‼️ [Workplace] Risk Management Flashcards
A high-level characterization of the amount of uncertainty (acceptable risk) an organization is willing to pursue or to accept to attain its risk management goals.
Risk Appetite
Situation in which a person or organization may benefit from undue influence due to involvement in outside activities, relationships, or investments that conflict with or have an impact on the employment relationship or its outcomes.
Conflict of Interest
Situation in which one party engages in risky behavior knowing that it is protected against the risk because another party will incur any resulting loss.
Moral Hazard
Uncertainty that has an effect on an objective, where outcomes may include opportunities, losses, and threats.
Risk
Situation in which an agent (for example, an employee) makes decisions for a principal (for example, an employer) potentially on the basis of personal incentives that may not be aligned with the principal’s incentives.
principal-agent problem
Action taken to manage a risk.
Risk Control
Tool used to gather individual assessments of various characteristics of risk (for example, frequency of occurrence; degree of impact, loss, or gain for the organization; degree of efficacy of current controls).
Risk scorecard
Metrics that provide an early signal of increasing risk exposures for an enterprise.
Key Risk Indicators (KRI)
Principle that organizations should take all steps that are reasonably possible to ensure the health, safety, and well-being of employees and protect them from foreseeable injury.
Duty of care
Protocol that an organization implements when an identified risk event occurs.
Contingency plan
Expected monetary loss for an asset due to a risk over a one-year period; calculated by multiplying single loss expectancy by annualized rate of occurrence.
Annualized Loss Expectancy (ALE)
Organization’s desired gain or acceptable loss in value.
Risk position
System for identifying, evaluating, and controlling actual and potential risks to an organization.
Risk management
A characterization of the amount of uncertainty (acceptable risk) an organization is willing to pursue or to accept to attain its risk management goals, defined in a range above and below a target.
Risk tolerance
Reporting of an organization’s violations of policies and processes by employees.
Whistleblowing
Expected monetary loss every time a risk occurs; calculated by multiplying asset value by exposure factor.
Single loss expectancy (SLE)
Potential for harm, often associated with a condition or activity that, if left uncontrolled, can result in injury or illness.
Hazard
Amount of uncertainty that remains after all risk management efforts have been exhausted.
Residual Rik
person engages in risky behavior knowing that someone else will absorb any losses.
Moral hazard
risks that affect the organization’s ability to achieve its objectives
Ex: investment, engagement, diversity, consumer behavior, competitive behavior
Strategic risks
risks that affect the myriad ways in which the organization creates value
Ex: sustainability, supply chain, data privacy, process efficiency and effectiveness
Operational risks
risks that affect the accuracy and timeliness of information about the organization’s financial performance and condition
Ex: growth of assets, misappropriation of assets
Financial risks
risks that have the potential to cause physical harm to property or people (for example, an illness or injury) in the immediate and long term
Ex: injury and illness, health and safety natural, environmental or elemental causes,
Hazard risks
The 3 barriers to risk management
1- Structural (Organizations that are structured in a silo fashion tend to respond to risk in an operational rather than strategic manner. They overlook dependencies within the organization that can create risks and/or interfere with proactive risk management.)
2- Cognitive (Risks have been clearly identified and responses fully defined. It is a realm of “if-then” scenario)
Cultural (cultural barriers ultimately involve what types of mindsets are sought, instilled, and rewarded.)
Calculate risk level
Probability of occurrence x Magnitude of impact
The degree of probability that a loss will occur
Vulnerability
The possible effect on the organization, and tolerance is the amount of risk the organization can handle if an event occurs
Impact
(occurs after analysis of probability, risk, and speed of onset.)
Mitigation planning
bb
Organizations must be proactive with regard to workplace violence. There should be a written policy outlining the organizational stance toward workplace violence and outlining response procedures designed to prevent possible threats from escalating. Designating a response team, employing security personnel, and developing resources for employees are additional steps that can assist in the prevention of workplace violence. Conducting drills, including active shooter drills, can ensure that employees know how to react if an instance of workplace violence occurs.
bb
Before engaging in any drug testing, it is important to verify that organizational policies and procedures comply with all applicable federal laws and regulations and state laws. Varying jurisdictions may have laws that impact testing procedures following an incident at work or during pre-employment testing and other workplace screenings. Laws may specify acceptable recourse following a positive test. For example, some jurisdictions will mandate that an employee has the option of participating in a rehabilitation program following his or her first positive test, barring the organization from dismissing the employee as a result.
bb
Organizations must be proactive with regard to workplace violence. There should be a written policy outlining the organizational stance toward workplace violence and outlining response procedures designed to prevent possible threats from escalating. Designating a response team, employing security personnel, and developing resources for employees are additional steps that can assist in the prevention of workplace violence. Conducting drills, including active shooter drills, can ensure that employees know how to react if an instance of workplace violence occurs.
bb
In some cases, risks with a large potential impact may be subjected to further analysis before evaluation. For example, scenarios may be created for events at different levels of severity or opportunity—different levels of success with a new executive recruiter and what that will mean to the organization’s ability to execute its strategic plans, loss of productivity caused by storms of different magnitudes. This aspect of risk analysis can be highly technical.