Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
154 Cards in this Set
- Front
- Back
What is a Control Risk? |
2- Introduction
Risks that can be controlled but still have a degree of uncertainty
e.g. Car servicing |
|
What is an Opportunity Risk |
2 - Introduction
Risks that can have a positive return
e.g. Investments, Bungy jumping
Pride, self esteem etc |
|
What is RMIS? |
124 - Risk Training & Communication
Risk Management Information Software |
|
What are the key componants of a succesful Risk Management framework?? |
3 - Introduction
RASP
Risk Architecture, Communications & Reporting Structure.
Strategy = Overall RM Strategy
Protocols = Guidelines and Procedures |
|
What is MADE 2? |
4 - Introduction
The reasons to undertake Risk Management
M = Mandatory reasons - regulatory obligations A = Assurance to the Board D = Decision making is helped E = Effectivness & Efficiency of operations |
|
What are the hallmarks of a successful RM initiative? |
5 - Introduction
Risk Management should be:
PACED
Proportionate = effort = the level of risk faced Aligned = to other activities with the company Comprehensive = Covers all aspects of Co Risk Embedded = within the company Dynamic = and changable according to changing risks. |
|
What would help prevent a repeat of the global financial crisis? |
8 - Introduction
1) Common processes, terminology & procedures for managing risks 2) Risk tollerencies are communicated understood and monitored 3) RM processes are incorporated into all key business processes and decisions. 4) Decisions are made on high quality risk information |
|
Name the RM Standards? |
3 - Introduction
IRM Standard - IRM BS31100 : 2011 - British COSO ERM Framework - American ISO 31000 - International Standard |
|
What is the IRM's definition of risk? |
13 - Approach to defining Risk
The combernation of the probability of an event and its consequence |
|
What is ISO 3100 - Guide 73's definition of Risk? |
Effect of uncertainty of objectives. An effect may be positive or negative or a deviation from the expected. |
|
What is the Orange Book from HR Treasury's definition of Risk? |
14 - Approach to defining risk
Uncertainty of outcome within a range of exposures arising from a combiniation of the impact and the probability of potential events. |
|
What is the Institute of Internal Auditors definition of Risk? |
14 - Approach to Defining Risk
The uncertainty of an event occuring that could have an impact on the achievement of the objectives. Risk is measured in terms of consequence and liklihood. |
|
What are the 3 categories of risk?
Give examples |
15 - Approach to defining Risk
Hazard (or pure) risk - Theft of fire
Control (or uncertainty) risk - Outcome of a project -
Opportunity (or speculative) risk - investment |
|
What things are required to fully describe a risk? |
17 - Approach to defining Risk
1 - Name of risk 2 - Statement of risk 3 - Nature of risk (timescales & potential impact) 4 - Stakeholders 5 - Risk Attitude, appetite, tollerence 6 - Liklihood & impact 7 - Control Standard 8 - Incident & loss experience 9 - Existing controls 10 - Responsibility for risk strategy 11 - Potential for risk improvements 12 - Improvement recommendations 13 - Owner of Improvements 14 - Responsibility for audit & compliance
|
|
Draw a simple heat map |
20 - Approach to Risk Management
Magnatude I I Low Liklihood I High Liklihood I High Magnitude I High Magnitude I I ------------------------------------------------------------------ I I I Low Liklihood I High Liklihood I Low Magnitude I Low Magnitude I I ------------------------------------------------------------------- Likelihood |
|
What improvements are achieved through a proactive management of risk? |
21 - Impact of risk
************ STOC ************
- STRATEGY - Better strategic decisions - TACTICS - Selection of tactics - OPERATIONS - identification of events - COMPLIANCE - will be enhanced
|
|
What is a hazard risk? |
risks that inhibit what an organisation is seeking to achieve.
