Module 1 - Unit 4: Risk assessment 1: introduction and identification Flashcards Preview

International Certificate In Risk Management (IRM) > Module 1 - Unit 4: Risk assessment 1: introduction and identification > Flashcards

Flashcards in Module 1 - Unit 4: Risk assessment 1: introduction and identification Deck (11)
Loading flashcards...
1

What are the three stages of risk assessment in ISO 31000

ISO 31000:
Identification, analysis and evaluation

2

List 4 of the main risk assessment techniques

1. Questionnaires and checklists
2. Workshops and brainstorming
3. Inspections and audits
4. Flow charts and dependency analysis

3

Provide a definition of risk identification

The process of determining what events might occur to affect the objectives of the org and their root causes

4

List the four COSO ERM risk classifications

1. Strategic
2. Operations
3. Reporting
4. Compliance

5

Identify three reasons why orgs find it useful to classify risks

1. Provide structure to the process of risk identification, which can facilitate the identification of more risks
2. Helps with the development of consistent terminology across the org, which is essential to ERM
3. Enable the org to group risks in order to assign responsibility, estimate exposure using expertise of professionals, determine level of risk, identify standard responses etc

6

List the 5 risk categories for the PESTLE classification acronym

PESTLE

POLITICAL
Tax policy, employment laws, environmental regulations

ECONOMIC
Growth/decline, interest rates, exchange rates, minimum wage

SOCIOLOGICAL
Cultural norms and expectations, health consciousness, age distribution

TECHNOLOGICAL
New tech, barriers to entry for certain markets, tech changes that impact products or services

LEGAL
Changes to legislation that impact employment, quotas, resources, taxation

ENVIRONMENTAL AND ETHICAL
Ecological and environmental aspects


7

Identify three advantages and disadvantages of PESTLE risk classification

⬆️ simple
⬆️ facilitates understanding of wider b/s environment
⬆️ encourages development of external and strategic thinking

⬇️ can over-simplify data used for decisions
⬇️ requires different people being involved with different perspectives
⬇️ access to quality external data sources can be costly and time consuming

8

Name three reasons why sometimes we will treat risks without knowing the underlying causes of that risk

1. High cost of investigation may not be cost effective

2. If the timescale between the risk event and its impact is too short there may not be time to look at the causes.

3. If the severity is so great ie in a crisis then we must focus efforts on containing the symptoms

9

List the 4 IRM risk classifications

Financial
Strategic
Operational
Hazard

10

List the 4 risk classifications found on the FIRM score card

Financial
Infrastructure
Reputational
Marketplace

11

What three Rs relate to risk assessment in the 8Rs and 4Ts process?

Recognition, rating and ranking