Module 1 Unit 5 Risk Culture and Appetite

Question 1

Which of the following are determinants of the organisational attitude to risk?

1. Opportunity pursuit.
2. Business maturity.
3. Area of activity.
4. Decision-making

Answer 1

Option 2 is correct. The attitude to risk is often different “when an organisation is a start-up operation rather than a mature organisation”.

Option 3 is correct. The “attitude of the organisation to risk will depend on the sector … within which it operates” and area of activity is another term for sector.

Question 2

Risk Doctor quote on what is Culture

Answer 2

Values and beliefs and knowledge and understanding shared by a group of people with a common purpose.

Question 3

What is the definition of risk culture?

Answer 3

Risk culture is similar to organizational culture but focuses on how people perceive, understand, and manage risks.

It emphasizes the collective attitudes and behaviors regarding risk within an organization.

Question 4

According to Hopkin and Thompson, what does risk culture reflect?

Answer 4

Risk culture reflects the overall attitude of management, influences individual behaviour, and defines how people feel obliged to act.

This highlights the importance of leadership in shaping risk perceptions.

Question 5

How does the IRM define risk culture?

Answer 5

Risk culture is the values, beliefs, knowledge, and understanding about risk shared by a group of people with a common purpose, especially employees within an organization.

This definition emphasizes the collective aspect of risk management.

Question 6

What is a virtuous cycle in the context of risk culture?

Answer 6

A virtuous cycle is when positive actions and behaviours reinforce the desired risk culture.

This leads to a healthier organizational environment regarding risk management.

Question 7

What constitutes a vicious cycle in risk culture?

Answer 7

A vicious cycle occurs when dysfunctional behaviours create a damaging, negative risk culture.

This can lead to increased risks and negative outcomes for the organization.

Question 8

List three strategies for establishing a positive risk culture.

Answer 8

• Communication
• Employee Buy-In
• Involvement

These strategies are essential for fostering a supportive risk management environment.

Question 9

What role does communication play in establishing a positive risk culture?

Answer 9

Communication involves clearly communicating the organization’s expectations through various channels (policies, presentations, newsletters, etc.).

Effective communication ensures that all employees understand risk management practices.

Question 10

Why is employee buy-in important for risk culture?

Answer 10

Employee buy-in convinces employees of the personal benefits of good risk management practices.

When employees see personal advantages, they are more likely to engage in positive risk behaviors.

Question 11

What is the significance of involving employees in the risk identification process?

Answer 11

Involving employees helps in recognizing potential risks and fosters a sense of ownership and responsibility.

This collaborative approach can enhance the effectiveness of risk management strategies.

Question 12

What is the purpose of training programs in establishing a positive risk culture?

Answer 12

Training programs are provided to instil the right practices and knowledge regarding risk management.

Continuous education is vital for maintaining an informed workforce.

Question 13

What does Deloitte suggest about a strong risk culture?

Answer 13

A strong risk culture enables people to consistently do the right thing in a rapidly changing, complex world.

This adaptability is crucial for effective risk management.

Question 14

How does a strong risk culture support management?

Answer 14

It helps management make tough trade-off decisions and balance positive and negative impacts.

This support is essential for navigating complex organizational challenges.

Question 15

Fill in the blank: A _______ cycle occurs when positive actions reinforce the desired risk culture.

Answer 15

[virtuous]

Question 16

Fill in the blank: A _______ cycle is created by dysfunctional behaviours in risk culture.

Answer 16

[vicious]

Question 17

What is Risk Culture?

Answer 17

Assess how people’s attitudes and behaviors influence the risk management process.

A successful risk culture is crucial for the success of both the risk management process and the organization.

Question 18

Why is Risk Culture important?

Answer 18

Establishing the right risk culture is essential for effective risk management.

A strong risk culture can mean the difference between success and failure for the organization.

Question 19

What do Risk Appetite and Tolerance refer to?

Answer 19

The amount of risk an organization can and is willing to take to achieve its objectives.

This helps determine which risks are relevant and how much effort is needed to manage them.

Question 20

How does understanding Risk Appetite help organizations?

Answer 20

Helps organizations understand their capacity for risk.

Guides the practical management of risks to ensure they are kept at acceptable levels.

Question 21

What is required for managing risks effectively?

Answer 21

Changes in attitude, behaviour, and risk culture within the organization.

Ensures that risks are assessed and managed appropriately to create and protect value and support the achievement of objectives.

Question 22

Fill in the blank: A successful _______ is crucial for the success of both the risk management process and the organization.

Answer 22

[risk culture]

Question 23

True or False: A strong risk culture can lead to organizational failure.

Answer 23

False

A strong risk culture can mean the difference between success and failure for the organization.

Question 24

Fill in the blank: Risk Appetite helps determine which risks are _______ and how much effort is needed to manage them.

Answer 24

[relevant]

Question 26

What are the four Risk Culture Influencers in the Deloitte Model?

Answer 26

* Risk Competence * Motivation * Relationships * Organisation ## Footnote Each influencer represents a critical aspect of risk culture within an organization.

Question 27

Define 'Risk Competence' as per the Deloitte Model.

Answer 27

Skills and knowledge related to risk management. ## Footnote This refers to the ability of individuals within the organization to understand and manage risks effectively.

Question 28

What does 'Motivation' refer to in the context of the Deloitte Model?

Answer 28

Incentives and drivers for risk-aware behaviour. ## Footnote This involves understanding what encourages individuals to act responsibly regarding risk.

Question 29

Explain the significance of 'Relationships' in the Deloitte Model.

Answer 29

Interpersonal dynamics and communication. ## Footnote Healthy relationships and effective communication are vital for fostering a positive risk culture.

Question 30

What does 'Organisation' encompass in the Deloitte Model?

Answer 30

Structural and procedural aspects. ## Footnote This includes how the organization is set up to manage risks through its processes and hierarchies.

Question 31

What is the origin of the LILAC Model?

Answer 31

Developed from research by the UK's Health and Safety Executive (HSE) after major rail disasters in the 1980s and 1990s. ## Footnote The model was created to improve safety culture in organizations based on historical events.

Question 32

List the five Indicators of Positive Safety Culture in the LILAC Model.

Answer 32

* Leadership * Two-Way Communication * Involvement of Staff * Learning Culture * Just Culture ## Footnote These indicators are essential for creating a supportive safety environment.

Question 33

What does the acronym LILAC stand for?

Answer 33

Leadership, Involvement, Learning, Accountability, and Communication. ## Footnote This acronym encapsulates the core components of the model.

Question 34

What is the long-term aim of the LILAC Model?

Answer 34

Embedding risk management as part of the way people work. ## Footnote This goal focuses on integrating risk management into everyday practices.

Question 35

How can LILAC be applied in organizations?

Answer 35

* Risk Management Training * Control Environment ## Footnote These applications help enhance risk management practices and the overall control environment.

Question 36

True or False: The LILAC Model promotes a blame culture.

Answer 36

False. ## Footnote The model encourages a Just Culture, which emphasizes accountability rather than blame.

Question 37

What are the components of IRM's ABC Model?

Answer 37

Risk Attitude, Risk Behaviour, Risk Culture ## Footnote Risk Attitude: The chosen position towards risk. Risk Behaviour: Observable actions related to risk. Risk Culture: Shared values and beliefs about risk.

Question 38

How does risk culture influence risk attitude?

Answer 38

Risk culture influences risk attitude and risk behaviour ## Footnote This indicates a cyclical relationship between these concepts.

Question 39

What is the relationship between risk attitude and risk behaviour?

Answer 39

Risk attitude shapes risk behaviour ## Footnote This means that how individuals perceive risk affects their actions.

Question 40

What forms risk culture?

Answer 40

Risk behaviour forms risk culture ## Footnote This suggests that collective actions contribute to the overall culture regarding risk.

Question 41

What misconception exists between risk attitudes and risk culture?

Answer 41

Risk attitudes describe different attitudes, not the culture itself ## Footnote Examples include risk-averse and risk-seeking attitudes.

Question 42

Is risk culture merely 'the way we do things around here'?

Answer 42

No, risk culture encompasses more than just behaviours ## Footnote It includes values, beliefs, and knowledge about risk.

Question 43

How can risk behaviours be assessed?

Answer 43

Risk behaviours can be objectively assessed through surveys or interviews ## Footnote This allows for a clearer understanding of risk culture.

Question 44

What are the 4Cs that define risk attitude according to Hopkin and Thompson?

Answer 44

Comfort, Cautious, Concerned, Critical ## Footnote These terms describe different long-term perspectives on risk.

Question 45

What does a risk matrix illustrate?

Answer 45

A risk matrix illustrates risk attitude ## Footnote An example of this is a representation of a risk-averse attitude.

Question 46

How are risk attitude and risk appetite related?

Answer 46

Risk attitude and appetite are related concepts ## Footnote This relationship will be explored further in Section 5.

Question 47

What is the key question related to risk evaluation?

Answer 47

So What?

Question 48

What are the main components of understanding context and objectives in risk evaluation?

Answer 48

Knowing the context and objectives

Question 49

What is the focus when identifying and prioritizing risks?

Answer 49

Focusing on the biggest risks

Question 50

What does acceptability in risk evaluation determine?

Answer 50

If risks are acceptable in their current state

Question 51

What are trigger points in the context of risk management?

Answer 51

Knowing when to respond to risks based on severity

Question 52

Why is consistency important in risk management?

Answer 52

Ensuring staff respond consistently to risks, not based on individual attitudes

Question 53

What is a balanced approach in risk management?

Answer 53

Managing risks and opportunities without incurring excessive costs

Question 54

What is the definition of risk appetite?

Answer 54

The amount of risk required to achieve objectives

Question 55

What is the decision threshold in risk management?

Answer 55

The point at which action is taken on a risk

Question 56

List the four overriding principles of risk management.

Answer 56

* Interconnectedness * Measurability * Variability * Maturity

Question 57

What does interconnectedness refer to in risk management?

Answer 57

Acceptability varies across different parts of the organization

Question 58

What is meant by measurability in the context of risk appetite?

Answer 58

Ability to measure risk appetite for consistency

Question 59

How does variability affect risk appetite?

Answer 59

Different appetites for different risks

Question 60

What does maturity refer to in enterprise risk management (ERM)?

Answer 60

The maturity of ERM influences risk appetite

Question 61

Define risk capacity.

Answer 61

The maximum amount of risk an organization can bear

Question 62

What is risk tolerance?

Answer 62

The acceptable level of variation in achieving objectives

Question 63

What is risk appetite in the context of an organization?

Answer 63

The amount of risk an organization is willing to take to achieve objectives

Question 64

What does the term risk universe refer to?

Answer 64

The full spectrum of risks an organization faces

Question 65

True or False: Understanding risk appetite helps organizations manage risks effectively.

Answer 65

True

Question 66

What is ABC

Answer 66

A - behaviour comes from the Attitude - the way we think determines the way we think about risk, our chosen position driven by our values and beliefs. B - culture comes from the repeated behaviour' of those people to develop into a risk culture. Repeated behaviour leads to a risk culture. C is culture - so Values, beliefs and knowledge and understanding shared by a group of people with a common purpose - risk Culture has 'feed back' effect on how we think and how we act - good or bad cycle. So risk culture comes from repeated behaviour which comes from how we think about risk.

Question 67

Value of risk culture

Answer 67

important for the achievement of our objectives - we then give it the attention, resources, money needed to do it properly.

Question 68

The COSO ERM Framework was updated in 2017 in part to recognise that having a best-in-class ERM approach does not add value where a positive risk culture does not support it.

Answer 68

As already noted, the updated framework defines enterprise risk management as the ‘culture, capabilities, and practices, integrated with strategy-setting and its execution, that organizations rely on to manage risk in creating, preserving and realizing value.’

Question 68

what are the IRM risk culture framework 5 levels of risk culture

Answer 68

Personal predisposition to risk - is org attracting right people whose predisposition to risk meets boards. - spontaneous and challenge or cautious, pessimistic (use personality tests) Personal ethics - moral values - psychometric tools. behaviours - org culture - sociability, solidarity. Double S risk culture - Risk culture remains challenging to measure but, as sometimes attributed to the late Professor Peter Drucker, ’If it can’t be measured it can’t be managed’.