CAN ONLY HAVE A NEGATIVE OUTCOME |
|
Whats the relationship between the level of risk and the anticipated reward? |
25 - Impact of Risk
Reward I I I Mature operation I Growth I I ------------------------------------------------------------- I I I Decline I Start up I I -------------------------------------------------------------- Risk |
|
What are the categories of operational dissruption? |
4P's
People - lack of absence, injury bad behaviour
Premises - inadequate, denial of access, breakdown of physical assets
Processes - Failure of IT hardware, hackers, viruses, comunication systems
Products - Poor product or service, delays, failure of O/S service supplier |
|
What are the 8R's and 4Ts of the risk management process? |
40 - Developing of RM
> Recognition of risk > Rating of risk > Ranking of risk > Responding to risk (Tolorate, Treat, Transfer, Terminate) > Resourcing controls > Reaction planning > Reporting on risk > Reviewing & monitoring |
|
What is the definition of ERM? |
44 - Development of RM
ERM is a strategic business decipline that supports the achievement of an organisations objectives by addressing the full spectrum of its risks and managing the combined impact of those risks as an interrelated portfolio |
|
What are the levels of RM sophistication? |
45 - Development of RM
Reform - awareness of non compliance Conform - Actions to ensure compliance Perform - Achieve business opportunities Deform - Inactivity caused by obsession |
|
Summaris RM approaches |
47 - Development of RM Management
Hazard management Retaining more insurable risks taking a holistic approach Control Management Must not squeeze entrepunerial spirit Strategic Planners recognise that RM tools can contribute to better decisions |
|
What is the bowtie representation of RM? |
Source Category Impact
Strategic Financial
Technical 4p's Infrasructure Description Operational Reputational
Compliance Marketplace |
|
What are the aspects of a successful RM initiative and framework? |
49 - Principles & aims of RM
***************PACED****************
Proportionate Aligned Comprehensive Embedded Dynamic |
|
What should RM deliver? |
50 - Principles and aims of RM
***********MADE**********
Madatory obligations Assurance regarding managment of risk Decisions that pay due regard to risk Effective & efficient core processes |
|
What should risk management tools set out to achieve? |
55
1 Hazard management
2 Control management
3 Opportunity management |
|
What is Hazard management? |
55
Restricting the financial cost of losses when a risk materialises
e.g. Insurance & risk control |
|
What is control management?
|
55
Reduces the range of possible outcomes from any event.
e.g. Financial controls |
|
What is Opportunity Management? |
55
Seeks to make a possitive outcome more likely and more substantial
> increasing revenue > Better value for money (non profit) |
|
Whats the difference between a RM standard and a RM framework? |
57
Standard sets out the overall approach to risk
Framework is the support to the process |
|
Define a RM process |
59 (see picture in book)
Strategic objectives Risk assessment (4Rs - RA, RI, RD, RE) Risk evaluation Risk reporting Decision (threats and opportunities) Risk treatment Residue risk reporting Monitoring
AUDIT> |
|
What are the three distinct approaches witin the various RM Standards? |
60
RM Approach ISO31000 BS31100 IRM Standards
Internal Control Approach COSO UK Turnbull Report
Risk Aware Culture Canadian Institute of Chartered Accountants (CoCo Framework) |
|
What is RASP? |
61 (See Picture)
Risk Archtecture, Risk Strategy & Risk Protocols
All forming part of the Risk Management Process |
|
What needs to go into a risk manual? |
62
Structure, responsibilities, administration, reporting and communication componants of risk management.
(IRM requirements) |
|
What is the CoSo cube? |
62ish - see picture
ERM framework produced by CoSo in 2004
> internal enviroment > Objective setting > Event identification > Risk assessment > Risk response > Control activities > Information & comunication > Monitoring |
|
What is the RM process from ISO31000 |
65 - see picture
Establishing the context Risk assessment Risk identification Risk analysis Risk evaluation Risk treatment
|
|
What is CoCo? |
65
Canadian Criteria of Control
Risk culture is the most serious consideration |
|
What are the CoCo headings used to evaluate the risk aware culture? |
65ish
1) Purpose, vision & mission 2) Commitment to integrity and ethical values 3) Capability, authorities and responsibilities 4) Learning & development of competence
|
|
What is COBIT? |
65ish
Control Objective for Information and Related Technology
> IT RM Standards |
|
What are the key RM guidelines to be documented? |
73
1) RM administration records 2) Risk response and improvement plans 3) Event reports and recommendations 4) Risk performance and monitoring reports |
|
What are the key componants of Risk Managment Architecture? |
74
> Committee structure & TOR > Roles & responsibilites > Internal reporting requirements > External reporting controls > Risk management assurance arrangements |
|
What are the key componants of a RM Strategy? |
74
> RM philosophy > Arrangements for imbedding RM > Risk appetite & attitude to risk > Benchmark tests for significance > Specific risk statements/policies > Risk assessment techniques Risk priorities for the present year |
|
What are the key components of risk management protocols?
|
74
> tools & techniques > risk clacification system > risk assessment procedures > risk control rules and procedures > responding to incidents, issues & events > Documentation and record keeping > training and communication > audit procedures & protocols > reporting disclosures and certification |
|
What should a risk manual contain? |
76
control objectives risk strategy description of control enviroment level and nature of acceptible risk RM organisation (Architecture) Arrangement for risk communication Risk recognition and rating techniques List of documentation (protocols) Risk Mitigation requirements Allocation of RM roles Criteria for monitoring and benchmarking risks Allocation of resources Risk priorities and performance targets Risk management calender for following year |
|
What are the key RM Protocols (guidelines) within a RM manual? |
77
> Risk assessment procedure > Risk control objectives > Risk resourcing arrangements > Reaction planning requests > Risk assurance systems |
|
What should a RM manual include regarding Architecture? |
78
> Board members responsible for RM > Language and risk perception > Framework for risk identification > Role of RM & GIA > TOR for management committees RM structure (Architecture) |
|
What needs to be clearly stated to embed a RM strategy within a company? |
79
1 Clear RM responsibilities 2 Development of RM strategy & standards 3 Implementation of agreed standards 4 Auditing compliance with agreed standards |
|
What are the key componants of establishing a organisational risk context? |
82 - See diagram
External context Internal context RM context - R Architecture - R strategy, R protocols |
|
What are the key factors of risk guidelines within the risk management manual? |
85
1 Financial & authorisation procedure 2 Insurance arrangements 3 managers control responsibilities 4 Project risk managment 5 Incident reporting & investigation 6 Event and reaction planning 7 Physical risk control objectives & responsibilities |
|
What RM records need to be kept by an organisation? |
85
RM administration Risk response and improvement plans Event reports & recommendations Risk performance and certification reports |
|
What are the benefits of records management? |
86
Reduced time looking for info Facilitates effective sharing of info Reduces duplication Identifies how long records need to be kept optimises legal admissibility Supports RM BCP |
|
What is the statutory obligations of Company Directors?
|
100
1 Acti in accordance with allocated responsibilities 2 Act in accordance with company constitution 3 Promote the success of the company 4 Exercise independant judgement 5 Exercise reasonable care, skill and dilligence 6 Avoid conflicts of interest 7 Not accept benefits from TPs |
|
What is the role of a NED? |
100
1 Strategy 2 Performance 3 Risk 4 Controls 5 People 6 Confidence 7 Independence 8 Knowledge |
|
What is the role of the disclosure committee? |
104
To chect the source and correctness of all information that is disclosed by the organisation
(triggered by SOX) |
|
Why is a RM committee only made up of the Exec with no NEDs? |
104
Management of risk is an Exec function & NEDs are purely responsible for audit risk assessment |
|
What are the three styles of RM? |
109
Hazard Management (total cost of risk 1980 insurance)
Control Managment (Internal Audit approach - 1990)
Opportunity Management (interface between RM & Strategy planning - 2000) |
|
What are the componants of a risk aware culture? |
110
LILAC
Leadership Involvement Learning Accountability Communication |
|
What are the four levels of risk maturity? |
117 - see picture
Level 1 Naive Level 2 Novice Level 3 Normalised Level 4 Natural |
|
What types of risk maturity approaches exist? |
CoCo - Canadian Criteria of Control EFQM - European Foundation for Quality Management |
|
What are good risk communication guidelines? |
122
Know your stakeholders simplify the language and presentation be objective communicate clearly and honestly deal with uncertainty be cautious when putting risks in perspective develop clear, concise and to the point messages answer questions |
|
What RM technical skills are required for planning RM strategy? |
128
Evaluate status develop strategy |
|
What rm technical skills are required to implement a RM acrchitecture? |
128
Design architecture Develop processes Build awareness |
|
What technical skills are essential with measuring RM performance? |
128
