2 - The purpose and process of risk management

Question 1

What would be an example of an insurer’s ‘off balance sheet’ asset?

Answer 1

Intellectual property.

Question 2

A large international organisation has a written policy that states that no more than two board members can travel together by plane. What method of risk treatment is it using?

Answer 2

Non-physical risk control.

Question 3

Why do large organisations formally document their objectives in a strategic plan?

Answer 3

So that they can be communicated more clearly to employees.

Question 4

Mass travel is one example of a:

Answer 4

global social risk.

Question 5

The three KEY stages of the risk management process are:

Answer 5

identification, analysis and control.

Question 6

The reputational risks of an organisation are MOST influenced by which stakeholder group?

Answer 6

The media.

Question 7

Having developed a risk management philosophy and recorded this in a formal risk policy document, what is the next step in the risk management process?

Answer 7

Risk identification.

Question 8

An organisation’s structure for reporting and monitoring risks is called its risk:

Answer 8

architecture

Question 9

Is failure to continue service delivery is MOST likely to become business critical within minutes for an online travel company whose website goes down?

Answer 9

Yes

Question 10

A large insurer sells insurance directly to customers through its contact centre. If it has well established and effective risk management processes, the potential benefits to the company are:

Answer 10

quicker recovery in the event of a major fire in the contact centre.

Question 11

What are the four ways in which an organisation can transfer risk to another party?

Answer 11

Insurance, creating a separate funding mechanism, use of financial instruments and appropriate contract wording.

Question 12

Why does an organisation need to plan and manage risk management communications?

Answer 12

Planning and management are needed because various stakeholders require information about aspects of the organisation in different formats, if the risk of alienating them is to be avoided or reduced.

Question 13

If we completely understand a risk and its implications, what can we do

Answer 13

we can take steps to prevent causes, mitigate effects or break a link in the cause, events and effects chain.

Question 14

Risk management also includes

Answer 14

assessment of risks to decide which risks are worth management attention and to balance risks against corresponding opportunities.

Question 15

Does risk management processes remain the same even if organizations have different structures?

Answer 15

Yes

Question 16

Once a risk has been evaluated, how can it’s consequences be classified? (tol)

Answer 16

its consequences can be classified according to whether they can be tolerated, tolerated with financial compensation (insurance), or are totally unacceptable.

Question 17

Should Benefits and the value of risk management be felt at all levels and within all functions of an organisation.

Answer 17

Yes

Question 18

What should risk management activities include? The measurement of what?

Answer 18

the measurement of benefits, if possible in financial terms, to justify the use of resources and budgets.

Question 19

Do Organisations need to specify their objectives and communicate this to employees and stakeholders.

Answer 19

Yes

Question 20

Strategies and plans show how objectives are to be met. Risks must be considered at this stage to allow stakeholders to form an opinion of the likelihood that anticipated results will be achieved.

Answer 20

True

Question 21

Risks include anything with potential to threaten …

Answer 21

operations, assets and other responsibilities of an organisation.

Question 22

Risks arise from a variety of sources - all stakeholders are a source of risk. True?

Answer 22

True

Question 23

Organisations must protect themselves from damage or loss. This includes

Answer 23

safety of people, safety of assets, revenue and cash flows, legal obligations and delivery of promised goods and services.

Question 24

Do Organisations need to consider new and emerging risks

Answer 24

Organisations need to consider new and emerging risks

Question 25

Do International organisations have to manage global and political risks

Answer 25

Yes

Question 26

Risks with potential global impact can arise from

Answer 26

large-scale economic, environmental, social, technological or political events.

Question 27

Technology opens up new possibilities, but carries inherent risks, e.g.

Answer 27

data security. Cyber criminals have developed sophisticated tools.

Question 28

A clear, organisation-wide, risk management philosophy enables individual risk work to …

Answer 28

be done within a framework of long-term objectives and provides an effective
benchmark for local decisions and activity.

Question 29

A risk policy statement may be restricted to strategic objectives and policies or it may … (method)

Answer 29

go on into detail about methods and actual levels of risk acceptance.

Question 30

Risks must be formally identified and analysed in terms of their likely …

Answer 30

Frequency and potential impact

Question 31

Organisations have a number of choices available when setting out to control an unacceptable risk. …

Answer 31

They can retain the risk, reduce the risk down to acceptable levels or transfer the risk to insurers or other parties.

Question 32

Continuity planning is a process where

Answer 32

an organisation will anticipate an incident and prepares a plan to manage the consequences so that the incident does not threaten the survival of the organisation.

Question 33

Continuity plans can prepare for a whole range of incidents, such as

Answer 33

computer failure, product recalls, kidnap, terrorism, fire, weather damage, major fraud, aggressive media attention.

Question 34

Organisations do not stand still and neither do the environments they operate in. Consequently,

Answer 34

all our risk management processes must recognise and plan for change.

Question 35

Organisations must identify and adopt procedures for regularly updating …

Answer 35

regularly updating information and reviewing assessments and recommendations.

Question 36

All organisations must adopt some form of quality …

Answer 36

Control

Question 37

Organisations must establish effective internal controls to satisfy …

Answer 37

stakeholders of their ability to manage risk.

Question 38

What is the purpose of classifying risks? (tol)

Answer 38

To see whether they can be tolerated, tolerated with financial compensation
(insurance), or are totally unacceptable. This will lead to recommendations for
appropriate management action.

Question 39

List six benefits of effective risk management.

Answer 39

• compliance with legislation and iregulation;
• improved corporate governance (top management control);
• understanding (and therefore avoiding or reducing) operational risk;
• understanding risks associated with opportunities (and therefore better choices);
• improvements in both internal and external risk reports and communications
(increase in stakeholder satisfac:tion and possible decrease in cost of borrowing);
• avoidance of disasters;
• reduction in frequency of incidents;
• reduced cost of incidents;
• reduced insurance costs;
• increased likelihood of meeting organisation objectives;
• preservation of reputation;
• improved health and safety;
• quicker recovery from emergencies.

Question 40

When operations are outsourced, what risk question must be asked?

Answer 40

It is crucial to be clear whether risks inherent in the outsourced operation have been transferred or retained.

Question 41

What issues need consideration to protect an organisation against damage or loss?

Answer 41

• safety of people;
• safety of assets;
• revenue and cash flows;
• legal obligations;
• delivery of promised goods and services.

Question 42

What are the key elements of the risk management process?

Answer 42

• establish the context;
• identify risks;
• analyse risks;
• evaluate risks;
• treat risks;
• communicate;
• monitor and review.

Question 43

What are we looking for when we set out to analyse identified risks?

Answer 43

• Could it happen?
• How bad would the loss or damage be?
• How often could it happen?

Question 44

What choices are available to control unacceptable risks?

Answer 44

• retain the risk;
• reduce the risk down to acceptable levels; or
• transfer the risk to insurers or others.