Chapter 5: Introduction to risk management

Question 1

What is risk?

Answer 1

Risk is ‘the possible variation in an outcome what is expected to happen’.

Question 2

What is the COSO definition of risk?

Answer 2

Risk is ‘the possibility that an event will occur and adversely affect the achievement of objectives.

Question 3

What is the COSO definition of opportunity?

Answer 3

Opportunity is ‘the possibility than an event will occur and positively affect the achievement of objectives.

Question 4

What is uncertainty?

Answer 4

Uncertainty is the ‘inability to predict outcomes because of a lack of information’ (not the same as risk)!

Question 5

What are the three attitudes to risk?

Answer 5

Risk averse attitude
Risk neutral attitude
Risk seeker attitude

Question 6

What is a risk averse attitude?

Answer 6

An investment would be chosen if it has more certainty but possibly a lower return than an alternative less certain, potentially higher return investment.

Question 7

What is a risk neutral attitude?

Answer 7

An investment would be chosen according to its expected return, irrespective of risk.

Question 8

What is a risk seeker attitude?

Answer 8

An investment would be chosen on the basis of it offering higher levels of risk, even if its expected return is lower than an alternative no-risk investment with a higher expected return.

Question 9

What are the three different classifications of risk?

Answer 9

Business risk
Financial risk
Operational risk

Question 10

What are some examples of sustainability and climate related risks?

Answer 10

Damage to supply chain and property
Impact on reputation
Not meeting regulations regarding emissions and climate

Question 11

What categories can event risk be broken down into?

Answer 11

Disaster - catastrophe occurs such as a fire, flood etc.
Regulatory - new laws or regs are introduced
Reputation - risk of damage to the business’s reputation
Systematic - failure by a participant in the business’s supply chain

Question 12

What is risk measurement?

Answer 12

Risk measurement identifies the probability of the risk occurring and quantifies the resultant impact and calculating the amount of the potential loss using expected values for gross risk.

Question 13

What are descriptive statistics?

Answer 13

Descriptive statistics are used to describe a set of data.

Question 14

What is descriptive analysis?

Answer 14

Descriptive analysis gives you an idea of the distribution of the data, helps you detect anomalies and enables you to identify relationships between variables.

Question 15

What is a measure of central tendency?

Answer 15

Measures of central tendency i.e. mean, mode, median and expected value; are used to attempt to describe the usual or average value in a population. If this is related to risk - the average tells what we should expect from a set of data.

Question 16

What is the deviation?

Answer 16

The deviation is a measure of how far away from the mean a value is in a data set.

Question 17

What is the variance?

Answer 17

The variance is the average of the squared deviations of all the values in a data set.

Question 18

What is the standard deviation?

Answer 18

The standard deviation is the square root of the variance

Question 19

What is the coefficient of variation?

Answer 19

The coefficient of variation is the standard deviation divided by the mean

Question 20

What is a frequency distribution?

Answer 20

A frequency distribution is where data is in groups e.g. no. of people that fall within the income brackets.

Question 21

What is a normal distribution?

Answer 21

The data is symmetrical and peaks in the centre.
It is a bell curve
The mean is shown in the y-axis
50% of the values will be below the mean and 50% above
The total area under the curve equals 1
The standard deviation shows how far the value spread out from the mean

Question 22

What are the general percentage rules in a normal distribution?

Answer 22

34% of values lie between mean and 1 standard deviation

47.5% of values lie between the mean and two standard deviations

49.9% of values lie between the mean and three standard deviations

Question 23

What is a negative skew?

Answer 23

Left (negatively) skewed - values are concentrated on the right hand side so the graph would have a long left tail.

The mode is often the highest point, with the median and mean to the left of the mode.

Question 24

What is a positive skew?

Answer 24

Right (positively) skewed - values are concentrated on the left hand side so the graph would have a long right tail.

The mode is often the highest point, with the median and mean to the right of the mode.

Question 25

What is risk management?

Answer 25

Risk management is 'the identification, analysis and economic control of risks which threaten the assets or earning capacity of a business'.

Question 26

What is the risk management process?

Answer 26

Risk awareness and identification Risk assessment and measurement Risk response and control Risk monitoring and reporting

Question 27

What is risk identification?

Answer 27

Risk identification involves 'identifying the whole range of possible risks and the likelihood of losses occurring as a result of these risks.'

