Unit 2 - Ethics & Risk Mgmt Flashcards
What are the three major theories in moral philosophy?
1) Well-being - the impacts of different actions and policies
2) Autonomy - free choice without coercion, addiction and irrationality. Also what makes possible - responsibility, respect and blame
3) Virtuous character - cultivation of this over a human lifetime
What does the theory of Utilitarianism suggest?
That it is morally right to do in any circumstance what will increase the well-being of the most people
What are pros and cons of digital goods w.r.t. Well-being?
Cons - often marketed to the already well off
Pros - non-rival and not scarce. Can therefore increase everyone’s well-being.
Can also be used to specifically help those badly off through disability and to spread educational material.
What are two primary unwanted effects of digitisation on employment?
1) Online selling platforms affect prospects for retail workers, and all related professions to support retail.
2) AI may affect large swathes of a manufacturing Labour force. Even the reduction in need to light / heat an area may reduce needs for maintenance personnel, electricians etc.
What are non-employment downsides of digitisation and connectivity?
1) Social Media - anonymity can be distinguishing leading to rudeness / abuse.
2) Disconnection in the real world - Online gaming platforms etc. Can make us less social.
3) Fake news - circulated by social media with personalisation that reinforces existing beliefs rather than presenting balanced view.
4) Collection of personal data - some may see as violation of privacy. Consent often hidden in small print.
Why is digital development more negative from an Autonomy perspective
When info is collected, it may be used to offer specific items, therefore choices to purchase may be influenced rather than made freely.
Why is leading a virtuous life incompatible with a digital life?
Virtues like courage and self-contol require real-world situations in which real things are at stake, not just an online persona.
What are the 7 General Data Protection Regulation (GDPR) principles from article 5?
Personal data shall be:
1) processed lawfully, fairly and transparently
2) collected and used for specific, explicit and legitimate purposes
3) adequate, relevant and limited
4) accurate, kept up-to-date
5) kept so data subjects can be identified for no longer than is necessary
6) processed securely
7) controller is responsible for and able to demonstrate compliance with 1-6
Who are ‘Data Controllers’?
Those responsible for receiving, collecting, processing and storing personal data
What are the two constituent parts of a Risk Management Standard?
Risk Management Framework
+
Risk Management Process
What is the Risk Management Process according to the IRM?
Being able to:
- Identify risks (and opportunities)
- Evaluate and prioritise significant risks (and opps)
- Manage significant risks
For the Risk Mgmt Framework, what does ‘RASP’ stand for?
- Risk Architecture
(Committee structure, roles and resp, reporting reqmts) - risk Strategy
(Risk mgmt philosophy, arrangements for embedding, risk appetite and attitude, risk assessment techniques, risk priorities) - risk Protocols
(Tools and techniques, risk classification system, risk assessment procedures, risk control rules and procedures, responding to incidents, training and comms, reporting)
What does Hopkin define as the 8Rs of (hazard) risk mgmt?
- Recognition
- Rating
- Ranking
- Responding (see four Ts)
- Resourcing
- Reaction Planning
- Reporting
- Reviewing
What does ISO 31000 state in terms of what risk mgmt is based on?
The Principles, Framework and Process outlined in the document
What according to Hopkin (Fundamentals of Risk Mgmt) does External Context include?
- Social, cultural, political, legal, reg, financial, technological, economic, natural and competitive environments
- Industry, products, markets, competitors, suppliers, customers, logistics and regions / cou tries of operation
- Key drivers and trends impacting objectives of operation
- Relationships with and perceptions and values of external stakeholders
What according to Hopkin (Fundamentals of Risk Mgmt) does Internal Context include?
Relates to org structure, objectives, policies, strategies, processes, culture and values of people. Includes:
- Divisions, departments, structures, systems, processes and accountability, cultures, leadership, strengths and weaknesses
- Internal stakeholders - staff, managers, the board
- Approach to corporate governance, it’s resources, competencies and capabilities, culture and conduct
- Factors which influence how org tries to set and achieve objectives
What according to Hopkin (Fundamentals of Risk Mgmt) does Risk Mgmt Context include?
Context in which risk mgmt process must operate - see RASP.
What is ‘Loss Control’?
Seeks to be:
- Loss prevention - focus on reducing likelihood (Prevent)
- Damage limitation - focus on reducing magnitude (Detect)
- Cost containment - focus on reducing impact and consequence (Recover)
What does Hopkin define as ‘Hazard Risks’?
Risks associated with an organisation’s operations.
What are the 4 Ts in the context of Hazard Risks?
Four responses (risk treatments) for Hazard risks:
- Tolerate (when perceived severity is within appetite, or is unknown and implicitly tolerated)
- Treat (take action to reduce severity, likelihood or impact)
- Transfer (to third party such as insurance. Also included ‘risk sharing’)
- Terminate (stop the activity associated with the risk)
What is the difference between risk ‘Magnitude’ and ‘Impact’?
Magnitude - Measure at Inherent risk level
Impact - Measure at Residual risk level
What is risk ‘Appetite’ vs ‘Tolerance’?
Appetite - Amount of risk am organisation is willing to seek or accept in persuit of long-term objectives
Tolerance - Expressed in absolute terms, lines in the sand. E.g. We will not deal with a particular customer segment.
What questions should be asked when reviewing controls?
1) Is the chosen ctrl really the best ctrl for the risk?
2) Is the ctrl effective in practice?
Could also ask…
3) Does the ctrl provide good value for money?
What are pros and cons of monitoring and review of risk mgmt activities?
Pros - Enables learning and improvement
Cons - Introduces costs and with finite resources it will not be possible to constantly monitor and review all controls
What are benefits of reviewing the entire risk mgmt process?
- Ensure responses are effective and efficient and ID and close and ctrl gaps
- ID and mge potential adverse side-effects and unintended consequences of responses
- Build up knowledge to improve risk ID and analysis
- Better link risks to objectives, key dependencies, core processes and stakeholder expectations
- Detect and prepare for chgs in internal or external context
- Detect and prepare for chgs and trends
- ID and prepare for new and emerging risks
- ID good risk mgmt practice, build on it and disseminate to other parts of the organisation
What question should be asked to understand ‘Resilience’?
Can you be sure the org can continue as seamlessly as possible if it experiences disruption?
