Unit 12: Risk Management Flashcards
What is the goal of risk management?
The goal of risk management is to create, protect, and enhance shareholder value by managing the uncertainties that could either negatively or positively influence achievement of the organization’s objectives.
Define operational risk.
Operational risk is the risk of loss from inadequate or failed internal processes, people, and systems. These risks are related to the enterprise’s ongoing, everyday operations.
Define risk appetite within an organization.
Risk appetite is the degree of willingness of upper management to accept risk.
What is the difference between risk avoidance and risk retention
Risk avoidance ends the activity from which the risk arises. Risk retention is the organization’s acceptance of the risk of an activity.
What is the difference between residual and inherent risk?
Residual risk is the risk of an activity remaining after the effects of any risk responses. Inherent risk is the risk of an activity that arises from the activity itself.
Define hedging
Hedging is the process of using offsetting commitments to minimize or avoid the impact of adverse price movements
What are the five key steps in the risk management process?
Step 1 – Identify risks
Step 2 – Assess risks
Step 3 – Prioritize risks
Step 4 – Formulate risk responses
Step 5 – Monitor risk responses
Define risk exploitation.
Risk exploitation is the deliberate courting of risk in order to pursue a high return on investment.
What are hazard risks?
Hazard risks are insurable risks. Examples include natural disasters, the incapacity or death of senior officers, sabotage, impairment of physical assets, and terrorism.
What are strategic risks?
Strategic risks include global economic risk, political risk (governments will change rules), regulatory risk, and risks related to global market conditions. Also included are reputation risk, leadership risk, brand risk, and changing customer needs.
What are strategies for risk response?
Risk avoidance ends the activity from which the risk arises. For instance, the risk of having a pipeline sabotaged in an unstable region can be avoided by simply selling the pipeline.
Risk retention is the organization’s acceptance of the risk of an activity. This term is synonymous with the phrase “self insurance.”
Risk reduction (mitigation) is the act of lowering the level of risk associated with an activity. For instance, the risk of systems penetration can be reduced by maintaining a robust information security function within the organization.
Risk sharing transfers some loss potential to another party. Common examples are the purchase of insurance policies, engaging in hedging operations, outsourcing an activity, and entering into joint ventures. It is synonymous with risk transfer.
Risk exploitation is the deliberate courting of risk in order to pursue a high return on investment.
Define enterprise risk management (ERM).
ERM is defined as the culture, capabilities, and practices, integrated with strategy-setting and performance, that organizations rely on to manage risk in creating, preserving, and realizing value.
What are the mission and vision of an organization?
Mission is the organization’s core purpose. Vision is the organization’s aspirations for what it intends to achieve over time.
What is the role of management in relation to enterprise risk management (ERM)?
Management has overall responsibility for ERM and is generally responsible for the day-to-day managing of risk, including the implementation and development of the COSO ERM framework.
What causes the limitations of enterprise risk management (ERM)?
Limitations of ERM result from the possibility of
Faulty human judgment
Cost-benefit considerations
Simple errors or mistakes
Collusion
Management override of ERM practices
