Module 1 - Unit 2: Risk management standards Flashcards Preview

International Certificate In Risk Management (IRM) > Module 1 - Unit 2: Risk management standards > Flashcards

Flashcards in Module 1 - Unit 2: Risk management standards Deck (17)
Loading flashcards...

Name five risk management processes

8Rs & 4Ts
IRM (2002)
ISO 31000
The Orange Book


Which of these processes has "control activities" as a feature?

b) ISO 31000
c) The Orange Book
d) IRM (2002)



What's the definition of a "risk standard"?

A published guide for managing risk, usually comprising a risk framework and (especially) a risk process.


What's the definition of a "risk framework"?

Also known as the risk management context. This comprises the risk strategy, risk architecture and risk protocols and forms the risk context which helps to drive the risk process.


What's the definition of a "risk process"?

The stages in the process of managing risk, which is driven mainly by how you set up the framework (but also affected by the internal and external environment).


What's the definition of "risk architecture"?

Part of the risk framework, which focuses on answering the question “Who does what?” in the organisation in relation to risk management.


What's the definition of "risk context"?

This covers three layers of organisation which together drive the risk process; they are the external environment, the internal environment and the risk management context (also known as the risk framework).


What's the definition of "risk protocols"?

The set of tools, procedures and instructions that an organisation has for managing risk.


What's the definition of "risk strategy"?

The agreed overriding purpose and aims of risk management in the organisation, which involves the publication of a risk policy document and the setting of the risk appetite.


List the 5 clauses of the ISO 31000 standard

1. Scope
2. Definition of terms
3. The Principles
4. Framework for Implementation
5. Process


Describe the "Scope" clause of the ISO 31000 standard.

The standard is generic and is not specific to a specific industry or organisation.


Name five of the ISO 31000 risk management "Principles" (Clause 3)

1. Create & protect values e.g. achieve objectives
2. Integrated into orgs. processes
3. Used in decision making
4. Addresses uncertainty
5. Systematic, structured & timely
6. Based on best available information
7. Tailored to context, size and complexity
8. Considers human & cultural factors
9. Transparency
10. Dynamic & iterative
11. Facilitates continual improvement


Describe Clause 4 of the ISO 31000 standard, "Framework for Implementation"

1. Mandate & commitment by the Board
2. Design of framework
3. Implement risk management
4. Monitor and review framework
5. Improve framework


Describe the five stages of the ISO 31000 risk management "Process" (Clause 5)

1. Establish context
2. Risk Identification
3. Risk Analysis
4. Risk Evaluation
5. Risk Treatment


What two features run throughout the five stages of the ISO 31000 "Process" (Clause 5)

1. Communication/consultation
2. Monitoring & Review


List the 8Rs and 4Ts of hazard risk management

Recognition of risks
Rating of risks
Ranking against risk criteria
Response to risk
- Tolerate
- Treat
- Transfer
- Terminate
Resourcing controls
Reaction planning
Reporting on risk
Reviewing & monitoring


What three aspect make up the faces of the COSO ERM "Cube"

1. Objectives of risk management
2. Risk management process
3. Internal environment