Unit 1 Flashcards

1
Q

IRM definition of risk

A

Uncertainties that matter. The term risk is used to denote the effect of uncertainty of objectives, considering both threats and opportunities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

ISO 31000 definition of RM

A

Coordinated activities to direct and control an organisation in regards to risk.
Effective risk management allows organisations to identify, understand and manage risks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

IRM definition of ERM

A

To support ALL organisational activities, RM has evolved into ERM. This recognises that risks are all interrelated and that the culture, capabilities and practices within an organisation are just as important to add value as the processes, policies and procedures.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

4 steps of risk based decision making

A

Define context and objectives
Assess the risks
Manage the risks
Monitor, review and report

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

PRAM

A

Project risk analysis and management

Approach and guidance to dealing with project risk. Project risk management is a RM specialism
Common themes of projects are uniqueness, time constraints, reliance on third parties, complex etc. These bring a range of uncertainty

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

ISO 31000 (2018) risk management standard

A

Risk management is based on the principles (what good risk management looks like), framework (what is needed to implement effective rm) and the processes (what the steps are in rM)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

COSO (2004) risk management standard

A

It was first written to combat fraudulent.

It is a cube made up of:
Top face = 4 categories of organisational objectives (STOC)
Front face = 8 steps of the RM process
Side face = 4 categories of the implementation process

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

COSO (2017) risk management standard

A

ERM rainbow double helix.
Created to provider greater insight into the link between strategy, risk and performance

It considers how to enhance performance in line with an orgs strategy and how to manage risks in a way aligned to the strategy.

Comprised of 20 principle

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Risks can be considered as having long, medium or short term impacts

A

This is a way of analysing the risk exposure of an organisation.

Long = strategy. Impact over years after the event occurs or the decision is taken.
Medium = tactics. They have their impact some time after the event occurs, will be about a year later. Associated with projects.
Short = operation. They have their impact immediately after the event occurs, and cause immediate disruption to normal efficient operations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

COBIT

A

Standard applicable to IT risk management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

How does the US RM association (RIMS) define ERM

A

A strategic business discipline that supports the achievement of an orgs objectives by addressing the full spectrum of its risks and managing the combined impact of those risks as an interrelated risk portfolio.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Maturity levels of RM (4)

A

Inform = unaware of obligations
Reform = awareness of non compliance
Conform = actions to ensure compliance
Perform = achieve business opportunities
Deform = inactivity caused by obsession

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

5 objectives of RM

A

MADE2:
M = mandatory
A = assurance
D = decision making
E = effective
E= and efficient core process

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What does compliance management provide

A

Risk governance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What does hazard management do?

A

Makes outcomes less negative

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What does control management reduce

A

The range of possible outcomes

17
Q

What does opportunity management do

A

Maximise the benefits of possible outcomes

18
Q

ISO 31000 definition of risk

A

Effect of uncertainty on objectives

19
Q

Hillson (2016) defines risk as

A

Uncertainties that matter

20
Q

ISO 31000 (2018) notes that an effect is

A

A deviation from the expected. It can be positive or negative or both, and can address, create or result in opportunities and threats

21
Q

IRM (2002) RM Standard considers risk as

A

A combo of the probability of an event and its consequences. Consequences can range from pos to neg

22
Q

IRM considers risk as

A

Uncertainties that matter

23
Q

IS0 31000 definition of rM

A

Coordinated activities to direct and control an org with regard to risk

24
Q

Risk exposure

A

The total assessment that ERM enables orgs to do. ERM stresses the need to consider the interdependency between risks

25
Q

The definitions of risks include three concepts

A

Something that is uncertain, can be both positive and negative, something that will impact what we are trying to achieve

26
Q

What year were rm frameworks developed since

A

1995

27
Q

2004 - 2018 is a period when what occurred in relation to rm

A

International standards and frameworks developed

28
Q

GRC approach

A

Governance, risk and compliance. The EY Board Priorities 2022 report suggests that a way to achieve objectives, while addressing uncertainty, requires these three things, where there should be an integrated appraoch to compliance, risk management, internal controls, and internal audit

29
Q

RM specialism = finance

A

Heavily regulated and key focus on management risks that can have a financial impact

Sarbanes o ley law mandates certain practices in financial record keeping and reporting for corporation

30
Q

Banking sector regulator

A

International Basel accord

31
Q

Insurance sector regulator

A

European Union Solvency 2

32
Q

What year was the health and safety act created

A

1974

33
Q

What is a risk standard

A

A published guide for managing risk, compromising of a risk framework and a risk process

34
Q

Coso (2017) update to the cube

A
  • update to reflect changing complexity of risks and the evolving business enviornment
  • it emphasises that orgs that integrate eRM throughout the entity can realise many more benefits
  • Update provides insight into the links between strategy, risk and performance, and highlights the inter connectedness of risks and the effect that risk culture has on the implemention of rm
35
Q

Three distinct approaches followed in standards

A
  • risk management approach = iso
  • internal control = COSO and FRC
  • risk aware culture = COCO