Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

GBA/RPA 3 > Lesson 11 > Flashcards

Lesson 11 Flashcards

1
Q

1.1 Define business context (define plus 3 things it may be - descriptors)

A

Business context refers to trends, events, relationships and other factors that influence, clarify or drive change to current and future strategy and business objectives. Business context may be:

1) Dynamic
2) Complex
3) unpredictable

Should be considered when developing strategy to support its mission, vision and core values

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

1.2 What is included in the external environment (6)

A

Categories include

1) Political
2) Economic
3) Social
4) Technological
5) Legal
6) Environment - natural/human caused catastrophes, climate change and relevant regualtions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

1.2 What is included in the internal environment in a business context

A

1) Capital
2) People
3) Process
4) technology

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

1.2 What are 3 categories of external stakeholders

A

1) Those affected by the entity (service providers, competitors)

2) Those that directly influence the entity’s business environment (governments, regulators)

3) Those that influence the entity’s brand, reputation and trust (communities, interest groups)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

1.3 Explain how and entity’s business context affects its risk profile (past, present, future)

A

The risk profile may be viewed in three stages, past present and future

Looking back at factors that affected past performance can provide valuable information to use in shaping the current risk profile

Looking at current performance can show how current trends, relationships and other factors are affecting the risk profile.

Thinking about what these will look like in the future allows an entity to consider how the risk profile will evolve in relation to where it is heading or wants to head

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

2.1 Describe how an entity’s chosen risk appetite is applied within that entity’s risk management profile

A

Risk appetite guides allocation of resources, the goal is to align resource allocation with mission, vision and core values to create, preserve and realize value.

Management, with board oversight continually monitors risk appetite at all levels and accommodates change when needed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

2.2 Outline factors an entity may consider when determining its risk appetite (6)

A

1) Strategic parameter such as new products, investment for capital expenditures and M&A activity

2) Financial parameters such as maximum acceptable variation in financial performance, return on assets or risk adjusted return on capital

3) Operating parameters such as environmental requirements, safety targets, quality targets and customer concentrations

4) Risk profile - current risk and how it is distributed across the entity and the different categories of risk

5) Risk capacity

6) ERM capability and maturity, which provides information on how well ERM is functioning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

3.1 Describe the intent of a “due diligence” review of alternative strategies

A

An entity must evaluate alternative strategies as part of the strategy setting process to assess risk and opportunities.

This evaluation is called due diligence and should be more detailed the more significant the decision

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

3.2 Describe two key risk perspectives considered in a due diligence assessment of alternative strategies

A

1) Whether the strategy aligns with the mission, vision and core values. Misalignment creates risk

2) Potential risks of each strategy being considered.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

3.3 Describe how bias can affect the due diligence process for evaluating alternative strategies

A

Bias may prevent an entity from selecting the best strategy

The first step is to identify any bias that may exist during the strategy setting process. The next step is to mitigate that

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

4.1 Explain how business objectives and their related performance targets can influence an entity’s risk profile

A

Alignment of objectives and strategy is crucial. misalignment may result in mismanaged resources.

If objectives don’t align with risk appetite the entity may be accepting too much or too little risk. Both risk appetite and objectives should be reviewed to bring them into alignment.

Performance targets must be appropriate, for example excessive growth targets heighten the risks in execution

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

5.1 Explain the role of acceptable variation in performance using the following sample risk profile

A

Acceptable variation in performance is tactical and focused.

It is applied to all business objectives and implemented throughout the entity.

Objectives viewed as highly important may have a lower acceptable variance

The right boundary of acceptable variance on a chart should not exceed risk appetite. Where it is below risk appetite it may be shifted higher

Operating within acceptable variation provides management with greater confidence that the entity remains within its risk appetite and provides comfort that the entity will achieve business objectives

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

5.2 Differentiate between exceeding variation and trailing variation

A

Exceeding variation is the highest acceptable above target performance and trailing variation is the lowest acceptable

Trailing and exceeding variance may not be the same distance from the target. The distance is affected by risk appetite and cost of variation.

Deciding that a certain level of variation is unacceptable may come with costs.

Trailing a target is not necessarily a failure, it depends how the target is defined

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

6.1 Explain the importance of having a risk management process that is linked to an entity’s operating model

A

Risks may affect one operating unit or the whole entity. They may be highly correlated with factors in the business context or other risks.

