Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

caf 06 > identifying risk > Flashcards

identifying risk Flashcards

1
Q

Risk

A

Risk exists whenever future outcomes cannot be predicted with certainty.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Business Risk

A

A business risk threatens achievement of a company’s goals. Business risks can arise from internal
or external sources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Types of Business Risks:

A

There are two major types of Risks:
 Pure Risk
 Speculative Risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is pure risk?

A

Pure risk refers to risks that are beyond human control and result in a loss or no loss. There is no
possibility of financial gain.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Examples of Pure Risks

A

*Errors or negligence by staff members
 Malfunctioning of machines or IT system
 Terrorist attack, Fire, Flood and other natural disaster affecting business.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is Speculative risk?

A

Speculative risk is risk that is taken on voluntarily and can result in either a profit or loss.
Speculative risks are thus considered controllable risks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Examples of Speculative Risks:

A

 Investment activities (e.g. launch of new product, new business, investing in stocks)
 Sports betting,

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Compliance
risk

A

It is a risk that company may not comply
with laws, regulations and standards. This
may result in payment of fines or losing
customers.

e.g
If a manufacturing company’s employees don’t follow
government safety regulations while building
machines, their behavior can be a compliance risk for
the company

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Legal Risk

A

It is the risk that people may file legal cases
against company, which company may
lose.

e.g
If company does not fulfil contracts, or there is a
dispute with parties.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Reputational
Risk

A

It is the risk that public opinion may
change about company. It results in lack of
confidence of public and investors.

e.g
A clothing company prints an offensive image on a
shirt, and the story goes viral on social media, causing a
wave of negative news coverage. This may result in
drop of sales.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Security Risk

A

It is the risk that a company does not
follow appropriate Cybersecurity
Strategies.

e.g
If an insurance company has a weak policy for
employee passwords, this can pose a security risk for
the company. A hacker can release sensitive data, which
can hurt the company’s reputation or impact profits

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Financial Risk

A

Financial Risk occurs when a company has
poor financial management.

e.g
Examples of financial risk includes:
 Interest Rate Risk
 Commodity Price Risk
 Exchange Rate Risk
 Liquidity Risk
 Default Risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Competition
Risk

A

A competition risk can happen when a
competitor takes an increasing share of the
market for a product or service.

e.g
Business A sells printers. Business A may experience a
competition risk when a competitor, Business B, uses
technological innovations to sell printers with more
capabilities to Business A’s customers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Physical Risk

A

Physical risks are threats to a company’s
physical assets due to fire, natural disaster,
theft, poor training.

e.g
A media company owns a building that houses a
newspaper staff and a printing plant. The building can
be prone to fires if employees of the printing plant fail
to properly inspect and maintain printing equipment.
The lack of maintenance and inspections can pose a
physical risk to the building, its equipment and the
company’s employees.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Benefits of Risk Management

A
  1. Increased changes of achieving objectives.
  2. Proactive Management.
  3. Compliance with legal requirements.
  4. Awareness to identify and treat risk throughout the organization.
  5. Improved controls
  6. Improved Governance
  7. Reliable basis for decision making
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Responsibility of Risk Management:

A

In Pakistan, SECP’s Code of Corporate Governance states that directors should report on Risk
Management and Compliance issues.
Risk management happens at Board level as well as at operational level.

17
Q

Risk Committee:

A

Large companies establish a Risk Committee (which is a sub-committee of Board of Directors)
which is responsible to identify risks, monitor risks and report effectiveness of risk management to
Board.

18
Q

Box-ticking Approach:

A

In this approach, certain procedures are performed on every item to eliminate risk (e.g. scanning
every passenger on air-port)

19
Q

Risk-based Approach:

A

Management assumes that some risk is unavoidable. Management looks for only those items which
have high risk, to reduce risk to acceptable level.

20
Q

: Scope ISO31000

A

ISO 31000 provides general guidance on how to manage risk. This guidance can be applied to any
industry, any company, any level

21
Q

Risk ISO31000

A

Effect of uncertainty on objectives

22
Q

Risk management ISO31000

A

Coordinated activities to direct and control an organization with regard to risk

23
Q

Control ISO31000

A

Measure that maintains and/or reduce risk

24
Q

Principles

A

The principles are the foundation for managing risk and should be considered when establishing
the organization’s risk management framework and processes.