Facilitate assessments Evaluate controls Improve controls |
|
What technical skills are associated with learning from RM experience? |
128
Evaluate framework Design report |
|
What are the key people skills for RM practitioners? |
130
1 Communication 2 Relationship 3 Analytical 4 Management |
|
What are the 5Cs of communication? |
133
1 Clear message 2 Concise message 3 Coherant message 4 Credible message 5 Complete message |
|
What is the standard for risk assessment techniques? |
143
ISO31010
Risk Management & Risk Assessment Techniques |
|
What are the main techniques for risk assessment? |
143
Questionaires and checklists Workshops and brainstorming Inspections & audits Flowcharts and dependancy analysis |
|
What are the advantages and dissadvantages of questionaires and checklists for assessing risk? |
144
Advantages Consistent structure Greater involvement
Dissadvantages Rigid approach Risks may be missed Questins based upn historical knowledge |
|
Whats the advangtages and dissadvantages of inspections and audits for assessing risk? |
144
Advantages Physical evidence forms basis of opinion Audit approach results in good structure
Dissadvantages Inspections most suitable for hazard risks Audit approach focusses on historical exposure |
|
Whatss the advantages and dissadvantages of flowcharts & dependancy analysis for assessing risk? |
144
Advantages Useful output that may be used elsewhere Better understanding of process
Dissadvantages Difficult to use for strategic risk Detailed and time consuming |
|
Whats the dissadvantages and dissadvantages of workshops and brainstirming for assessing risks? |
144
Advantages Consolodated opinions Idea generating
Dissadvantages Senior management dominant Issues missed if wrong people involved |
|
What is a SWOT analysis of risk? |
145
Strengths Weaknesses Opportunities Threats
Strenghts Linked to strategic desisions
Weaknesses not structured, risks could be missed |
|
What is the PESTLE approach to risk analysis? |
145
Political Economic Social Technological Legal Ethical
Good for brainstorming workshops |
|
What are the 4C's? |
149 - see diagram
Relates to the risk attitude of an organisation and attaches to a risk appetite matrix.
Critical Zone Concerned Zone Cautious Zone Comfprt Zone
|
|
What are the key measures of risk impact? |
151
Measures based upon the effects on
Finances Infrastructure Reputation Marketplace |
|
How do you mitigate and manage risks? What are the key sources of risk? |
51
By reviewing STOC
1 Strategy 2 Tactics 3 Operations 4 Compliance |
|
What is the PESTLE risk classification system? |
159
Used to classify risks as part of a SWOT analysis
Political Economic Socialogical Technological Legal Enviroment & Ethical
Most applicable to Hazard risks |
|
What are the advantages of PESTLE? |
159
1 Simple 2 Facilitates wider business understanding 3 Ecourages external strategic thinking 4 Anticipates business threats 5 Helps idendify actions to avoid 6 Helps with business opportunities |
|
What are the disadvantages of PESTLE? |
159
1 Oversimplifies the amount of data required for decisions 2 Needs to be undertaken regularly 3 Requires different people with differrent perspectives 4 Access to external data sources is timely & expensive 5 Difficult to anticipate developments 6 Risk of capturing to much data clouding priorities 7 Can be based on unfounded assumptions |
|
How are risk responses placed in a graph?
4Ts of Hazard management |
165 - see diagram
impact v liklihood graph
Tolorate Treat Terminate Transfer
|
|
What are the three levels of risk that are important on a risk matrix? |
165
1 Inherent risk 2 Residual (Current) Risk 3 Target risk |
|
What are the benchmark tests for risk significance?
e.g. Risks to be included within risks register |
167
Financial - Impacts Balance sheet 0.25%, P&L impact 2.5%
Intrastructure - 1/2 day disruption, increase cost of operation >10% budget
Reputational - Share price drop 10%, event on TV or is in the press
Marketplace - Impacts balance sheet 0.5% turnover, P&L impact of 1% |
|
What are the 4 types of hazard controls? |
175
1 Preventative 2 Corrective 3 Directive 4 Detective
PCD2 |
|
What is the definition of the upside of risk? |
179
The benefits obtained from taking the risk are greater than any benefit that would have resulted from not taking it. |
|
What is the riskyness index? |
182
Its a method of measuring and excallating risk and quatifying the total risk to an organisation by forming a consolodated risk exposure.
