Erstellt von helen_woolford
vor mehr als 11 Jahre
|
||
Frage | Antworten |
Describe the 4As of Project risk management? | 1. Accept 2. Adopt 3. Adapt 4. Avoid |
Describe the 4Es of Strategic decisions? | 1. Exist 2. Explore 3. Exploit 4. Exit |
what is the link between the risk appetite, risk exposure and risk capacity? | For an organisation to have the appetite to have risk, it must know how much risk exposure is already has and how much capability it has to take further risks. |
How do you determine whether a control is effective? | Evaluation and cost benefit analysis internal audit Plan, Do, measure learn approach |
Name risk to finance risks? | Historical liabilities Fraud risks |
Name infrastructure risks? | Health and safety Fire prevention IT infrastructure HR risks |
Name reputation risks | Brand protection Environmental risks |
Name some Marketplace risks? | Technology advances Regulatory risk |
Explain risk appetite in regards to hazard risk? | There is a cost associated with hazard risks, include the cost of the incident and the cost of loss prevention, damage limitation and cost containment. An org will need to quantify the possible hazard risks and costs associated with these risks. The org should be able to decide how much hazard risk it will tolerate and this is part of the total risk appetite. |
Why is insurance important? | Main way of transferring risks (4Ts) risk response. Also called risk financing, help orgs cover unexpected losses. Different types, including CIC, pooling insurance, single premium insurance bonds |
Give two advantages of insurance? | - Indemnity against unexpected loss - Reduces uncertainty against hazard risks -Economical benefits -Provide access to specialist services (DRP) |
Explain risk appetite and uncertainty risks? | Organisations face uncertainty risks. The ISO Guide 73 describes risk as the uncertainty on objectives. These are control risks and org need to decide how much uncertainty there are will to accept. An example is setting a level of fraud of theft that is within the risk appetite |
Give two disadvantages of insurance? | - Delays in settling claims - difficult to quantify the financial cost associated with loss - Disputes over terms and conditions - Deciding the limit of indemnity that is appropriate for liability exposures |
What is Captive Insurance? | It is a insurance company which is owned by a business not otherwise involved in insurance |
Explain risk appetite and opportunity investment? | The portion of risk appetite that is associated with opportunities can be considered to be the opportunity investment that the org is will to embrace. The org will be willing to invest resources in opportunities that they belief will produce a positive return and this is another way that an org might apply the concept of risk appetite |
Describe preventative controls? | To limit the possibility of an undesirable outcome being realised. The more important it is to stop an undesirable the more important it becomes to implement preventable controls |
What are the advantage of CIC? | - Lower premiums so savings made - access to re-insurable markets - great risk-awareness Greater cover Certain tax benefits |
What is the BS 31100 definition of risk treatment? | the process of developing, selecting and implementing controls |
Describe Corrective controls? | These are designed to limit the scope of loss and reduce any undesirable outcomes that have been realised |
What are the disadvantages of CIC? | - Captive exposed to insurance claims -parent needs to allocate capital to ensure adequate solvency -losses are ultimately paid for by the parent org -Different territories non-admittance of policy - significant admin cost, time and effot by parent org. |
What is the ISO 31000 definition of risk treatment? | development and implementation of measure to modify risk. |
Describe directive controls? | These controls are designed to ensure that a particular outcome is achieved. they are based on giving directions to ensure losses do not occur. |
What are some of the Key features of ERM? | -It encompasses all areas of organisational exposure to risk -Prioritises and manages those exposures as an interrelated risk portfolio -Provides a structured process for the management of all risks (quantitative and qualitative) -Seeks to embed RM as a component of all critical decisions throughout the organisation. -Constructs a means of communicating risk issues so that a common understanding of the risks faced and their importance -Supports the activities of internal audit by providing a structure for the provision of assurance to the board and audit committee. |
Describe the risk response tolerate? | The exposure may be tolerable without any further actions needed. Also there may be nothing that can be implemented to reduce the risk or the controls needed are disproportionate to the potential benefit gain. |
Describe the risk response treat? | A many number if risk fit into this response to risk. The organisation will continue with the activity and implement action (control) to reduce the risk to acceptable level |
