer 3

When the risks are independent

Question 4

When do you add probabilities?

Answer 4

When the risks have a common exposure

Question 5

When is there a correlation between two items?

Answer 5

When the value of one is directly related to the change in value of another

Question 6

What must assessments take into consideration?

Answer 6

Likely future changes and whether they are within the organisation and it’s environment

Question 7

What is the objective of a risk assessment?

Answer 7

To assess all identified risks in a consistent way and describe them in a common format

Question 8

What is the objective of ERM?

Answer 8

To identify, analyse and control all the risks associated with an enterprise.

Question 9

What is risk categorisation?

Answer 9

Put risks into categories and then look within the category to determine which risks are important and which can be ignored.

Question 10

Why are risk categorisation systems important?

Answer 10

Enable an organisation to identify accumulations of similar risks and apply common risk control strategies

Question 11

What will a good categorisation system allow for?

Answer 11

Risk to be looked at in various ways.

Question 12

True of false - It is worth spending time experimenting with different categorisations systems before making a final decision?

Answer 12

True

Question 13

What is one crucial distinction in classification of risks?

Answer 13

Timescale of risk

Question 14

Map the risks to the impact in the business

Answer 14

Long term impact of risk - linked to strategic objectives

Medium term impact of risk - projects; processes; change programmes (acquisitions)

Immediate impact - disrupt current operations

Question 15

Is there an international recognised risk categorisation standard?

Answer 15

No

Question 16

What is frictional risk?

Answer 16

Effect of changes in legal, accounting, regulatory or credit agency requirements.

Question 17

What is aggregation and diversification risk?

Answer 17

Risk of insurance claims not falling into planned distribution patterns.

Question 18

What is COSO reporting?

Answer 18

US legal requirements to report accurate financial data

Question 19

What is the FIRM classification?

Answer 19

Uses infrastructure to include core processes, marketplace to reflect business plans and opportunities.

Question 20

This classification breaks down the external environment in which an organisation operates.

Answer 20

PESTLE

Question 21

What does PESTLE stand for?

Answer 21

Politics, Economics, Social, technological, legal and environment.

Question 22

Specification, timescale and budget are all things which can threaten…

Answer 22

a project and hence are project risks

Question 23

Why is it important to carefully select risk categories?

Answer 23

Compilation of annual reports become easier
Information presented in a comprehensible way
Questions can be more readily answered

Question 24

Define maximum possible loss

Answer 24

It is impossible for the loss to exceed the stated value

Question 25

Define maximum probable loss

Answer 25

only probable that the loss will not exceed the stated amount

Question 26

When we assess risks we should…

Answer 26

involve business managers as they know the business best

Question 27

How can different risks be compared?

Answer 27

By reducing their prime characteristics to a simplifies numerical classification

Question 28

The process of comparing different risks and presenting them in an order of priority is called…

Answer 28

Risk ranking

Question 29

Are people who rank risk in a position to make subsequent decisions?

Answer 29

No

Question 30

The extent to which an organisation will tolerate risk is known as its…

Answer 30

Risk appetite

Question 31

How can risk controls be divided?

Answer 31

Preventive
Corrective
Directive
Detective

Question 32

Define preventive risk controls?

Answer 32

Measurers to stop a risk happening or an unwanted outcome arising

Question 33

Define corrective risk controls?

Answer 33

Measures to limit scope for loss and reduce undesirable outcomes

Question 34

Define directive risk controls

Answer 34

To ensure particular aim is realised

Question 35

Define detective risk controls

Answer 35

After the event, measures to identify when an incident has happened

Question 36

What are most controls implemented in organisations?

Answer 36

Preventative

Question 37

What are examples of preventative controls?

Answer 37

Separation of duties

Limit actions to specific personnel

Question 38

Insurance is a form of…

Answer 38

Corrective control

Question 39

Audits, inspections and similar quality controls are…

Answer 39

detective controls

Question 40

Reconciliation is a…

Answer 40

detective control

Question 41

How can cost effectiveness of risk controls be estimated?

Answer 41

By comparing impact of an uncontrolled risk with impact of the same risk but controlled

Question 42

Risk register…

Answer 42

a way to store data. Aim to build a complete picture or risk profile

Question 43

What dual role can a risk register fulfil?

Answer 43

Facilitating a pratical management of risk and helping instil RM culture

Question 44

If all claims payments must be authorised by the claims manager before being paid, this is an example of what type of risk control?

Answer 44

Preventive.

Question 45

As part of a risk assessment process, an engineering firm has identified the risks faced by the organisation. When categorising these risks, typically the most suitable method is by:

Answer 45

Events.

Question 46

Why are risk categorisation systems important?

Answer 46

Allow organisations to consider where similar risks may lie and clarify potential for applying generic controls

Question 47

What information does a risk register contain?

Answer 47

information which an organisation needs to manage risks

Question 48

Why are financial risk models commonly used for stress testing?

Answer 48

Explore the effect of variations in individual parameters

Question 49

What is the objective of producing risk reports?

Answer 49

Provide accurate and concise information in a format the recipient can understand

Question 50

Can we add up individual loss estimates to estimate total potential losses?

Answer 50

no - aggregate lossess need to be considered