Question 28

What are 5 techniques to identify risks?

Answer 28

PEST/SWOT analysis External advisors Interviews/questionnaires Internal audit Brainstorming

Question 29

What are the five different categories of loss which can be considered?

Answer 29

Property loss - possible loss of assets Liability loss - loss occurring from legal liability to third parties Personnel loss - due to injury, sickness and death of employees Pecuniary loss - as a result of defaulting debtors Interruption loss - being unable to operate

Question 30

What is a risk assessment?

Answer 30

Risk assessment considers the nature of each risk and the implications it might have for the business achieving its objectives.

Question 31

What is gross risk?

Answer 31

Gross risk is the potential loss associated with the risk, calculated by combining the impact and the probability of the risk, before taking any control measures into account Gross risk = Probability x Impact

Question 32

What is a risk assessment map?

Answer 32

High Impact/Low probability = Sharing Reduction High Impact/High probability = Avoidance Reduction Share Low impact/Low probability = Accepted Low impact/High probability = Reduction

Question 33

What is the TARA model?

Answer 33

The TARA model provides an outline of general risk responses: Transfer (Sharing) - to a third party Avoidance - not undertaking risky activities Reduction - retain activity but take action to limit risk Acceptance (Retention) - tolerating losses

Question 34

What is the risk response ALARP?

Answer 34

ALARP - as low as reasonably practicable is the basis of many regulations relating to health and safety at work in the UK. Employers are expected to take actions to reduce risk faced by employees to a level that is reasonably practicable, but have no duty to go beyond this.

Question 35

What is 'reasonably practicable'?

Answer 35

The risk of an event occurring is reduced to a level that is proportional to cost required to reduce the risk any further. The cost of reducing the risk further would outweigh the benefit.

Question 36

Why do we need risk monitoring?

Answer 36

To monitor the effectiveness of the current risk management process. To monitor whether the risk profile is changing.

Question 37

What is required when reporting on risk management for listed companies?

Answer 37

Determine the nature and extent of any risks the company is willing to take in order to achieve its objectives. Report risk management issues.

Question 38

What are the additional board disclosures when reporting on risk management?

Answer 38

That they are responsible for the company's system of internal control That systems have been designed to manage, not eliminate, risk. How the board have dealt with the internal control aspects of significant problems highlighted in the accounts. Any weaknesses in internal control that have resulted in material losses.

Question 39

What is a crisis?

Answer 39

A crisis is an unexpected event that threatens the wellbeing of a business, or a significant disruption to the business and its normal operations which impacts on its customers, employees, investors and other stakeholders.

Question 40

What are the 7 types of crisis?

Answer 40

Natural event - earthquake causing physical disruption Industrial accident - building collapse or fire Product or service failure - product recall or health scare Public relations disaster - unwelcome media attention or adverse publicity Business crisis - loss of key supplier or customer Management crisis - hostile takeover bid or loss key management Legal/regulatory crisis - new regulation increases costs

Question 41

What is crisis management?

Answer 41

Crisis management involves identifying a crisis, planning a response to the crisis and confronting and resolving the crisis.

Question 42

What is business resilience?

Answer 42

Business resilience considers an organisation's ability to manage and survive against planned or unplanned shocks and disruptions to operations.

Question 43

What are the 2 axes ICSA has outlined for understanding an organisations resilience?

Answer 43

Axis 1: Processes and functions to protect the organisation Axis 2: General organisational characteristics driving resilience

Question 44

Example of Axis 1: Processes and functions to protect the organisation

Answer 44

Risk management Business continuity planning Security IT disaster recovery Health and safety Crisis management Internal audit Governance

Question 45

Examples of Axis 2: General organisational characteristics driving resilience

Answer 45

Employee trust in management Customers trust in the organisation Ability to innovate Clear values Values linked to behaviour Effective risk management Morale Leadership involvement

Question 46

What is a disaster?

Answer 46

A disaster is when 'the business's operations, or a significant part of them, break down for some reason leasing to potential losses of equipment, data or funds'.

Question 47

What are the two types of disaster?

Answer 47

A major crisis causing a breakdown in operations and resultant losses. An event which results in serious consequences.

Question 48

What are the main components of a disaster recovery plan?

Answer 48

Define responsibilities Prioritise actions Establish backup and standby arrangements Communicate with staff Establish PR Risk assessment