Describe detective controls? | The controls are designed to identify occasions when undesirable outcome have been realised. |
Describe the risk response transfer? | Risk that have low likelihood but high magnitude are often transferred to insurance or a third party to take some of the risk. this option is useful for financial risks and risks to assets. |
Where do BCP and DRP fit into the PCDD model? | It does not fit conveniently therefore they are often considered as a 5th control. |
Describe the risk response terminate? | Some risk will only be treatable or contained to an acceptable level if there are terminated. however, this is not always possible, these for example are statutory requirements placed in government agencies. if this is the case the a mixed of treatable and transfer controls will be introduced. |
What are three components are needed to define ERM comprehensively? | 1) The description of the process that underpins ERM 2)Identification of the outputs of the process 3)The impact (or benefits)that arise from those outputs |
What is the RIMS definition of ERM | ERM is a strategic business discipline that supports the achievement of an organisations objectives by addressing the full spectrum of risks it faces and manages the combined impact of the those risks as an interrelated portfolio |
What is the IIA definition of ERM? | ERM is a rigorous and co-ordinated approach to assessing and managing all risk that affect the organisations achievement of strategic and financial objectives |
Explain two ways in which an organisation might apply Risk Appetite? | - when making a decision on whether to pursue a specific business opportunity -When considering the level which should be set for escalating risk when their exposure increases |
What is the COSO definition of ERM? | ERM is a process, effected by an entity's board of directors, management and other personnel, applied in a strategy setting an d across the enterprise, designed to identify potential events that may affect the entity's, manage risk to be within its risk appetite and to provide reasonable assurance regarding the achievement of entity objectives. |
What is the IIA definition of ERM? | A rigorous and co-ordinated approach to assessing and responding to all risks that affect the achievement of an organisations strategic and financial objectives |
What are the 10 steps of implementing an successful ERM initiative? | 1. Identify intended benefits and gain board support 2. Plan the scope of the ERM and develop a common language 3. Establish the RM strategy, framework, and roles and responsibilities 4. Adopt suitable RA tools and agree a risk classification system 5. Establish risk benchmarks and undertake RA 6. Determine risk appetite and tolerance and evaluate existing controls 7. Evaluate effectiveness of exiting controls and introduce improvements 8. Embed risk aware culture and align RM with all other activities 9. Monitor and review risk performance 10. Report risk performance |
What is risk appetite? | ISO Guide 73 defines risk appetite as the amount and type of risk that an organisation is willing to pursue or retain. |
Why is risk appetite importance as a planning tool? | TCR calculations Strategic drivers, control guidance and operational constraints. |
What is the BS 31100 definition of Risk Appetite? | The amount and value an org is prepared to seek, accept or tolerate |
Explain what is risk appetite? | It is the value which an org, or its board are will to risk |
Explain what risk exposure is? | Risk exposure is the amount and value actually at risk in an organisation. This is something referred to as the total risk exposure |
Explain what is risk appetite? | It is the value which an org, or its board are will to risk |
Explain what risk capacity is? | Risk capacity is the capability of an organisation to take risk |
Describe the relationship between Risk Appetite, Risk Exposure, and Risk capacity | Risk appetite is the total value of the corporate resources that the board is willing to put at risk. The Risk Exposure is how much value is actually at risk. Risk capacity is the capability of an org to take risk. |
What is the interface between risk appetite and operations, projects and strategic | Risk appetite is different at different levels of the organisations, it could be a strategic driver, planning guide for tactics or a set of operational constraints |
Describe the 4Ts of hazard risk management? | 1. Tolerate for low likelihood/low impact risks. these sit within the comfortable zone on a matrix 2. Treat for high likelihood/low impact risk. These sit in the cautious/concern zone on a risk matrix 3. Transfer for low likelihood/high impact. these again sit in the cautious/concern zone of a risk matrix 4. Terminate for high likelihood/high impact. These sit in the critical zone on the risk matrix |
Describe the PCDD classification system? | 1. Preventative (terminate) eliminate or substitute the risk 2. Corrective (treat) barriers and guards to reduce the likelihood for the risk occurring 3. Directive (transfer) guidance and training 4. Detective (tolerate) detect when the risk has occurred. |
Möchten Sie mit GoConqr kostenlos Ihre eigenen Karteikarten erstellen? Mehr erfahren.