  1. Integrated:
    Risk management is an integral part of all organizational activities.
  2. Structured and comprehensive:
    A structured and comprehensive approach to risk management contributes should be
    adopted.
  3. Customized:
    The risk management Framework and Process can be customized according to
    organization’s objectives.
  4. Inclusive:
    All stakeholders should be involved in the risk management. This will improve awareness of
    risk management, and well informed risk management.
  5. Dynamic:
    Risks can change due to internal and external changes in organization. Risk management
    should consider these management.
  6. Best available information:
    Risk management should be based on timely, clear information. Any limitation or
    uncertainty regarding information should also be considered.
  7. Human and cultural factors:
    Human and cultural factors should also be considered at each level and stage.
  8. Continual improvement:
    Risk management is a continuous process which is improved through learning and
    experience.
25
Section 5: Framework
The purpose of the risk management framework is to assist the organization in integrating risk management into significant activities and functions. Framework development includes Integrating, Designing, Implementing, Evaluating and Improving risk management across the organization. This requires support from Leadership
26
1. Leadership and Commitmen
Top management should ensure that risk management is integrated into all organizational activities. They should: • Customize and implement all components of the framework; • Make a policy that establishes risk management approach. • Allocate necessary resources to risk management. • Assign authority and responsibilities at appropriate levels within the organization.
27
2. Integration
Risk management should be integrated in every part of organization. Every department and everyone in the organization is responsible for managing risk. However, it can be customized.
28
3. Design
It means planning a risk management strategy according to needs of organization. This component includes following steps: 1. Understanding the organization 2. Showing commitment to risk management 3. Assigning roles and responsibilities 4. Allocating resources 5. Establishing communication and consultation between stakeholders
29
4. Implement
This means putting the plans in action. It includes: • Setting objectives and deadlines • Clearly defining the decision-making process • Evaluating and making changes to the decision-making process where appropriate • Ensure that arrangements are clearly understood and practiced.
30
5. Evaluate
This means looking whether risk management system is working as it should be. It includes:  Comparing performance of risk management system with goals.  Determining whether risk management system is appropriate or needs amendments.
31
6. Improve
This means improving the risk management system on continuous basis. It includes:  taking corrective actions to remove deficiencies in risk management system.  Addressing new risks arising due to internal and external changes.
32
Risk Management Process:
Risk management process includes following activities:  communicating and consultation  establishing the Scope, context and criteria  assessing, treating, monitoring, reviewing, and reporting risk
33
Communicating and Consultation
 Communication means promoting awareness and understanding of risk.  Consultation means obtaining feedback and information to support decision-making.
34
Scope, context and criteria
 The organization should define the scope of its risk management activities.  The organization should establish risk management in the context of internal and external environment in which organization operates.  The organization should specify criteria as to how to evaluate significance of risks, and which risks to take and which not to take. Purpose of this step is to customize the risk management process.
35
Risk Assessment
Risk assessment is the overall process of risk identification, risk analysis and risk evaluation.  Risk Identification: The purpose of risk identification is to identify risks that may prevent an organization from achieving its objectives.  Risk analysis Risk analysis includes consideration of risk sources, probability, impact, existing controls and their effectiveness. Risks may have: o Low Probability, Low Impact. o Low Probability, High Impact o High Probability, Low Impact o High Probability, High Impact  Risk Evaluation: Risk evaluation involves comparing the results of the risk analysis with the established risk criteria to determine whether Residual Risk is tolerable or additional action is required.
36
Risk Treatment
The purpose of risk treatment is to select and implement options for addressing risk. Options for treating risk may involve one or more of the following: • avoiding risk (by discontinuing activity giving rise to risk), or take risk; • removing the risk source; • changing the likelihood; • changing the consequences; • sharing the risk with others (e.g. through contracts, buying insurance); • retaining the risk by informed decision.
37
Monitoring and Review
It includes analyzing results and providing feedback. Its purpose is to ensure effectiveness of risk management process
38
Recording and Reporting
The risk management process and its outcomes should be documented and reported through appropriate mechanisms.

caf 06 (8 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions