Unit 2 Flashcards

1
Q

Principles of a standard

A

They describe what good risk management looks like and are based on the purpose of ERM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Purpose of ERM

A

Creation and protection of value

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

How do principles contribute to an org fulfilling its purpose?

A

They apply practices designed to achieve the best possible outcome (ie. Reducing uncertainty)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

ISO 31000 8 principles of effective rM

A

1) Framework and processes shall be proportionate
2) Appropriate involvement of stakeholders is necessary
3) Comprehensive approach is required
4) RM is integral to all organisations
5) RM anticipates, acknowledges and responds to changes
6) RM considers limitations of available info
7) Human and cultural factors influence all RM
8) RM continuously improved by learning and experience

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Coso (2017) 5 components of ERM

A

1) Governance and culture (board risk oversight is exercised)
2) strategy and objective setting (risk appetite is defined)
3) performance (a portfolio view of risk is developed)
4) Review and revision (substantial change is assessed)
5) Info, communicating and reporting (info systems are leveraged)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Orange Book (2020) principles of ERM

A

Sets out the what and the why but not the how for the design, implementation and maintenance of ERM:
1) Governance and leadership
2) Integration
3) collaboration and best info
4) RM processes
5) continual improvement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

IRM 5 attributes of effective RM

A

PACED
P = Proportionate, rm has to be tailored to suit the org
A = Aligned, rm has to be aligned with the b/s in order to be integrated with other organisation activities
C = Comprehensive. Rm considers all risks and controls across the org and outside of it
E = Embedded into the b/s activities of the organisation. RM changes the culture, behaviours and attitudes of people thus the value of ERM is embedded in the org.
D = Dynamic, rm is active management that develops alongside changes in the internal and external contexts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the RM Framework

A

RASP

Architecture = this is the structure of the risk management process. This is composed of roles

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

RACI Chart

A

Used in project risk management to depict roles and responsibilities.

A risk responsibility matrix that lists stakeholders and their level of involvement: responsible, accountable, consulted, informed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Strategy component of the risk management framework

A

Strategy = components of the strategy include risk philosophy, risk appetite, benchmarks, assessment techniques, risk priorities and responsibilities terms of references, committee structure.

The strategy is about the tone from the top and describes what the purpose of risk management is for the organisation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Risk appetite

A

Governs whether or not a org responds to a risk

It is the acceptable level of risk, where no further action is required, except for monitoring. It is the level of risk the organisation is willing to take in pursuit of its long term objectives

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Risk tolerance

A

The level of risk that you can accept for a short time but are actively managing to bring back to an acceptable level

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Risk capacity

A

The level of risks that is unacceptable.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Protocols component of a RM framework

A

Organisations uses protocols to deliver the strategy and architecture

They are the ‘how’ of risk management delivery. They are the tangible practices used during the RM process (ie. Templates, techniques)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

RMIS

A

Risk management information system

A tool for storing information on risks and controls. Supports the implementation of RM.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

ISO 31000 (2018) RM Process: 8 steps

A

1) Communication and consultation
2) Scope, context and criteria
3) Risk assessment - identify
4) Risk assessment - analysis
5) Risk assessment - evaluate
6) Risk treatment
7) Monitoring and review
8) Recording and reporting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

COSO (2004) RM Process: 8 steps

Focus on controls

A

1) Internal environment
2) Objective setting
3) Event identification
4) Risk assessment
5) Risk response
6) Control activities
7) information and communication
8) monitoring

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

COSO (2017) RM Process

A

The process and RM framework are woven together

Governance and culture: understand context and objectives

Strategy and objectives: same step in the process as above

Performance: identify risk, assess severity, priorities, implement response, develop portfolio view

Review and revision: step in itself

Information, communication, reporting: steps in themselves

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

The Orange Book (2020) RM Process

A

Combination of framework, principles and process. Rm shall be:

Principle 1) an essential part of governance

Principle 2) an important part of all operational activities

Principle 3) informed by best info

Principle 4) have structured processes. In this principle is the process of rm, steps are; risk identification and assessment, risk treatment, risk monitoring, risk reporting

Principle 5) Continually improved

20
Q

IRM 4 Common Steps of a RM Process

A

1) Define context and objectives
2) Assess risks
3) Manage risks
4) Monitor, review and report

21
Q

Definition of operational risk

A

Type of risk that will disrupt normal everyday activities adn this is inbuilt into the activities, processes and controls that deliver the main activities of an org

22
Q

What do the BASEL 3 and Solvency 3 regulatory frameworks require of banks

A

THey are required to have sufficient capital reserves available to meet the actual and potential financial losses and obligations faced by the Organization in severe but plausible scenarios. Financial insitutions need to measure the level of operational risk that they face and could face under stressed conditions

23
Q

Basel 2 capital adequacy regulations

A

They require banks take thier operational risk exposure into account in determine their capital requirements. This operation RM framework should include identification, measurement and monitoring, reporting, control and mitigation frameworks for operational risk. This assessment of capital requirements is called economic capital

24
Q

BASEL 2 definition of operation risk identifies four types of risk categories

A

People, process, system and external events.
People = failure to comply with procedures and lack of segregation of duties
Process = process failures and inadequate controls
System = failure of applications systems to meet user requirements and the absence of built in control measures
External = action by regulators, unsatisfactory performance by service providers and external fraud.