Risk responses may require significant investments in infrastructure and so should be linked to the operating model

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

6.1 Creating preserving and realizing an entity’s value is enabled when the operating model includes a risk management process with these 6 steps

A

1) Identifying new and emerging risks so risk responses can be deployed in a timely manner

2) Assessing severity of risk with am understanding of how the risk may change depending on the level of the entity

3) Prioritizing risks, allowing for the optimization of resource allocation in response to those risks

4) Identifying and selecting responses to risk

5) Developing a portfolio view to enhance the entity’s ability to articulate the amount of risk assumed in pursuing strategy and business objectives

6) Monitoring entity performance and identifying substantial changes in the performance or risk profile of the entity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

6.2 What are the 6 steps in the overall risk assessment process

A

1) Identifying the risk

2) Assessing risk

3) Prioritizing Risk

4) Responding to risk

5) Developing a portfolio view

6) Monitoring performance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

6.2 In the context of the risk assessment process step Identifying Risk, what are the inputs (3), and outputs (1)

A

Inputs:
1) Strategy and business objectives
2) Risk appetite and acceptable variation
3) Business context

Outputs:
1) Risk Universe

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

6.2 In the context of the risk assessment process step Identifying Risk, what are the types of approaches (6)

A

1) Data tracking
2) Interviews
3) Facilitated workshops
4) Questionnaires and surveys
5) Process analysis
6)Leading indicators

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

6.2 In the context of the risk assessment process step Assessing Risk, what are the inputs (2), and outputs (1)

A

Inputs:
1) Risk Universe
2) Risk Severity Measure

Outputs:
1) Risk analysis results

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

6.2 In the context of the risk assessment process step Assessing Risk, what are the types of approaches (4)

A

1) Probabilistic Modelling
2) Non-probabilistic modeling (sensitivity analysis)
3) Judgement evaluations
4) benchmarking

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

6.2 In the context of the risk assessment process step Prioritizing Risk, what are the inputs (2), and outputs (1)

A

Inputs:
1) Risk assessment results
2) Prioritization criteria

Outputs:
1) Prioritizing risk assessment results

22
Q

6.2 In the context of the risk assessment process step Prioritizing Risk, what are the types of approaches (2)

A

1) Judgement evaluations
2) Quantitative scoring methods

23
Q

6.2 In the context of the risk assessment process step responding to risk view, what are the inputs (1), and outputs (2)

A

Inputs:
1) Prioritized risk assessment results

Outputs:
1) Deployed risk results
2) Residual risk assessment results

24
Q

6.2 In the context of the risk assessment process step responding to risk, what are the types of approaches (2)

A

1) Risk profile templates or pro forma risk profile
2) Cost benefit analysis

25
Q

6.2 In the context of the risk assessment process step Developing a portfolio view, what are the inputs (2), and outputs (1)

A

Inputs:
1) Residual risk assessment results

Outputs:
1) Portfolio view of risk

26
Q

6.2 In the context of the risk assessment process step Developing a portfolio view, what are the types of approaches (2)

A

1) Judgmental evaluations

2) Quantitative scoring methods

27
Q

6.2 In the context of the risk assessment process step Monitoring Performance, what are the inputs (2), and outputs (1)

A

Inputs:
1) Residual risk assessment results
2) Portfolio view of risk

Outputs:
1) Corrective action

28
Q

6.2 In the context of the risk assessment process step Monitoring Performance, what are the types of approaches (2)

A

1) Dashboards
2) Performance Reports

29
Q

6.3 Describe the objective identifying risk in the risk management strategy

A

The objective of this step in the risk management process is to identify new, emerging and changing risks to the achievement of its strategy and business objectives as well as opportunities that arise from risk.

30
Q

6.4 Outline 5 types of new, emerging and changing risks and explain the benefits of identifying those risks in the risk management process

A

1) Arise from a change in business objectives

2) Arise from a change in the business context

3) Pertain to a change in business context that may not have applied to the entity previously

4) Were previously unknown (discovery of susceptibility for corrosion in raw materials used in the company’s manufacturing process)

5) Have been previously identified but have since been altered due to a change in the business context, risk appetite or supporting assumptions

31
Q

6.5 Describe the importance of precise risk identification and methods that can be used to enhance precision (3 reasons its important)

A

1) It allows management to more accurately assess the severity of the risk

2) It helps management identify the typical root causes and impacts and therefore select and deploy the most appropriate risk response

3) It supports the aggregation of risks to produce the portfolio view

32
Q

6.5 What are 2 ways that entities can enhance precision when identifying risk

A

1) Articulating the difference between actual risk and other considerations
- Potential root causes that could influence the severity of a risk
- Potential impacts of a risk being embedded in the description
- Potential impacts of ineffective or failed risk responses and controls

2) Using consistent or standard sentence structure that facilitates accurate assessment of the risk, differentiates between root causes and impacts and supports aggregation of risks to produce a portfolio view

33
Q

6.6 Explain the concept of risk universe

A

A quantitative listing of the risk the entity faces.

May be grouped together in similar categories suck as strategic risks or financial risks. Is an input into the risk assessment step of the risk management process.

