Units 1 & 2 Flashcards
How does ISO31000 define a risk?
The effect of uncertainty on objectives.
What do we mean by the ‘effect ‘ of a risk?
Deviation from the expected.
How does ISO31000 define traditional risk management?
Coordinated activities to direct and control an organization with regard to risk.
How does ERM differ to traditional risk management?
- led from the top-down
- reducing silos
- having a holistic risk profile
- identifying critical risks & responsibilities
- finding interdependencies
What’s the general timeline of the history of risk management?
- in the middle ages people were superstitious and believed risk events were an ‘act of god’
-then story telling began to show the first records of cause and event
-700-800 years ago the Hindu-Arabic numbering system reached Europe and allow for the beginnings of mathematical probability
-in the 17th century the probability theory was introduced (principally designed for gambling) - then modern beauratic states formed and began collecting vast data sets
-banks and insurance companies started using specific, quantitative forms of RM - in 1995-2004 the first risk management standards were introduced e.g. COSO ERM Cube
- and between 2004-2018 the RM focus has shifted to include ESG
When did risk management first become recognized as a formal profession?
1970s- mainly in finance and insurance sectors
How do the IRM describe the objectives of ERM?
MADE2
-mandatory
-assurance
-decision-making
-efficient and effective processes
How doo the IRM describe the benefits of ERM?
STOC
-Strategy
-Tactics
-Operations
-Compliance
How does ERM relate to organizational strategy?
- understanding overall risk exposure
- comparing overall risk exposure to risk appetite
- ensuring a balance between the cost/benefit of controls
- supporting a return on investment
How does ERM relate to Governance?
- creating accountability
-ensuring the prioritization of limited resources - enhancing the efficiency of reporting and decision-making
- embedding a risk-aware culture
How does ERM relate to Resilience?
- preparing for changes in the context
- avoiding negative surprises
- supporting quick/agile responses
- coping with crises
How do SATALA (consultants) describe the steps of the RM process?
- Define the context and objectives
- Assess the risk
- Manage the risk
- Monitor, review and report the risk
What do SATARLA say are the two choices we can make when understanding if it’s possible to achieve an objective?
- direct more resource towards the management of the associated risk/s
- OR rescope the objective so that it’s more realistic
How does the Orange Book describe ERM integration?
ERM should be used to assess costs & benefits and inform decision-making by exploring alternative ways to meet objectives.
What is a RM standard?
Standards set out the overall RM approach, including a description of the process along with the framework that supports the integration of that process.
What is a RM framework?
Frameworks define the risk management context, including the architecture, strategy and protocols (RASP)