Unit 5 Flashcards
H&T definition of risk culture
How people perceive, understand and manage risks
- It reflects the overall attitude of every component of management, it determines how individuals will behave in certain circumstances, and it defines how individuals feel obliged to behave in all circumstances =
IRM (2012) definition of risk culture
Values, beliefs, knowledge and understanding about risk shared by a group of people with a common purpose
What are the 5 indicators of a positive safety / risk aware culture?
L = leadership (promoting the risk aware / positive safety culture from the top)
I = involvement of staff
L = learning culture (lessons learnt and improvement made from mistakes)
A = accountability (not blame culture but one of accountability)
C = communication
IRm (2012) model to understand where risk culture comes from
ABC model
A = risk attitude. The chosen position of a individual or group towards risk, influenced by risk perception
B = behaviour. The observable risk-related behaviour / actions of individuals
C = culture. The values, beliefs, knowledge and understanding about risk shared by a group of people, with a common puirpose
Risk attitude
The long term view of an organisation to risk, defined by the 4 CS; comfortable, cautious, concerned and critical
Double S model
From the IRM risk culture paper, a model used to understand the wider organisational culture. It considers culture as having two dimensions;
- sociability = concerned with relationships and people focus
- solidarity = task orientated, based on goals.
Ideally a organisation should be a combo of the both as sociability encourages a common purpose and solidarity ensures risk controls are implemented effectively.
Risk Culture Aspects Model (IRM)
This model identifies 4 themes and is used as a standard/benchmark for measuring risk culture;
- Tone from the top (involvement of risk in leadership)
- Governance (clarity of accountability, timely information)
- Decisions (how well decisions are informed)
- Competency (risk resources, skills)
^if you have all of these then you have a good risk culture
4 principles of Risk Appetite
1 = acknowledging Inter connectedness. What is acceptable for one risk or another part of the business may not be the same for others
2 = Measurability. We need to be able to measure risk appetite to ensure a consistent view on what is acceptable
3 = Variability. There needs to be different appetites for different risks.
4 = Maturity. The maturing of ERM and the organisation will influence the appetite of risk
Risk universe
The full range of risks which could impact, either positively or negatively, on the ability of the org to achieve its long term objectives.
Risk capacity
H&T define it as the measure of how much risk an organisation should take or can afford to take
Risk bearing capacity
This is another phrase for how financially strong an org is.
Risk tolerance
IRM define it as the boundaries of risk taking outside of which the orgs is not prepared to venture in pursuit of its long term goals.
However, the key here is on ‘not prepared’ to venture but it can if it has to, depending on if it has the capacity to do so.
Therefore, it is the range between appetite and capacity. Where risks can be tolerated for a certain amount of time, while active risk management is being taken to bring it down to appetite.
Risk appetite
IRM define it as the amount of risk an org is willing to seek or accept in the pursuit of its long term objectives.
Stages of developing a risk appetite statement (H&T)
1) Identify stakeholders and their expectations
2) Define the org wide risk exposure
3) Establish the desired level of risk exposure
4) Define the range of acceptable volatility around each type of risk
5) Reconcile the current and desired risk appetite and tolerances
6) Formalise and ratify the risk appetite and communicate it
Risk capability / capacity
The ability to carry risks. Financial, infrastructure, reputation components influence this