34
Q

7.1 define inherent risk

A

The risk to an entity in the absence of any direct or focused action by management to alter its severity

34
Q

7.1 define inherent risk

A

The risk to an entity in the absence of any direct or focused action by management to alter its severity

35
Q

7.1 Define target residual risk

A

The amount of risk that an entity prefers to assume in the pursuit of its strategy and business objectives

36
Q

7.1 Define actual residual risk

A

The risk remaining after management has taken action to alter its severity

<= target residual risk

37
Q

7.2 Describe the reason that an entity measures the severity of a potential risk

A

The severity of a risk is determined in order to select an appropriate risk response, allocate resources and support management decision making and performance

38
Q

7.2 What are 6 factors to be considered when assessing the severity of risk

A

1) Size nature and complexity and its risk appetite
2) Level of assessment, either by the entity or operational unit
3) Risk impact
4) Risk likelihood
5) Time horizon

39
Q

7.3 Explain the significance of bias in risk severity

A

Bias can cause over or under estimation of risks

Overestimating risks may result in resources being unnecessarily deployed in response, creating inefficiencies in the entity,

Underestimating the severity of a risk may result in an inadequate response, leaving the entity exposed and at risk potentially outside of the entity’s risk appetit

40
Q

8.1 Provide 5 examples of criteria used for prioritizing risk

A

1) Adaptability - how capable the entity is of adapting and responding to risks

2) Complexity - the scope and natures of a risk to the entity’s success

3) Velocity - the speed of onset at which a risk impacts an entity

4) Persistence - how long a risk impacts an entity

5) Recovery - the capacity of an entity to return to acceptable variation in performance

41
Q

8.2 Explain the significance of bias in the prioritization of risks

A

The prevalence of bias may increase in situations where there are competing priorities

Management must strive to prioritize risks and manage competing business objectives related to the allocation of resources free from bias.

42
Q

9.1 Describe the 7 key types of risk responses (5 assuming it can be managed within the risk appetite and acceptable variation and 2 not

A

assuming it can be managed within the risk appetite and acceptable variation

1) Accepting - no action taken

2) Avoiding - action is taken to avoid the risk, e.g. declining an expansion

3) Pursing - action is taken that accepts an increased level of risk - accepting an expansion

4) Reducing - action is taken to reduce the severity of a risk

5) Sharing - action is taken to reduce a risk by transferring or otherwise sharing the risk e.g outsourcing to specialist service providers

if it cannot be managed within the risk appetite and acceptable variation

1) Reviewing business objectives

2) Reviewing the strategy

43
Q

9.2 Outline 6 factors considered in the selection and deployment of risk responses

A

1) Business context

2) Costs and benefits

3) Obligations and expectations

4) Risk priority

5) Risk response should reflect the size scope and nature of the risk

6) Risk appetite - response should either bring within appetite or maintain its current status

44
Q

8.2 Discuss the impact of selecting a single risk response

A

May introduce new risks that have not been identified or have unintended consequences

45
Q

9.3 Explain how the costs and benefits of risk responses factor into decision making

A

Generally costs and benefits are commensurate with the severity nd prioritization of the risk.

Costs comprise direct costs, indirect costs and for some entities opportunity costs.

There may not be an optimal risk response from a cost benefit perspective.

Management is also responsible for
risk responses that address any regulatory obligations, which may not be optimal from the perspective of costs and benefits but comply with legal or other obligations.

46
Q

10.1 Explain the concept of a portfolio view of risk

A

A portfolio view is a composite of risk the entity faces entity wide which positions management and the board to consider the types, severity and interdependencies of risk and how they may affect the entity’s performance relative to its strategy and business objectives

In cases where the portfolio view shows that risks are
significantly less than the entity’s risk appetite, management may decide to motivate individual operating unit managers to accept greater risk in targeted areas, striving to enhance the entity’s overall growth and return.

47
Q

10.1 In developing the portfolio view, entities may observe risks that: (3)

A

1) Increase in severity as the are progressively consolidated to higher levels within the entity

2) Decrease in severity as they are progressively consolidated

3) Offset other risks by acting as natural hedges

48
Q

10.2 Outline the benefits of stress testing the portfolio view of risk

A

Undertaking stress testing, scenario analysis or other analytical exercises helps an entity avoid or better respond to unexpected events and losses.

49
Q

10.2 List 4 things that management can review by stress testing a portfolio

A

1) Assumptions underpinning the severity of risk

2) Behaviours of individual risks under stressed conditions

3) Interdependencies of risks within the portfolio view

4) Effectiveness of existing risk responses

50
Q

11.1 What are 4 questions that can be answered by monitoring performance

A

1) Has the entity performed as expected and achieved its target?

2) What risks are occurring that may be affecting performance?

3) Was the entity taking enough risk to attain its target?

4) Was the estimate of the amount of risk accurate?

51
Q

11.2 Outline corrective action options available should an entity determine that its performance does not fall within its acceptable variation or that target performance results in a different risk profile than was expected. (7)

A

1) Reviewing business objective or strategy.

2) Reviewing strategy. Should

3) Revising target performance.

4) Reviewing severity of risk results. Reperforming the risk assessment for relevant risks may alter results based on changes in the business context, availability of new data or information that enables a more accurate assessment, or challenges to the assumption underpinning the initial assessment.

5) Reviewing how risks are prioritized.

6) Revising risk responses An entity may alter or add responses to bring risk in line with its target performance and risk profile.

7) Revising risk appetite.

GBA/RPA 3 (12 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions