Chapter 13: Business analysis, risk ID and initial assessment

Question 1

Components of initial risk assessment and ID process BES PAIR REAR:

Answer 1

• Business analysis
• Environment and operations of the business understood
• Structured approach to risk identification
• Prioritise risks
• Agreement on risks faced
• Integrating ERM into business BBRRP
• Risk ID – DRAGS
• Risk register
• Evaluate risks – likelihood + impact
• Accountability and action plans on risks
• Review, monitor and report

Question 2

Benefits of risk ID and assessment FART B VICS

Answer 2

• Future risk management improved
• Reporting improved
• Awareness and transparency increased of risk in the organisation
• Transfer knowledge across organisation
• Business decisioning improved
• Value added by risk ID shown
• Integration of risk ID into whole risk management process
• Comprehensive risk profile of the business created
• Standards used should be consistent

Question 3

Potential pitfalls in risk assessment process O BOLLA

Answer 3

• Objectives and appetite not clearly defined
• Buy-in from senior management may lack
• Operational execution is ineffective across whole process
• Likelihood and severity of risk defined inconsistently
• Link between risk assessment and business decision not made
• Allocation of resources incorrect

Question 4

Business analysis BALSM ORE:

Answer 4

• Business plan/model
• Accounts and accounting ratios
• Legislation and regulation
• Structures and systems of the business
• Market information
• Objectives of the business
• Resources available to the company
• Economic environment

Question 5

Risk identification tools SCP TCP

Answer 5

• SWOT analysis
• Checklist – list of risk from past activities and external sources
• Prompt list – list of risk categories of risk to consider
• Taxonomy – all risks with clear descriptions and groupings done
• Case studies – risk ID in a specific context
• Process analysis – ID risk from a detailed process map

Question 6

Risk identification techniques BIG WIDS

Answer 6

• Brainstorming – collective generation of ideas
• Independent group analysis – each member presents a risk then prioritised by the group
• Gap analysis – ID current and desired risk exposures of a business
• Working groups – specific risks are assigned to a small group of SMEs
• Interviews – interviews with team members
• Delphi technique – survey and discussion approach to converge group thinking
• Surveys – wide gathering of information

Question 7

Contents of a risk register DICED OR

Answer 7

• Description of risks
• Indexing of risks
• Categorization
• Evaluation – likelihood and impact timeframe and relationship
• Document control information
• Owner of risk
• Response action

Question 8

Benefits of using risk mapping OVUM F

Answer 8

• Organisation brought together to assess risk
• Visual reporting of risk exposure
• Understanding of risk on enterprise level improved
• Management activities can be assessed
• Further attention to risks can be assessed

Question 9

How bias might be introduced into project appraisal MICK COMITE

Answer 9

• Major loss events underestimated
• Identification and analysis of risk not properly done
• Cashflows guessed
• Key risks may be omitted
• Calculation errors
• Other business ventures’ effect considered on this project
• Misalignment with senior management’s view of risk
• Interdependency of risks not considered
• Technology changes not considered
• Economic cycles not considered

Question 10

How bias may be avoided CIROC

Answer 10

• Checks and balances put in place
• Independent validation
• Reference similar projects
• Optimism bias test
• Culture establishment

Question 11

Ensuring risk assessment adds value to the business PELLE DARK TORRE

Answer 11

• Prioritising risks
• Executive sponsorship
• Loss events recorded
• Link risk management with strategy and business planning
• Education of teams are properly done
• Deep dive into important risks
• Appetite understood
• Resources allocation properly done
• KRI’s created
• Taxonomy in place
• Objects understood
• Regulatory requirements understood
• Reporting and mapping frequently done
• Escalation policies created

Question 12

Cyber risks to take note of DRIL T

Answer 12

• Damage to digital assets – data, models, sensitive information
• Reputational damage
• Interruption of business
• Legal costs
• Third party losses

Question 13

Climate change losses PANT PET DC

Answer 13

• Physical losses – physical losses incurred as a result of changes in climate
• Agricultural potential of land decreases
• Natural disasters
• Transition changes
• Policy changes
• Emigrations
• Tech changes
• Disease
• Consumer preferences

Question 14

How to measure risk exposure to climate change MOMI IS SICK

Answer 14

• Migration costs – moving to a more climate friendly business approach
• Organisational structure and strategy changes to align with climate change goals – (chief climate officer, remuneration packages, Key performance indicators)
• Metrics of climate change
• Investment strategy assessment
• Integrate climate change into greater risk management
• Scenario testing – effect of climate change impacts on business
• Supplier assessment
• Insurance taken out and written that cover climate risks
• Contribution to climate change
• Knowledge and understanding of climate risk increased

Question 15

Potential emerging risks DIC PICS C

Answer 15

• Dominance in the market by large companies
• Increased inequality
• Cyber risk significance increasing
• Power shifts in global economies cv
• Infrastructure dependency
• Contagion in asset markets
• Social media a source of data and influence
• Climate change