Unit 2 - Ethics & Risk Mgmt

Question 1

What are the three major theories in moral philosophy?

Answer 1

1) Well-being - the impacts of different actions and policies
2) Autonomy - free choice without coercion, addiction and irrationality. Also what makes possible - responsibility, respect and blame
3) Virtuous character - cultivation of this over a human lifetime

Question 2

What does the theory of Utilitarianism suggest?

Answer 2

That it is morally right to do in any circumstance what will increase the well-being of the most people

Question 3

What are pros and cons of digital goods w.r.t. Well-being?

Answer 3

Cons - often marketed to the already well off

Pros - non-rival and not scarce. Can therefore increase everyone’s well-being.

Can also be used to specifically help those badly off through disability and to spread educational material.

Question 4

What are two primary unwanted effects of digitisation on employment?

Answer 4

1) Online selling platforms affect prospects for retail workers, and all related professions to support retail.
2) AI may affect large swathes of a manufacturing Labour force. Even the reduction in need to light / heat an area may reduce needs for maintenance personnel, electricians etc.

Question 5

What are non-employment downsides of digitisation and connectivity?

Answer 5

1) Social Media - anonymity can be distinguishing leading to rudeness / abuse.
2) Disconnection in the real world - Online gaming platforms etc. Can make us less social.
3) Fake news - circulated by social media with personalisation that reinforces existing beliefs rather than presenting balanced view.
4) Collection of personal data - some may see as violation of privacy. Consent often hidden in small print.

Question 6

Why is digital development more negative from an Autonomy perspective

Answer 6

When info is collected, it may be used to offer specific items, therefore choices to purchase may be influenced rather than made freely.

Question 7

Why is leading a virtuous life incompatible with a digital life?

Answer 7

Virtues like courage and self-contol require real-world situations in which real things are at stake, not just an online persona.

Question 8

What are the 7 General Data Protection Regulation (GDPR) principles from article 5?

Answer 8

Personal data shall be:

1) processed lawfully, fairly and transparently
2) collected and used for specific, explicit and legitimate purposes
3) adequate, relevant and limited
4) accurate, kept up-to-date
5) kept so data subjects can be identified for no longer than is necessary
6) processed securely
7) controller is responsible for and able to demonstrate compliance with 1-6

Question 9

Who are ‘Data Controllers’?

Answer 9

Those responsible for receiving, collecting, processing and storing personal data

Question 10

What are the two constituent parts of a Risk Management Standard?

Answer 10

Risk Management Framework
+
Risk Management Process

Question 11

What is the Risk Management Process according to the IRM?

Answer 11

Being able to:

• Identify risks (and opportunities)
• Evaluate and prioritise significant risks (and opps)
• Manage significant risks

Question 12

For the Risk Mgmt Framework, what does ‘RASP’ stand for?

Answer 12

• Risk Architecture
  (Committee structure, roles and resp, reporting reqmts)
• risk Strategy
  (Risk mgmt philosophy, arrangements for embedding, risk appetite and attitude, risk assessment techniques, risk priorities)
• risk Protocols
  (Tools and techniques, risk classification system, risk assessment procedures, risk control rules and procedures, responding to incidents, training and comms, reporting)

Question 13

What does Hopkin define as the 8Rs of (hazard) risk mgmt?

Answer 13

• Recognition
• Rating
• Ranking
• Responding (see four Ts)
• Resourcing
• Reaction Planning
• Reporting
• Reviewing

Question 14

What does ISO 31000 state in terms of what risk mgmt is based on?

Answer 14

The Principles, Framework and Process outlined in the document

Question 15

What according to Hopkin (Fundamentals of Risk Mgmt) does External Context include?

Answer 15

• Social, cultural, political, legal, reg, financial, technological, economic, natural and competitive environments
• Industry, products, markets, competitors, suppliers, customers, logistics and regions / cou tries of operation
• Key drivers and trends impacting objectives of operation
• Relationships with and perceptions and values of external stakeholders

Question 16

What according to Hopkin (Fundamentals of Risk Mgmt) does Internal Context include?

Answer 16

Relates to org structure, objectives, policies, strategies, processes, culture and values of people. Includes:

• Divisions, departments, structures, systems, processes and accountability, cultures, leadership, strengths and weaknesses
• Internal stakeholders - staff, managers, the board
• Approach to corporate governance, it’s resources, competencies and capabilities, culture and conduct
• Factors which influence how org tries to set and achieve objectives

Question 17

What according to Hopkin (Fundamentals of Risk Mgmt) does Risk Mgmt Context include?

Answer 17

Context in which risk mgmt process must operate - see RASP.

Question 18

What is ‘Loss Control’?

Answer 18

Seeks to be:

• Loss prevention - focus on reducing likelihood (Prevent)
• Damage limitation - focus on reducing magnitude (Detect)
• Cost containment - focus on reducing impact and consequence (Recover)

Question 19

What does Hopkin define as ‘Hazard Risks’?

Answer 19

Risks associated with an organisation’s operations.

Question 20

What are the 4 Ts in the context of Hazard Risks?

Answer 20

Four responses (risk treatments) for Hazard risks:

• Tolerate (when perceived severity is within appetite, or is unknown and implicitly tolerated)
• Treat (take action to reduce severity, likelihood or impact)
• Transfer (to third party such as insurance. Also included ‘risk sharing’)
• Terminate (stop the activity associated with the risk)

Question 21

What is the difference between risk ‘Magnitude’ and ‘Impact’?

Answer 21

Magnitude - Measure at Inherent risk level

Impact - Measure at Residual risk level

Question 22

What is risk ‘Appetite’ vs ‘Tolerance’?

Answer 22

Appetite - Amount of risk am organisation is willing to seek or accept in persuit of long-term objectives

Tolerance - Expressed in absolute terms, lines in the sand. E.g. We will not deal with a particular customer segment.

Question 23

What questions should be asked when reviewing controls?

Answer 23

1) Is the chosen ctrl really the best ctrl for the risk?
2) Is the ctrl effective in practice?

Could also ask…
3) Does the ctrl provide good value for money?

Question 24

What are pros and cons of monitoring and review of risk mgmt activities?

Answer 24

Pros - Enables learning and improvement

Cons - Introduces costs and with finite resources it will not be possible to constantly monitor and review all controls

Question 25

What are benefits of reviewing the entire risk mgmt process?

Answer 25

• Ensure responses are effective and efficient and ID and close and ctrl gaps
• ID and mge potential adverse side-effects and unintended consequences of responses
• Build up knowledge to improve risk ID and analysis
• Better link risks to objectives, key dependencies, core processes and stakeholder expectations
• Detect and prepare for chgs in internal or external context
• Detect and prepare for chgs and trends
• ID and prepare for new and emerging risks
• ID good risk mgmt practice, build on it and disseminate to other parts of the organisation

Question 26

What question should be asked to understand ‘Resilience’?

Answer 26

Can you be sure the org can continue as seamlessly as possible if it experiences disruption?