Takes FIRM and asks a set of questions rated 1 - 5 |
|
Where are the definitions of BCP? |
190
A holidtic process that identifies potential threats to an organisation and the impacts to busiess operations that those threats if realise might cause, and which provides a framework for building organisational resilience with the capacity for an effective response to safeguard the interests of its key stakeholders, reputation, brand and value creating activities |
|
Whats the difference between a disaster recovery plan and a crisis management plan?
|
DR = Plans to restore infrastructure
Crisis = External Stakeholders |
|
Whats the difference between BCP & Disaster recovery?
|
DR = Primary damage limitation
BCP = Cost containment |
|
What are the 3 componants of BCP?
|
1 Disaster recovery plan
2 Crisis management
3 Business continuity |
|
Whats is the standard for Business Continuity Management?
|
ISO 22301 (2012)
1 indentify risk factors 2 understand needs and obligations 3 establish maintain and implement BCM 4 Measure overall capability to manage 5 guarantee conformity with BCP |
|
What are the key activities in BCP planning?
|
1 Assess company activities (staff, proceedures, equipment) 2 Indetify suppliers and resources 3 What to do if building is inaccessible 4 Identify necessary actions for business critical functions (payrole etc) 5 Decide who tests Define crisis management procedures 6 Co-ordinate with utility suppliers 7 Review plans annually |
|
What is the ISO22301 accepted model for BCP?
|
194
1 understand your business 2 BCM advantages 3 Exercise and plan maintanance 4 Establish continuity culture 5 Develop the response |
|
What are the overriding principles for a successful BCP?
|
194
Comprehensive Cost-effective Practical Effective Maintained Practised |
|
How do you ensure that an adequate BCP is in place?
|
Perform a business impact analysis (BIA)
|
|
What are the three clear purposes of a BIA
|
197
Buisiness Imppact Analysis
1 Identify Mission critical activities
2 Establish impact potential and resource requirement for recovery within timescale
3 Determine if impact is within the risk appetite as basis cor strategy |
|
Whats the similarity between ERM & BCP?
|
198
ERM - Focus on core process risk
BCP - Maintainance of critical business functions |
|
What are the key features of an ERM Approach?
|
206
1 Encompass all areas of organisational exposure to risk 2 Prioritise those risks 3 Evaluate internal/external systems, circumstances & stakeholders 4 Recognise corralation 5 Structured process for management 6 Embedded 7 Provides framework for strategy 8 Provides means of communicating risk 9 Supports internal audit 10 Views ERM as a competitive advantage |
|
Whats the RIMS definition of ERM
|
207
ERM is a strategic business disapline that supports the achievement of organisations objectives by addressing the full spectrum of risks and managing the combined impact of those risks as an interrelated portfolo |
|
What are the benefits of ERM?
|
209
FIRM
Financial Infrastructure Reputational Marketplace |
|
What are the three objectives of ERM in the financial sector?
|
210
1 Improving capital
2 Supporting financial decision making
3 Building investor confidence |
|
What are the key componants required to embedd ERM?
|
212
LILAC
Leadership Involvement Learning Accountability Communication |
|
What are the stages in developing a risk appetite statement?
(1 - 3) |
221
1 Identify stakeholders and their expectations making reference to the possible range of stakeholders
2 Define the company wide risk exposure through an analysis of strategy, tactics, operations and compliance as set out in the risk register
3 Establish the desired level of risk exposure that will lead to a risk appetite statement with qualitative and quantitive statements |
|
What are the stages in developing a risk appetite statement?
(4 - 6) |
4 Define the range of acceptable volitility or uncertainty around each of the types of risk leading to a statement of acceptable tollerences
5 Reconcile the risk appetite risk tollerences with the current level of risk exposure and plan actions to bring exposure on line with appetite
6 Formalise & ratify a risk appetite statement and communicate & implement. |
|
What is the EM3 approach to STOC?
|
224
Embrace opportunity (strategy)
Manage Uncertainty ( Tactics)
Mitigate Hazards (Operations)
Manimise compliance (Compliance) |
|
What are the likely responses to the degree of riskon a risk matrix?
|
228
4Ts
Tollorate (Detective) Treat (Corrective) Terminate (Preventative) Transfer (Directive) |
|
What are the 4A's of Project risk management?
|
234 - Picture
Accept (the uncertainty) Adapt (proceedures and controls) Avoid (the uncertainty) Adopt (contingency plans) |
|
What are the 4E's of opportunity risk?
|
235 (picture)
Exist Explore (entrepenariial opportunities) Exit (dependant of appetite) Exploit (opportunity) |
|
What is PCDD?
|
240
Types of risk controls
Preventative (Hazard risks - Fraud) Corrective (limits the scope for loss) Directive ( providing of instructions) Detective (Identifying undesirable outcomes) |
|
What methods are available for minimising fraud?