25
Q

What are the BASEL 3 requirements

A

It provides a standardised approach to measuring operational risk for regulatory capital purposes, which is a function of a banks income (captured through a business indicator) and historical losses (captured through the internal loss multiplier).

26
Q

PRAM

A

Project risk analysis and managemen guide. There are five points in a project where particular benefit can be achieved from using the PRAM model:
Feasibility = the project is most flexible at this stage, enabling changes to be made that can reduce the risks at a low cost
Sanction = the client can view the risk exposure associated with the project and check that all steps to manage the risks are taken
Tendering = the contractor can ensure that all risks have been identified and that risk contingency limits set
Post - tender = the client can ensure that all risks have been identified by the contractor and assess the likelihood of programmes being achieved
During implementation = the likelihood of completing the poriejct to cost and timescale will increase if all risks are identified and correctly managed

27
Q

ISO 28000:2000 Specification for Security Management Systems for the Supply Chain defines the supply chain as

A

A supply chain is a set of interconnected processes and resources that starts with the sourcing of raw materials and ends with the delivery of products and services to end users. Supply chains may include producers, suppliers, manufacturers, distributors, wholesalers, vendors, and logistics providers. They include facilities, plants, offices, warehouses, and branches and can be both internal or external to an organization.

28
Q

Joint venture

A

A mechanism whereby an org can exploit benefits but with a lower risk exposure

29
Q

ALARP

A

As low as reasonably practical

One of the fundamental principles of RM for health and safety risks.

It refers to managing risk tot he point where the cost of additional controls would exceed the benefits

30
Q

Total risk exposure

A

Hazard risks will give rise to a hazard tolerance, control risks will give risk to a control acceptance and opportunity risks will give risk to an investment appetite.

Total risk exposure is the sum of the total risk that the org has taken .

Most orgs have no appetite for compliance risks

31
Q

4 overriding principles of Risk Appetite

A

Acknowledging Inter connectedness
Measurability
Variability
Maturity

32
Q

ISO Guide 73 definition of risk tolerance

A

the orgs or stakeholders readiness to bear the risk after risk treatment in order to achieve its objectives

33
Q

Neautralizing or hedging risks

A

Sometimes risks are only accepted as part of an arrangement whereby one risk is balanced against another

34
Q

BS 311000 definition of risk financing

A

Involves the cost of contingent arrangements for the provision of funds to meet the financial impact of a risk materialising. Normally provided by a insurer. Therefore, finance that is contingent upon cortina insured events taking place

35
Q

ISO 31000 cost of risk financing

A

This should include the provision of funds to meet the cost of risk treatment.

36
Q

What do the principles in the Orange book ensure

A

Compliance with the UK Corporate Governance Code

37
Q

Agency theory

A

Concept used to explain the relationship between principals and their agent.

Principal = relies on an agent to execute financial decisions and transaction that can result in fluctuating outcomes

Principal = shareholders, members trustees

Agent = execs, directors, board, CEO

38
Q

WHAT IS A good risk register

A

Collates risk and control knowledge
Tailored to the org
Updated regularly
Informs decision making
Enables teams, projects and orgs to prioritise and manage their risks

39
Q

What is a open systems model

A

Emphasised in iso 31000. Focus on sustaining an open systems model that regularly exchanges feedback with its external environment to fit multiple needs and contexts

40
Q

What makes up the rm context

A

Consideration of who will be reposnsible and identifies the resources that will be required to fulfill rm activities

Establishment of risk appetite or risk criteria.

Provide a means of establishing the overall total risk exposure

41
Q

What method can be used to validate the business model

A

FIRM and SWOT analysis

42
Q

What is the rm policy statement

A

Sets out the overall strategy of the org towards risk management.

BS 31100 states that it should include the objectives, mandate and commitment to manage risk (strategy) and the organisational arrangements that include plans, relaitonship, resources, processes (architecture), and that the framework should be embedded within the orgs overall strategic and operations policies and procedures (protocols)

43
Q

Risk management responsibilities should be allocated to what aspects of managing risk

A

Development of risk strategy and standards
Implementation of the agreed standards and procedures
Auditing compliance with the agreed standards

44
Q

Detailed rm protocols set out

A

Rm procedures
Risk control objectives
Risk resourcing arrangements
Reaction planning requirements
Risk assurance systems

45
Q

ISO Guide 73 definition of risk owner

A

Person with authority and accountability to make the decision to treat, or not to treat a risk