Created by helen_woolford
over 11 years ago
|
||
Question | Answer |
Describe the Risk Architecture | It is the RM structure of an organisation, it sets out the lines of communication for reporting risk management issues and events. it reinforces the responsibility for manging risk remains with the owner |
Describe the importance of the protocols that should be followed in the RM policy | Protocols support management in understanding how to undertake RM activities |
What is the most important component of the RASP? | The Risk Management policy |
What is the relationship between RA+S+P? | The RASP makes up the RM context, as described in AS4360 and ISO 31000 |
Describe a risk response and improvement plan document | A Risk Register |
Describe a event report and recommendation document? | Incident investigation and subsequent action plan |
Describe a risk performance and monitoring report? | Internal or external audit report |
What are the key features of the risk architecture? | Committee structure and ToRs Role and responsibilities Internal reporting requirements external reporting requirements RM assurance arrangements |
Listed some of the RM responsibilities for the specialist RM function | Assist the org in establishing specialist risk policies Keep up to date with developments in specialist area Support investigations of incidents and near misses prepare detailed reports on specialist areas |
What are the key features of the RM strategy? | RM philosophy Arrangements of embedding RM Risk appetite and attitude to risk Benchmark test for significance Specific Risk statements/policies RM techniques Risk priorities for the present year |
What should be included in the RM manual? | See pg 76 |
Listed some of the RM responsibilities for the internal audit manager | Develop an risk based audit programme audit the risk processes across the org Provide assurance on the management of risk Support and help develop the RM processes Report on the efficiency and effectiveness of internal controls |
Describe the RM strategy? | The RM strategy is the overall approach of the org to risk and risk management. it will establish the way in which RM activities are aligned with other activities in the org and the contribution that is expected from RM activities |
Listed some of the RM responsibilities for the internal audit manager | Develop an risk based audit programme audit the risk processes across the org Provide assurance on the management of risk Support and help develop the RM processes Report on the efficiency and effectiveness of internal controls |
Describe the RM protocols? | The RM protocols describe the range of activities that are undertaken in the name of risk management |
Explain the relationship between the three contexts | Draw a diagram and explain like fig 7.1 |
Define a risk register? | The ISO Guide 73 states a risk register is a "document used for recording RM process for identified risks. |
What are the key features of RM protocols? | Tools and techniques risk classification system RA procedure Risk control rules and procedures Responding to incidents Documentation and record keeping Training and communication Audit procedures and protocols Reporting/disclosure/certification |
What is GRASP? | Guardian of the Risk Architecture, strategy and protocols. This is the role of the risk manager |
What is the purpose of a risk register? | ISO Guide 73 states it purpose is to facilitate ownership and management of each risk |
Explain the three lines of defence model | The first line is the RM responsibilities of the CEO, location managers and individual employees Second line of defence is the risk manager and specialist RM functions The third line of defence is the internal audit manager |
Draw a RM architecture for a large corporation | See figure 9.1 |
Define risk owner | The ISO guide 73 states that it is "a person with authority and accountability to make the decision to treat, or not to treat a risk" |
Draw a RM structure for a charity | See figure 9.2 |
Explain the styles of risk management? | Hazard Management- insurance approach Control Management- Internal control approach Opportunity management- RM and strategic planning |
Define LILAC | Leadership- strong leadership within the org in relation to strategy, projects and operations Involvement- of all stakeholders in all stages of the RM process Learning- Emphasis on training in RM procedures and learning from event Accountability- Absence of an automatic blame culture, but appropriate accountability for actions Communication- Communication and openness on all RM issues and the lesson learnt |
Describe the 4N's of risk maturity? | Level 1: Naïve Level 2: Novice Level 3: Normalised Level 4: Natural |
Describe some RM guidelines? | Risk assessment procedures Risk control objectives Risk resourcing arrangements Reaction Planning requirements Risk assurance system |
List some of the responsibilities of the RM committee | Advise the board on RM Foster a culture that emphasises and demonstrate the benefits of RM Make recommendations to the board on all significant risk matters Monitor the performance of the RM systems and review reports Keep under review the risk infrastructure of the org review the risk exposure of the org in relation to risk appetite and risk capacity Develop RM |
Why is training important? | To ensure a consistent response to risk |
Explain the advantages and disadvantages of RMISs | Advantages: Useful when risks are complex and there is a large amount of data needed They can record the exposure data and can analysis the data captured Disadvantages: Cost of developing can exceed benefits Difficult to explain the value of loss prevented by RMIS Does not offer an assured, immediate expense reduction |
What is the ISO definition of a risk register? | A document used for recording risk management process for identified risk. The purpose of a risk register is to facilitate ownership and management of each risk |
List some of the RM responsibilities of the CEO | Determine strategic approach to RM Establish a structure for RM Understand the most significant risks Consider the risk implications if poor decisions Manage the organisation in a crisis |
Listed some of the RM responsibilities for the local manager | Build a risk ware culture agree RM performance targets Evaluate report from employees on RM matters Ensure implementation of risk improvement recommendations Identify and report changed circumstances/risk |
Listed some of the RM responsibilities for the employees | Understand, accept and implement RM processes Report inefficient, unnecessary or unworkable controls Report loss events and near miss incidents Co-operate on incident investigations Ensure visitors and contractors comply with procedure |
Listed some of the RM responsibilities for the risk manager | Develop the RM policy and keep it up to date Facilitate a risk aware culture Establish internal risk policies and structures Co-ordinate the RM activities Compile risk information and prepare reports for the board |
What is RASP | Risk Architecture Strategy Protocols |
What types of RM documentation will need to be kept? | RM administration records Risk response and improvement plans Event reports and recommendation Risk performance and Monitoring reports |
What are the main sections of the RM policy? | It will set out the overall strategy of the organisation towards RM. Define RM roles and responsibilities. Set out the protocols that should be followed. |
Describe the important of the overall strategy part of the RM policy? | This sets out the RM philosophy. arrangements to embed RM, the risk appetite and attitude and risk prioritise for the coming year. |
The types of RM documentation that will need to be kept include? | - RM administration records - Risk response and improvement plans: -Event reports and recommendations -Risk performance and monitoring reports |
Describe the importance of the roles and responsibilities of the RM policy? | The first line of defence with RM, sets of the structure in regards to reporting risk |
Want to create your own Flashcards for free with GoConqr? Learn more.