|
250
1 improve recruitment procedure 2 Reduce the motive 3 reduce the tangable assetts 4 Minimise opportunity 5 Increase supervision 6 Improve financial controls and MI 7 Improve detection of fraud 8 Improve record keeping |
|
What are the key historical liabilities?
|
251
1 Mesothelioma
2 Pension risks - final salary shortfalls |
|
In terms of IT security what is
Cold start facility Warm start facility Hot start facility |
255
Cold start - Mo data preloaded
Warm start - Something between hot and cold
Hot start - Complete duplicate facility |
|
are the risks around HR?
|
255
Employee engagement & termination Legislative & regulatory compliance Recruitment, retention and skills availability Pensions arrangements Performance & absense arrangements Health & safety |
|
How can damage to a brand occur?
|
256
Change to government policy Change to marketplace New entrance to market Price and specification competition Fake goods Inappropriate franchise behaviour Failure of sponsor or joint ventre |
|
What is the phases involved in learning from business activities called?
|
260
PDCA
Plan Do Check Act |
|
What are the reasons why companies buy insurance?
|
265
1 Mandatory, legal and contracural
2 Balance sheet/P&L protection
3 Employee benefits/ protection of employee assets |
|
When a company looks to buy insurance, what things do they need to consider?
|
267
6C's
Cost Coverage Capacity Capabilities Claims Compliance |
|
What are the advantages of a captive insurance company?
|
271
1 Savings may be achieved by lower priums
2 Captive insurers can gain access to reinsurers
3 Greater risk awareness
4 Greater coverage can be afforded
5 Tax benefits |
|
What are the disadvantage of Captive insurance?
|
272
1 Captive exposed to claims
2 Allocation of capital by parent
3 Large losses impact parent balance sheet
4 Business in other terretories would be non admitted
5 Admin costs of captive management |
|
What committees should be setup for good corporate governance?
|
278
Risk Management Committee Audit Committee Disclosures committee Nominations committee Remuneration committee |
|
What is the purpose of corporate goverance?
|
1 - Facilitates accountability and responsibility for efficient and effective performance and ethical behaviour
2 To protect executives & employees in understanding the work they are required to do
3 - Ensure stakeholders confidence in the ability of an organisation to identify and achieve outcomes that its stakeholders value. |
|
What is the definition of Corporate Governance?
|
278
The system by which organisations are directed and controlled. |
|
What is the OECD?
|
278
Organisation for Economic Co-operation & Development
helping governments table economic & social & governance challenges of a globalised economy. |
|
What are the 6 principles of corporate governance set up by the OECD?
|
279
1 Effective corporate governance framework 2 Rights of stakeholders 3 Equitable treatment of shareholders 4 Role of stakeholders in corporate governance 5 Discosure and transparancy 6 Responsibilities of the Board |
|
What is the British Standard for Corporate Goverance?
|
279
BS13500: 2013
Code of practise for delivering effective governance of organisations |
|
hat are the areas of Board responsibility as defined by the London Stock Exchange?
|
281
1 Strategic thinking,planning and implementation 2 Corporate social responsibility 3 Effective management of risk 4 Audit and risk assurance 5 Full and accurate disclosure |
|
Under the LSE governance framework what are the Board member responsibilities, obligations and rewards?
|
280
1 Board membership 2 Board accountability 3 Board delegation of authority 4 Board remunuration |
|
is the role of a NED?
|
1 Uphold ethical standards 2 support Exec 3 Monitor Exec conduct 4 Question, debate & chalange 5 Listen to views 6 Gain trust of the Board 7 Promote high standards of governance 8 Seek compliance with Governance code |
|
What is a Board with combined Exec and NEDs called?
What is a Board with just NEDs called? |
Unitary Board
Supervisory Board (ussually has an Exec committee reporting to it) Two tier board |
|
Where will you mostly find two tier Board structures?
|
285
Charities
Puublic sector organisations |
|
What key area of responsibility is not ussually delegated by the Board?
|
287
Risk appetite |
|
What issues need to be considered when evaluating the effectivness of the Board?
|
286
1 Membership & structure 2 Purpose and intent 3 Involvement and accountability 4 Monitoring & review 5 Performance and impact |
|
What are the levels of expected governance for risk?
|
288
1 Direct responsibility for control of risk
2 The integrity of the RM Framework
3 Provision of independant assurance and challange |
|
What is a Stakeholder?
