Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

ERM > Case Studies > Flashcards

Case Studies Flashcards

(11 cards)

Start Studying
1
Q

Case Study 1

Foods Company owns a cold storage warehouse for storing frozen foods prior to delivering them to supermarkets. Established in 1999, Foods employs 30 staff.

Goods received are stored on pallets and stacked in chiller units or freezer compartments. Temperatures in the cold storage units range from –5 degrees in the chiller units to –30 degrees in the freezer units. The warehouse has a good sprinkler system with a regular maintenance programme in place.

An accident book is kept on site. Normally there are only a few minor injuries recorded but two employees have reported sick in the last month and were subsequently diagnosed with asthma, potentially caused by the dry atmosphere when working in extreme cold temperatures.

A weekly meeting takes place on site between the site manager and the health and safety manager to discuss risk management matters. The agenda for today’s meeting is risk assessment focusing on health and safety hazards.

Question: Which risk for this warehouse could be classified as an inherent risk?
Staff being exposed to cold conditions after failing to wear protective clothing
Accidentally being shut in a freezer cabinet.
Sprinkler systems failing to operate

A

An inherent risk is one that is measured and assessed before controls to minimize its impact are taken into account making B the correct option.

In the other two cases controls have been put in place to reduce the inherent risk.

The correct answer is: Accidentally being shut in a freezer cabinet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Case Study 1

Foods Company owns a cold storage warehouse for storing frozen foods prior to delivering them to supermarkets. Established in 1999, Foods employs 30 staff.

Goods received are stored on pallets and stacked in chiller units or freezer compartments. Temperatures in the cold storage units range from –5 degrees in the chiller units to –30 degrees in the freezer units. The warehouse has a good sprinkler system with a regular maintenance programme in place.

An accident book is kept on site. Normally there are only a few minor injuries recorded but two employees have reported sick in the last month and were subsequently diagnosed with asthma, potentially caused by the dry atmosphere when working in extreme cold temperatures.

A weekly meeting takes place on site between the site manager and the health and safety manager to discuss risk management matters. The agenda for today’s meeting is risk assessment focusing on health and safety hazards.

Question: What corrective action could the two managers consider to reduce the likelihood of more staff going off sick with asthmatic conditions?

Reduce the length of time staff are exposed to cold conditions
Increase training about the use of protective clothing
Provide staff with a booklet on keeping warm

A

A corrective action or control is one that reduces the inherent level of risk to one within appetite which is option A. The other options are examples of directive controls.

The correct answer is: Reduce the length of time staff are exposed to cold conditions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Case Study 1

Foods Company owns a cold storage warehouse for storing frozen foods prior to delivering them to supermarkets. Established in 1999, Foods employs 30 staff.

Goods received are stored on pallets and stacked in chiller units or freezer compartments. Temperatures in the cold storage units range from –5 degrees in the chiller units to –30 degrees in the freezer units. The warehouse has a good sprinkler system with a regular maintenance programme in place.

An accident book is kept on site. Normally there are only a few minor injuries recorded but two employees have reported sick in the last month and were subsequently diagnosed with asthma, potentially caused by the dry atmosphere when working in extreme cold temperatures.

A weekly meeting takes place on site between the site manager and the health and safety manager to discuss risk management matters. The agenda for today’s meeting is risk assessment focusing on health and safety hazards.

Question: To ensure staff are complying with health and safety standards in the warehouse, which directive controls could be implemented?

  1. Supply protective suits for staff to wear to provide extra warmth in the freezer units.
  2. Issue requirements regarding the wearing of protective suits clothing.
  3. Require staff working in the storage units to complete checklists and worksheets daily.
  4. Health monitoring of warehouse staff.

1 and 2
1 and 4
2 and 3

A

Directive controls include documented procedures that staff are required to comply with, in this case wearing protective clothing and completing checklists and worksheet.

In this context, supplying protective clothing is an example of a corrective control and health monitoring an example of a detective control.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Case Study 2

Venture Oil Plc is an international oil company. It is planning to commence drilling for oil deposits in the Arctic and oil rigs are being transported to the drilling sites. Contractors will be employed to provide services such as specialist engineering, catering and helicopter transport.

Five years ago Venture Oil embarked on a previous oil drilling project in the Arctic but this did not go well. Their oil rig ran aground in severe weather. In addition, contractors employed by Venture contravened environmental and health and safety regulations and the contractor had to pay multi-million dollar fines.

An environmental group has launched a media campaign against the Arctic drilling. A number of competitor companies have indicated to the press that they have no current plans for Arctic drilling due to the risks involved.

Venture Oil’s board of management has decided to invest in the Arctic project for the following reasons:

  1. To pursue a business opportunity that their competitors are unwilling to undertake.
  2. In light of their previous experience they believe they understand and can manage all the risks.
  3. Risk management techniques will reduce the uncertainty or volatility of the outcome therefore costs can be predicted more accurately.
  4. The return on investment exceeds their minimum return requirements.

Question: Based on the Board’s reasons to invest in the Arctic project, which of the following would be valid in the context of upside risk?
1 and 2
2, 3 and 4
1, 3 and 4

A

Upside of risk can have many definitions; in simple terms it is achieved when the benefits obtained from taking risk are greater than any benefit that would have resulted from not taking it.

Options 1, 3 and 4 means the benefit obtained from investing in the Artic project is greater than not investing.

Option 2 does not fit upside of risk.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Case Study 2

Venture Oil Plc is an international oil company. It is planning to commence drilling for oil deposits in the Arctic and oil rigs are being transported to the drilling sites. Contractors will be employed to provide services such as specialist engineering, catering and helicopter transport.

Five years ago Venture Oil embarked on a previous oil drilling project in the Arctic but this did not go well. Their oil rig ran aground in severe weather. In addition, contractors employed by Venture contravened environmental and health and safety regulations and the contractor had to pay multi-million dollar fines.

An environmental group has launched a media campaign against the Arctic drilling. A number of competitor companies have indicated to the press that they have no current plans for Arctic drilling due to the risks involved.

Venture Oil’s board of management has decided to invest in the Arctic project for the following reasons:

  1. To pursue a business opportunity that their competitors are unwilling to undertake.
  2. In light of their previous experience they believe they understand and can manage all the risks.
  3. Risk management techniques will reduce the uncertainty or volatility of the outcome therefore costs can be predicted more accurately.
  4. The return on investment exceeds their minimum return requirements.

What are the responsibilities of the Board?
To establish the risk management strategy for protecting the oil rigs.
Overall responsibility for risk management.
Evaluating the accuracy of risk reporting on this project.

A

One of the historical roles of an insurance risk manager is to establish the risk management strategy for protecting company property and people. This is not the responsibility of the Board. Option A is incorrect.

It is the Board that has overall responsibility for risk management, regardless of size or sector. As an example, in charities this is the trustee Board. Option B is correct.

The evaluation of risk reporting accuracy which can provide assurance on the management of risk on the project is the responsibility of the internal auditors and not the Board. Option C is incorrect.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Case Study 2

Venture Oil Plc is an international oil company. It is planning to commence drilling for oil deposits in the Arctic and oil rigs are being transported to the drilling sites. Contractors will be employed to provide services such as specialist engineering, catering and helicopter transport.

Five years ago Venture Oil embarked on a previous oil drilling project in the Arctic but this did not go well. Their oil rig ran aground in severe weather. In addition, contractors employed by Venture contravened environmental and health and safety regulations and the contractor had to pay multi-million dollar fines.

An environmental group has launched a media campaign against the Arctic drilling. A number of competitor companies have indicated to the press that they have no current plans for Arctic drilling due to the risks involved.

Venture Oil’s board of management has decided to invest in the Arctic project for the following reasons:

  1. To pursue a business opportunity that their competitors are unwilling to undertake.
  2. In light of their previous experience they believe they understand and can manage all the risks.
  3. Risk management techniques will reduce the uncertainty or volatility of the outcome therefore costs can be predicted more accurately.
  4. The return on investment exceeds their minimum return requirements.

Specialist engineers have designed equipment to detect minor oil leaks in the early stages. This is an example of:
Loss prevention.
Damage limitation.
Cost containment.

A

Loss prevention is about reducing the likelihood of an adverse event occurring. Damage limitation is a measure for ensuring that only limited damage occurs. Cost contamination occurs when despite efforts to loss prevention and damage limitation there will still be a need to contain the cost of the event.

Based on these definitions Option B is correct.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Case Study 3

Markers International Ltd, is a business advisory consultancy with its head office in London and 20 additional offices throughout Africa, Asia, Caribbean and Europe. It has decided to implement an ERM process. Risk reporting is not communicated to the Board and they have not shown any interest in the ERM process.

A new Chief Risk Officer (CRO) was employed, based in the London headquarters, and responsible for the implementation of ERM throughout the business, including international offices.

After an initial review, the CRO has recommended that training, tools and techniques be provided to ensure everyone can comply with the risk management strategy and framework. Following this recommendation, management are trying to understand the role of the CRO.

The CRO wants to embed risk management throughout the organisation and is seeking guidance on further actions and responses. The Board is seeking assurance that risk management is developing and will continue to be embedded.

As part of the review, which of the following could have assisted the CRO in determining the level of risk the organisation faces in the marketplace, if applying the FIRM scorecard?
Enforcement action made by the regulator.
Changes in the global economy and impact on consumer spending.
Production disruption due to supplier problems.

A

Regulator enforcement causes loss of public confidence and is part of the R – reputational FIRM risk scorecard. This means option A is incorrect.

Changes in the global economy and impact on consumer spending are an example of a significant risk to the economic health of the marketplace. Option B is correct.

Disruption due to supplier will impact the product which is the Infrastructure part of the FIRM risk scorecard. Option C is also incorrect.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Case Study 3

Markers International Ltd, is a business advisory consultancy with its head office in London and 20 additional offices throughout Africa, Asia, Caribbean and Europe. It has decided to implement an ERM process. Risk reporting is not communicated to the Board and they have not shown any interest in the ERM process.

A new Chief Risk Officer (CRO) was employed, based in the London headquarters, and responsible for the implementation of ERM throughout the business, including international offices.

After an initial review, the CRO has recommended that training, tools and techniques be provided to ensure everyone can comply with the risk management strategy and framework. Following this recommendation, management are trying to understand the role of the CRO.

The CRO wants to embed risk management throughout the organisation and is seeking guidance on further actions and responses. The Board is seeking assurance that risk management is developing and will continue to be embedded.

How can the Board gain assurance and assess the success of the ERM implementation in the future?
By reviewing the effectiveness of the Chief Risk Officer as outlined in the performance review report.
By reviewing industry and market related reports for recent developments in countries they specifically operate.
By requesting risk reports that cover the management of risks and the impact on achieving the objectives.

A

The performance of the CRO does not on its own determine the successfulness of the ERM implementation. As it is not the CRO’s sole responsibility. Option A is incorrect.

Isolated review of the industry reports and developments will not inform the Board on the implementation of ERM within the organisation itself, which is what they are concerned about. Option B is incorrect.

However, understanding the management of identified risks including the impact, after mitigation, on objectives will inform the Board on the successfulness of implementation as positive trends should be demonstrated. Option C is correct

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Case Study 3

Markers International Ltd, is a business advisory consultancy with its head office in London and 20 additional offices throughout Africa, Asia, Caribbean and Europe. It has decided to implement an ERM process. Risk reporting is not communicated to the Board and they have not shown any interest in the ERM process.

A new Chief Risk Officer (CRO) was employed, based in the London headquarters, and responsible for the implementation of ERM throughout the business, including international offices.

After an initial review, the CRO has recommended that training, tools and techniques be provided to ensure everyone can comply with the risk management strategy and framework. Following this recommendation, management are trying to understand the role of the CRO.

The CRO wants to embed risk management throughout the organisation and is seeking guidance on further actions and responses. The Board is seeking assurance that risk management is developing and will continue to be embedded.

The CRO needs to embed ERM throughout the organisation. Which of the following actions should be undertaken?

  1. Engage senior management and ensure the board buy-in.
  2. Ensure ERM is integrated into strategic planning, business process and operations.
  3. Ensure risks are separated from where they arose and ensure that they are managed by the head office.
  4. Create an embedding plan without the support and knowledge of senior management and the Board.
    1, 3 and 4.
    1 and 2.
    2 and 3.
A

Successful implementation of ERM needs the support and buy-in of management, with a sponsor identified on the Board and confirmed shared common priorities. Option 1 is correct and option 4 incorrect.

Another important factor is to integrate into strategic planning, business processes and operational success. Option 2 is correct.

It is important that risk management is embedded throughout the organisation to ensure that risks are managed within the context that gave rise to them. Option 3 is incorrect.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Case Study 3

Markers International Ltd, is a business advisory consultancy with its head office in London and 20 additional offices throughout Africa, Asia, Caribbean and Europe. It has decided to implement an ERM process. Risk reporting is not communicated to the Board and they have not shown any interest in the ERM process.

A new Chief Risk Officer (CRO) was employed, based in the London headquarters, and responsible for the implementation of ERM throughout the business, including international offices.

After an initial review, the CRO has recommended that training, tools and techniques be provided to ensure everyone can comply with the risk management strategy and framework. Following this recommendation, management are trying to understand the role of the CRO.

The CRO wants to embed risk management throughout the organisation and is seeking guidance on further actions and responses. The Board is seeking assurance that risk management is developing and will continue to be embedded.

Management wants clarity on the role of the CRO.
Which of the following is the responsibility of the CRO?
Develop a risk-based internal audit programme.
Facilitate a risk-aware culture within the organisation.
Report on the efficiency and effectiveness of internal controls.

A

Options A and C are the responsibilities of internal audit and therefore no correct options.

Option B is the responsibility of the CRO.

(Hopkin – Risk management responsibilities)
The correct answer is:
Facilitate a risk-aware culture within the organisation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Case Study 4

The risk management team of ABC Ltd are performing an analysis of the organisational risk management framework in search of possible improvements. This is happening because some Board members argued that the company could perform better in its rapidly changing and demanding market if executive management would be more focused on the upside of risk.

The risk manager has found that the identification of actionable opportunities is problematic because of the complex external context and intricate risk interdependencies. Their analysis includes a debate on how to make the risk visualization more relevant, which has led to representing five of the company’s risks as shown:

The company’s risk register has a typical content and structure. However the risk manager decided to reduce its size in order to keep it practical.

The risk manager’s analysis also includes a review of the risk management context. This was deemed necessary to get assurance that ABC’s risk architecture and protocols remain effective following recent structural changes. The risk manager has now reached a milestone in their analysis, and clarity is needed on some specific areas.

Which of the following should ABC’s risk manager consider in their review of the risk management context?

  1. Stakeholders and their expectations.
  2. Support for risk management.
  3. Risk communication.
  4. Risk decision-making process.
A

Hopkin, pp. 69-79.

Options 2 and 3 are correct because they mention two functions of the risk management context (framework): 1) provide support for the risk management process within the organisation; and 2) ensure that the outputs from the risk management process are communicated to internal and external stakeholders” [Hopkin, p. 81, second paragraph].

Options 1 is incorrect because “stakeholders and their expectations” are part of the internal/external context [Hopkin, p.81, paragraphs 3 and 4], not of the RM context.

Option 4 is also incorrect because the risk decision-making process is part of the internal context, not of the RM context. We can read in Hopkin (p. 82, penultimate paragraph) that “An important consideration regarding the internal context is how the organisation makes decisions.”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

ERM (33 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions