Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

IRM > Unit 3 > Flashcards

Unit 3 Flashcards

1
Q

3 components of context

A

International context
Risk management context
External context

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Internal context

A

Organisations structure, risk management philosophy, culture, attitudes, strategies, policies, processes and people’s values

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

External context

A

Anything outside the control of the organisation.

External stakeholder expectations, industry regulators, competitor behaviour, economic environment, PESTLE trends

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Risk management contezt

A

Otherwise known as the RM framework (RASP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

4 TECHNIQUES to assess the external and internal context

A

Stakeholder mapping
Horizon scanning
PESTLE
Extended enterprise

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Extended enterprise definition

4 elements used to understand the EE

A

The structure where a number of organisations come together in a joint endeavour to achieve outcomes that none of them could have achieved on their own.

1) Core activities of the team, function, Organization you are looking at (what is it that you do?)
2) Key inputs to those core activities
3) Key outputs from the activities
4) The external influences that can affect any of the above

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

PESTLE

A

Tool used to understand the external context or categorise risks into political, economic, social, technological, legal and enviornmental

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Stakeholder definition

A

People and or organisations with whom they have some form of relationships, contractor influence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Stakeholder mapping

A

Tool used to identify and categorise stakeholders.

Stakeholders put on a matrix depending on their attitude and influence they have on achieving the orgs. Objectives (materiality of the stakeholders)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Horizon scanning

A

Horizon Scanning is a systematic examination of information to identify potential threats, risks, emerging issues, and opportunities allowing for better preparedness and to support decision making.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Objectives should be SMART

A

Specific - what do you want to accomplish exactly
Measurable - define the metrics so you can see if you met your goal at the end
Achievable - do you have the skills needed?
Relevant - do the objectives align to the strategy of the firm?
Time bound - have a specific target date for delivery

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Definition of strategy

A

A strategy sets out how an organisation is to be successful, which is broken down into objectives across the organisation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Three levels of objectives

A

1) Organsiation-wide strategic objectives
2) Tactical objectives at level of departments, divisions etc. These normally focus on the implementation of strategy
3) Operational objectives of teams and individuals

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

what should risk criteria do?

A

Risk criteria should be developed to evaluate the significance of risk and to support decision making

It should consider the nature and type of uncertainties (i.e., what the categories of risk are), as well as how consequences and likelihood
are defined

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Definition of risk criteria

A

Measures of how much risks matter to an organsiation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What can risks attract to ?

A

Core processes
Objectives / stakeholder expectation
Key dependencies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Definition of key dependencies

A

Key things that the org. Needs to be successful; internal or external. They support the core processes of the org

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Core processes

A

Fundamental to an organisation’s success because they are the means of delivering strategy and continuity of operations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Stakeholders

A

Group or groups of individuals who have a stake in the business or are affect by what the org does.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Elephant risks

A

We know the risks are there but ignore them / don’t recognise them / assume someone else is dealing with them. Therefore, they are unacknowledged and thus unmanaged risks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Black swan risks

A

Also known as surprise risks. We don’t know, what we don’t know. Therefore, they are risks we can’t manage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

H&T 5 Techniques for risk assessment

A

1) Checklists and questionnaires
2) Workshops and brainstorming
3) Inspections and audits
4) Flowchart and dependency analysis
5) Crow sourcing techniques

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Definition of emerging risks

A

Risks that you know little about when they are recognised

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Techniques for identifying emerging risks

A

Horizon scanning, constant monitoring of the external environment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Short term risks
Medium term risks
Long term risks

A

Risks with an immediate impact
Risks whose impact becomes apparent between a few months
Impacting between one and five years after the event

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

FIRM risk classification technique

A

Used to both classify risks (identification) and impacts

F - financial (derived internally)
I - infrastructure (derived internally)
R - Reputational (derived externally)
M - marketplace (derived externally)

27
Q

What is risk analysis?

A

It helps to determine the size and nature of risks. It does so by analysis the likelihood of the risk materialising together with the impact on the organisation. It provides an input to how a risk is to be treated

28
Q

iso 31000 definition of risk analysis

A

The purpose of risk analysis is to comprehend the nature of risk and its characteristics, including, where appropriate, the level of risk.

29
Q

The Orange Book and Coso (2017) on risk analysis

A

They both place risk analysis within the broader subject of risk assessment. Therefore, risks are analysed and then prioritised. This will inform how resources are to be allocated and whether we can proceed with a strategy or have to think of different options

30
Q

Other risk analysis techniques

A

Looking at past records, experience, literature, testing, statistical models.

31
Q

Techniques to prioritise risks

A

How they impact objectives, likelihood of them happening, potential velocity

32
Q

Likelihood definition

A

Term which measures the chances of a specific event occurring. It captures the expected probability and frequency of a risk

33
Q

Probability

A

Likelihood expressed numerically (0% to 100%) - 2% of it raining today

34
Q

Frequency

A

Likelihood expressed numerically as a frequency measurement - it rained two times today. This is then converted to a probability measure. It could thus rain more today.