|
289
A person or group concerned with, effected by, or percieving themselves to be effected by an organisation
Customers, staff, financiers, suppliers, regulators & society |
|
What are the classification of core processes under BS31100?
|
292 STOC
Strategic - future direction of the business
Tactical - turning strategy into action
Operational - Day to day operations (Peope, IS, H&S & BCP)
Compliance - meeting regulatory expectations |
|
What type of risks are associated with the Basel II definition of operational risk?
|
298
1 internal/external fraud 2 Employment practises and workplace safety 3 Clients, projects and business practise 4 Damage to physical assets 5 BCP & System failures 6 Process management failure |
|
What are the 10 principles of sound practise on operational risk as put forward by Basel II?
|
300
1 Board responsible for strategy 2 Seniour management for implementation 3 Established information and escallation flows 4 identification of Opererational risks 5 Process for indentifying Operational risk 6 Systems to monitor Operational risk 7 Operational risk policies to be in place 8 Supervisors to require banks to have systems 9 Supervisors to independantly audit 10 Public disclosure to public and shareholders |
|
What are the 3 Basel II approaches to measuring operational risk?
|
301
Basic Indicator Approach Value of Ops risk capital using single indicator for overal risk exposure
Standard Approach Value of Ops risk using broad financial indicator x Ops loss experience
Advanced approach Internal loss data x quantitive and qualitative measure to calculate Ops risk |
|
What are the responses to project risk?
|
309 4A's
Accept the risk of uncertainty Adapt activities & procedures Adopt contingency plans Avoid the risk of uncertainty |
|
What is an appropriate Project Bow Tie?
|
311 - see picture
STAGE OF PROJECT Inception Planning Executive Closure
UNCERTAINTIES
IMPACT Quality Cost Time Compliance |
|
What is PRAM?
|
315
Project Risk Analysis Management A continuous set of PM activities
1 Feasability - low cost change 2 Sanctions - review risk exposures 3 Tendering - ensure all risks identified 4 Post Tender - assure all risks identified 5 During Implementation - liklihood of completion to cost and timescale |
|
What are the key elements of designing effective internal controls?
|
337
Maintanance of reliable systems
Timely preperation of reliable information
Safeguarding of assets
Optimum use of resources
Preventing and detecting fraud & error |
|
t is the IIA definition of Internal Controls?
|
338
A set of processes, functions, activities subsystems and people who are grouped together or conciously segregated to ensure the effective achievement of objectives and goals |
|
the CoCo criteria of control framework?
|
340 - see diagram loop
Purpose (direction) Monitoring & learning (evolution) ACTiON Capability (compliance) Commitment (values)
|
|
What is the CoCo definition of Internal Control?
|
338
All the elements of an organisation that taken together support people in the achievement of the organisations objectives. The elements include resources, systems processes, culture, structure & tasks. |
|
What are the responsibilities of the Audit committee?
|
347
External audit
Internal audit
Financial reporting
Regulatory reports |
|
What are the sources of Risk Assurance
|
350
Culture measurrment (CoCo & COSO Framework)
Audit reports
Unit reports
Performance of the unit
Unit documentation (Policies, BCP etc)
|
|
What is a CRSA?
|
351
Control Risk Self Assessment
(2005 Turnbill report - appendix) |
|
Succesful management of risk depends on what risk based outputs?
|
354 - MADE2
Mandatory (laws, customs & standards)
Assurance (for management team and stakeholders)
Decision Making (Based on MI)
Effective core processes |
|
What are the key componants of the Business Model?
|
374
Customer
Offering
Resource
Ethos
Sustainable |
|
What are the scope of issues covered by CSR?
|
378
Corporate Social Responsibility
1 Health & Safety 2 Employees 3 Customers 4 Enviroment 5 suppliers 6 Community 7 Products & services |
|
What are the four main componants of reputation?
|
382 - Spider diagram
1 Capabilities (purpose, resource) 2 Activities ( Process, Financies) 3 Standards (Services/products) 4 Ethics (values, integrity) |
|
How do you achieve succesful ERM?
|
388
1 Engage senior management, Board & Exec 2 Establish an independant ERM Function 3 Establish Risk architecture 4 Create risk classification system 5 Develop a risk aware culture 6 provide written procedures and risk appetite 7 Agree monitoring and reporting assessment 8 Undertake a risk assessment 9 Integrate ERM into planning processes 10 Deliver measurable benefits |