Question 68

what is risk sociability

Answer 68

the people focus, based on how well people interact socially – on the vertical axis of the model

Question 68

what is risk solidarity

Answer 68

the task focus, based on goals and team performance – on the horizontal axis of the model

Question 70

What does bias mean?

Answer 70

An inclination or prejudice against a person or group influenced by experience, assumptions, social norms, judgement, and more. ## Footnote Bias can affect decision-making and perceptions.

Question 71

Define cognitive bias.

Answer 71

A thought process caused by the brain's tendency to simplify information processing through personal experience and preferences, which may or may not be accurate. ## Footnote Cognitive bias can lead to misinterpretation of information.

Question 72

What is the main effect of cognitive bias on decision making?

Answer 72

It leads to subconscious errors that can cause misinterpretation of information from the world around us. ## Footnote This can impact both personal and group decisions.

Question 73

What is confirmation bias?

Answer 73

The tendency to believe what we want to believe because the information confirms our existing preconceptions or beliefs. ## Footnote This bias can reinforce existing opinions.

Question 74

What does conformity bias (or group think) refer to?

Answer 74

The influence of a group or majority on an individual's choices, even if contrary to personal judgement. ## Footnote This can lead to a lack of originality in decision making.

Question 75

What is authority bias?

Answer 75

The tendency to favour the ideas of an authority figure. ## Footnote This can lead to uncritical acceptance of potentially flawed ideas.

Question 76

Define bandwagon bias.

Answer 76

The tendency to favour ideas that have already been adopted by others. ## Footnote This can lead to herd mentality in decision making.

Question 77

What is anchoring bias?

Answer 77

The influence of pre-existing knowledge or information that makes it difficult to move beyond that point. ## Footnote This can restrict the ability to consider new information.

Question 79

What model is used for measuring risk culture?

Answer 79

Risk Culture Aspects model developed by the IRM ## Footnote This model provides a structured approach to evaluating the components of risk culture within an organization.

Question 80

How many aspects of risk culture does the Risk Culture Aspects model identify?

Answer 80

Eight aspects ## Footnote These aspects are grouped within four themes.

Question 81

What are the four themes of the Risk Culture Aspects model?

Answer 81

* Tone from the top * Decisions * Accountability * Competency ## Footnote Each theme encompasses specific aspects related to risk culture.

Question 82

What is the first aspect under the theme 'Tone from the top'?

Answer 82

Risk leadership – clarity of direction ## Footnote This aspect emphasizes the importance of leadership in establishing a risk-aware culture.

Question 83

What aspect addresses how an organization handles negative information?

Answer 83

Dealing with bad news ## Footnote This aspect is crucial for fostering an open and honest risk culture.

Question 84

Which aspect relates to the clarity of accountability in risk management?

Answer 84

Accountability – clarity of accountability ## Footnote Clear accountability ensures that individuals understand their roles in risk management.

Question 85

What does the aspect 'Transparency' in the Risk Culture Aspects model refer to?

Answer 85

Transparency – and timeliness of risk information ## Footnote Timely and clear communication of risk information is essential for effective risk management.

Question 86

What aspect evaluates how well-informed decisions are made?

Answer 86

Informed risk decisions ## Footnote This aspect focuses on the quality of information used in the decision-making process.

Question 87

What does the 'Reward' aspect focus on?

Answer 87

Reward – rewarding of appropriate risk taking ## Footnote Encouraging appropriate risk-taking behavior is vital for a healthy risk culture.

Question 88

What is assessed under the 'Risk resources' aspect?

Answer 88

Status, resources and empowerment of the risk function ## Footnote Adequate resources are necessary for effective risk management.

Question 89

What does the 'Risk skills' aspect emphasize?

Answer 89

Embedding of risk management skills ## Footnote Cultivating risk management skills across the organization enhances overall risk culture.

Question 90

How are the aspects 'Dealing with bad news', 'Reward', and 'Risk Skills' related to the Double ‘S’ model?

Answer 90

They have a greater impact on sociability ## Footnote Sociability refers to the relationships and interactions within the organization.

Question 91

What is the relationship between the other five aspects of the Risk Culture Aspects model and the Double ‘S’ model?

Answer 91

They are related to improvements in solidarity ## Footnote Solidarity reflects the unity and cohesion within the organization.