Units 1 & 2 Flashcards

1
Q

How does ISO31000 define a risk?

A

The effect of uncertainty on objectives.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What do we mean by the ‘effect ‘ of a risk?

A

Deviation from the expected.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

How does ISO31000 define traditional risk management?

A

Coordinated activities to direct and control an organization with regard to risk.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

How does ERM differ to traditional risk management?

A
  • led from the top-down
  • reducing silos
  • having a holistic risk profile
  • identifying critical risks & responsibilities
  • finding interdependencies
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What’s the general timeline of the history of risk management?

A
  • in the middle ages people were superstitious and believed risk events were an ‘act of god’
    -then story telling began to show the first records of cause and event
    -700-800 years ago the Hindu-Arabic numbering system reached Europe and allow for the beginnings of mathematical probability
    -in the 17th century the probability theory was introduced (principally designed for gambling)
  • then modern beauratic states formed and began collecting vast data sets
    -banks and insurance companies started using specific, quantitative forms of RM
  • in 1995-2004 the first risk management standards were introduced e.g. COSO ERM Cube
  • and between 2004-2018 the RM focus has shifted to include ESG
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

When did risk management first become recognized as a formal profession?

A

1970s- mainly in finance and insurance sectors

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

How do the IRM describe the objectives of ERM?

A

MADE2
-mandatory
-assurance
-decision-making
-efficient and effective processes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

How doo the IRM describe the benefits of ERM?

A

STOC
-Strategy
-Tactics
-Operations
-Compliance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

How does ERM relate to organizational strategy?

A
  • understanding overall risk exposure
  • comparing overall risk exposure to risk appetite
  • ensuring a balance between the cost/benefit of controls
  • supporting a return on investment
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

How does ERM relate to Governance?

A
  • creating accountability
    -ensuring the prioritization of limited resources
  • enhancing the efficiency of reporting and decision-making
  • embedding a risk-aware culture
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

How does ERM relate to Resilience?

A
  • preparing for changes in the context
  • avoiding negative surprises
  • supporting quick/agile responses
  • coping with crises
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

How do SATALA (consultants) describe the steps of the RM process?

A
  1. Define the context and objectives
  2. Assess the risk
  3. Manage the risk
  4. Monitor, review and report the risk
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What do SATARLA say are the two choices we can make when understanding if it’s possible to achieve an objective?

A
  1. direct more resource towards the management of the associated risk/s
  2. OR rescope the objective so that it’s more realistic
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

How does the Orange Book describe ERM integration?

A

ERM should be used to assess costs & benefits and inform decision-making by exploring alternative ways to meet objectives.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is a RM standard?

A

Standards set out the overall RM approach, including a description of the process along with the framework that supports the integration of that process.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is a RM framework?

A

Frameworks define the risk management context, including the architecture, strategy and protocols (RASP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is a RM process?

A

Processes describe the steps in how you manage risks.

18
Q

What’s the latest date of ISO31000?

A

2018

19
Q

What’s included in the ISO31000 standard?

A
  • 8 principles
  • 6 framework stages
  • 6 process steps
20
Q

What are the 8 ISO31000 principles?

A

Integrated, structured and comprehensive, customized, inclusive, dynamic, best available information, human and cultural factors & continual improvement.

21
Q

What are the 6 ISO31000 framework stages?

A

Leadership and commitment, integration, design, implementation. evaluation, improvement.

22
Q

What are the 6 ISO31000 process steps?

A

Communication & consultation, scope context and criteria, risk assessment (identification, analysis and evaluation), risk treatment, risk monitoring and review and risk recording and reporting.

23
Q

What’s included on the different faces of the COSO 2004 ERM Cube?

A

8 x principles (front face)
Business areas (right face)
4x objectives (top face)

24
Q

What are the 5 components of the COSO 2017 Rainbow-Double Helix?

A
  1. Governance and culture
  2. Strategy and objectives
  3. Performance
  4. Review and revision
  5. Information and reporting
25
Q

What are the main things to remember about Sarbanes-Oxley?

A
  • written in 2002
  • applicable to the United States
  • highlighted in the financial crisis of 2008
  • requires accuracy of financial reporting
  • supports the COSO approach
26
Q

What are the main things to remember about the Orange Book?

A
  • updated in 2023
  • applicable to UK Government organizations
  • has five principles (governance and leadership, integration, collaboration & best information, process, continual improvement)
27
Q

How does the IRM summarize the attributes of effective ERM?

A

PACED. Proportionate, Aligned, Comprehensive, Embedded, Dynamic.

28
Q

RASP. What’s included in the risk architecture?

A
  • expected flow of information
  • roles and responsibilities
  • terms of reference
  • committee structures
29
Q

RASP. What does RACI stand for?

A

Responsible, accountable, consulted, informed.

30
Q

RASP. What’s the role of the director?

A
  • to promote organizational success
  • to delegate to a CRO (where appropriate)
  • to ensure divisions are bought together (breaking silos)
  • to ensure risk information is monitored and used to make improvements.
31
Q

RASP. What’s the role of a risk manager?

A
  • take responsibility for implementation of the risk framework (RASP)
  • share corporate learning and ERM benefits
32
Q

RASP. What’s the role of a local manager?

A
  • identify and assess business unit risks
  • escalate through the central risk function (ensuring oversight and establishment of priorities)
33
Q

RASP. What’s the role of the Board?

A
  • overall responsibility for the organization’s risks
  • form and monitor performance of the strategy
  • determine risk appetite
  • monitor control effectiveness
34
Q

RASP. What’s the role of the audit committee?

A
  • evaluate RM processes
35
Q

RASP. What IS NOT the role of the audit committee?

A
  • implement RM responses
36
Q

RASP. What’s included in the risk strategy?

A
  • sets the tone-from-the -top
  • includes the philosophy, attitudes and appetite to risk taking
  • explains what the organization wants to achieve in terms of STOC
  • is outlined in the policy
37
Q

RASP. What’s included in the risk policy?

A
  • the strategy
  • commitment from the Board
  • roles and responsibilities
    -provision of resources
38
Q

RASP. What’s the definition of risk appetite?

A

The amount of risk an organization is willing to seek or accept in pursuit of long-term objectives.

39
Q

RASP. What’s the definition of risk capacity?

A

The maximum amount of risk an organization can afford.

40
Q

RASP. What does an organization’s capacity depend on?

A

Their capabilities.

41
Q

RASP. What’s included in the risk protocols?

A

HOW we implement risk management, including common terminology, steps, tools and techniques.