35
Q

how is impact measured

A

Most orgs used risk criteria to measure impact

36
Q

Risk matrix

A

Combination of impact and likelihood scales on which risks are positioned

It helps prioritise risks and provide focus for the org where to put effort in

37
Q

Risk vs action matrix

A

Action used instead of likelihood as this is hard to measure

Amount of action needed to bring the risk to an acceptable level

38
Q

Proximity vs velocity

A

Proximity = how close an org is to a risk occurring

Velocity = measures how fast a risk can impact an org. Once it occurs. The timescale of risk impact

39
Q

Proximity vs velocity

A

Proximity = how close an org is to a risk occurring

Velocity = measures how fast a risk can impact an org. Once it occurs. The timescale of risk impact

40
Q

Risk clock speed

A

The rate at which the info necessary to understand and manage a risk becomes available

  • slow clock speed risks are those where enough thinking time is available
  • Fast clock speed risks are at or close to real time
41
Q

Risk clock speed window

A

The range between how well organisations can deal with both fast and slow risk and still function effectively. They do so by having an established rm system

42
Q

Three levels of risk rating

A

Inherent = level of risk before any controls put in place
Current = level of risk taking into account the current controls in place to manage it. The goal is the target level where the current mitigations get even more effective, or more controls are added
Target = level of risk that is desired because it brings the risk to the acceptable level. Risk appetite

43
Q

definition of risk evaluation

A

After analysis a risk we must decide whether to respond to the risk or tolerate it. This all depends on the risk appetite level

44
Q

COSO (2004) defines objective setting as

A

the board should set objectives that support the mission of the Organization that are consisten with its risk appetite

45
Q

ISO 31000 sees the overall attitude of an Organization to risk as

A

= this can be described by a set of risk criteria

46
Q

Difference between risk appetite and risk attitude

A

The risk attitude is concerned with the criteria surrounding risk ,and risk appetite is concerned with the amount of risk required to achieve objectives

47
Q

What is a indication of risk attitudes of different Organizations

A

Different organizations will set their tolerance levels differently

48
Q

What are the advantages of having a risk classification system, as according to the BS 31100

A

Helps to define the scope of RM in the org, provides a structure and framework for risk identification, and gives the opportunity to aggregate similar kinds of risks across the whole Organization.
The number and type of risk categories employed should be selected to suit the size, purpose, nature, complexity and context of the org. The categories should reflect the maturity of rm within the Organization.

49
Q

Risk classification system: IRM Standard

A

Financial, strategic, hazard, operational

50
Q

Risk classification system: Orange Book

A

Strategy, Governance, Operations, Legal, Safety, Financial, Commercial, People, Technology, Information, Secuirty, Project, Programme, Reputational

51
Q

EM3

A

Summarises the responses to risks as embrace, management, mitigate, minimise

52
Q

Main requirements of a project

A

Delivered on time, within budget and to specification

53
Q

Three categories of risks that banks usually face

A

Market, credit and operation

54
Q

Market risks

A

They occur due to fluctuations in the financial markets. The assets and liabilities of the bank are exposed to various kinds of market volatilities, such as changes in interest rates and foreign exchange rates. Primarily an opportunity risk

55
Q

Credit risks

A

When the bank lends to a client there is an inherent risk of money not coming back, and this is credit risk. Credit risk is the possibility of the adverse condition in which the client does not pay back the loan amount. Control risk that has to be managed

56
Q

How does BASEL 2 define operation risk

A

The risk of direct or indirect loss resulting from inadequate or failed internal processes, people and systems or from external events.

57
Q

ISO Guide 73 definition of stakeholder

A

Person or group concerned with, affected by, or perceiving themselves to be affected by an Organization

58
Q

CSFSRS

A

Customers, staff, financiers, society, regulators, suppliers

59
Q

How does the BS 31100 classify core processes

A

As strategic, tactical and operational

60
Q

BS 31100: Strategic perspectives =

A

Set the future direction of the business

61
Q

BS 31100: Tactical perspectives =

A

Are concerned with turning strategy into action by achieving change

62
Q

BS 31100: Operational perspectives

A

Related to the day to day operations of the Organization

63
Q

BPR

A

Business process re-engineering approach. It is a technique to ensure an org has the most effective processes and operations.

  • Starts by identifying stakehodlers and their expectations.
  • Core processes deliver these shared expectations
  • Stakeholders in current and future activities are identified aswell as their expectations in relation to objectives. The core processes can then be defined or refined to deliver these expectations.
  • Taking a BPR or core processes approach identifies the core processes that are most vulnerable to risk events. It also enables the identification of stakeholders who are more likely to be dissatisfied because their expectations have not been delivered

IRM (7 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions