Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

MFA: Theory > Chapter 13: Identifying and Assessing Risk > Flashcards

Chapter 13: Identifying and Assessing Risk Flashcards

1
Q

Risk Management Principles as per ISO 31000 (9)

A
  1. Customised: RM process is tailored/customized as per BS objectives
  2. Human and Cultural Factors
  3. Integrated: RM process should be an integral part of the organizational process
  4. Best Available Information: Revelant and clear information about RISKS should be timely communicated to stakeholders
  5. Value Creation and Protection: RM should create and protect value
  6. Dynamic: Risk management is responsive to change
  7. Inclusive: transparent and involves stakeholders on a timely basis
  8. Structured and Comprehensive
  9. Continual Improvement; through learning and experience
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Risk Management Framework as per ISO 31000: Leadership and Commitment (5)

A

Management needs to demonstrate strong and sustained committment to Risk management, by defining:

  1. Risk management policy (apetite)
  2. Objectives (RM alignment with strategic objectives, culture etc)
  3. legal and regulatory compliance while managing risk
  4. resource allocation to manage risk
  5. Communication of benefits of RM to all stakeholders
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Risk Management Framework as per ISO 31000: Integration (5)

A
  1. Risk should be managed in every part of organisation’s structure
  2. Everyone should be responsible to manage and identify risk
  3. Integrating RM to organisation is dynamic and iterative
  4. RM should be customized as per organisation’s needs and culture
  5. RM should be part of: organisational purpose, governance,
    leadership and commitment strategy, objectives and operations
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Risk Management Framework as per ISO 31000: Design (5)

A
  • Outline specific steps that business will take to manage risk
  • such steps should reflect organisation’s core values, bs strategy, regulatory obligations, contractual obligations to 3rd parties
  1. Understand internal external context
  2. allocate resources as per steps to manage risk
  3. facilitate communication and consulting
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Risk Management Framework as per ISO 31000: Implementation (4)

A
  1. developing an implementation plan including deadlines
  2. identifying where, when and how different types of decisions are made, and by whom
  3. modifying the applicable decision-making processes where necessary
  4. ensuring that the organization’s arrangements for managing risk are clearly understood and practiced.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Risk Management Framework as per ISO 31000: Evaluation (2)

A
  1. periodically measure risk management metrics and performance against set goals, the original purpose, implementation plans, indicators and expectations.
  2. determine whether the current risk management set up is still suitable or needs an update.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Risk Management Framework as per ISO 31000: Improvement (2)

A

After evaluation, if any deficiencies identified or new risks revealed > introduce new techniques and address new risks in an improved implementation plan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Risk Management Process as per ISO 31000: Communication and Consultation (4)

A
  • Communication: promote understanding of risk
  • Consultation: feedback and information from stakeholders
  • Purpose of C&C > assist stakeholders in understanding risks and reasons for decisions made
  • C&C ensure: factual, timely, relevant, accurate and understandable exchange of information
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Risk Management Process as per ISO 31000: Scope, criteria, context (3)

A
  • defining the scope of the process and understanding the external and internal context
  • purpose of SCC: customize RM process to enable effective risk assessment and appropriate risk treatment
  • Context = External and Internal elements
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Risk Management Process as per ISO 31000: Risk assessment (6)

A
  1. overall process of risk identification, risk analysis, risk evaluation
  2. should be conducted systematically, iteratively, collaboratively, drawing on knowledge and views of stakeholders
  3. should use best available info + further inquiry as necessary
  4. Risk identification: identifying risks that could prevent us from achieving our objectives
  5. Risk analysis: understanding sources/causes of identified risks
    AND
    studying probabilities and consequences given the existing controls, to identify the level of residual risk
  6. Risk evaluation: includes comparing risk analysis results with risk criteria to determine whether the residual risk is tolerable.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Risk Management Process as per ISO 31000: Risk Treatment PROCESS (5)

A
  1. formulate and select risk treatment options
  2. plan and implement risk treatment
  3. assess effectiveness of that
  4. decide if remaining risk is acceptable
  5. if not, further treatment
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Risk Management Process as per ISO 31000: Risk Treatment Options (7)

A
  1. avoiding the risk by deciding not to start or continue with the activity
  2. taking or increasing the risk in order to pursue an opportunity;
  3. removing the risk source
  4. changing the likelihood
  5. changing the consequences
  6. sharing the risk
  7. retaining the risk by informed decision.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Risk Management Process as per ISO 31000: Monitoring and Review (4)

A
  1. planning, gathering and analysing information, recording results and providing feedback.
  2. to assure and improve the quality and effectiveness of process
  3. Ongoing monitoring and periodic review of process should be planned with responsibilities defined
  4. results of monitoring and review incorporated to whole organization’s activities
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Risk Management Process as per ISO 31000: Recording and reporting

A

RM process should be documented and reported through appropriate mechanisms.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Benefits for a business that adopts an effective risk management process (11)

A
  1. increased likelihood of achieving objectives
  2. encouraged proactive management
  3. awareness of need to identify and treat risk across organization
  4. improved identification of opportunities and threats (when analysing scope, context, criteria)
  5. compliance with legal and regulatory requirements (when avoiding legal risk)
  6. Improved mandatory and voluntary reporting (better reputation among investors)
  7. improved governance (due to leadership and commitment strategy)
  8. improved stakeholder confidence and trust (due to communication and consultation)
  9. establishment of reliable basis for planning and decision making (better reasoning)
  10. improved controls (due to risk treatment)
  11. effective allocation of resources for risk treatment
How well did you know this?
1
Not at all
2
3
4
5
Perfectly

MFA: Theory (3 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions