Module 1 - Unit 6: Risk response and risk treatment Flashcards Preview

International Certificate In Risk Management (IRM) > Module 1 - Unit 6: Risk response and risk treatment > Flashcards

Flashcards in Module 1 - Unit 6: Risk response and risk treatment Deck (28)
Loading flashcards...

Define what is meant by risk treatment

A risk response to risks that can be further treated by the introduction of cost-effective corrective controls.


Which one of the following best describes risk analysis prior to any risk treatment?

a residual risk
b target risk
c current risk
d gross risk.

d - gross risk


Which one of the following options from the 4Ts of hazard risk management would not result in a reduction in risk severity?

a terminating the source of the risk
b treating the risk
c transferring the risk
d tolerating the risk.

d - tolerating the risk.


Summarise the differences between risk responses to opportunity risk with that of hazard risk.






Explain the nature of preventive, corrective, directive and detective (PCDD) controls.

Preventive: Limit the possibility of an undesirable outcome occurring

Corrective: Limit the scope of loss once a risk has been realised e.g. insurance

Directive: Controls to ensure a particular outcome is achieved e.g. PPE

Detective: Controls designed to identify occasions when undesirable outcomes have been realised e.g. incident reporting


Identify two ways in which monitoring and review can help to improve risk management.

Monitoring and review ensures that the organisation monitors risk performance and learns from experience.


Explain what is meant by a near miss.

A near miss could be described as the realisation of a risk that does not result in significant impact, but could have been worse.


List the three main categories of insurance.

1. Mandatory/legal/contractual
e.g. employers liability, public liability, professional indemnity

2. Balance sheet profit and loss protection
e.g. business premises, business interruption, motor insurance

3. Employee benefit/protection of employee assets
e.g. Life and health, directors' and officers' liability


Identify two advantages and two disadvantages of insurance.

1. indemnity against an expected loss
2. access to specialist services as part of the premium

1. Time taken to obtain settlement
2. Potential for disputes around level of cover and term of policy


List the key stages of a business continuity plan.

1. Identify crucial risk factors already affecting the org

2. understand needs and obligations of the org

3. establish, implement and maintain business continuity management system

4. measure the overall capability to manage disruptive incidents

5. guarantee conformity with stated BCP


Which one of the following types of control is a fire insurance policy a good example of?

a preventive
b corrective
c directive
d detective.

b corrective


Which one of the following outcomes does a fire alarm produce as a risk treatment in the case of a fire?

a reduce likelihood but not impact
b reduce impact but not likelihood
c reduce both impact and likelihood
d reduce neither impact nor likelihood.

d reduce neither impact nor likelihood.

Without any further response (normally a corrective control) the alarm will just ring but nothing else will automatically happen to reduce the impact of the fire (for example, the use of an extinguisher or the evacuation of staff, which are corrective controls).


Which one of the following scenarios is an anticipatory response relevant to?

a emerging future situations
b providing clear guidelines for risk treatment
c a type of preventive control
d the activity of learning and improving the risk management process.

a emerging future situations


Which one of the following types of risk is “accept” a suitable response to?

a operational risk
b tactical risk
c business continuity risk
d opportunity risk.

b tactical risk

One of the 4A responses


Which one of the following types of risk can a “fifth T” be used as a response to?

a hazard risk
b operational risk
c business continuity risk
d opportunity risk.

d opportunity risk - "Take"


Which one of the following outcomes is the initial treatment of risk in an organisation not likely to result in?

a reduce the inherent risk
b reduce the high-level severity risks
c reduce the medium-level severity risks
d reduce the overall risk exposure.

c reduce the medium-level severity risks

High level severity risks will be treated initially


What is a captive insurance company?

An insurance company owned by a parent org that is not otherwise involved in insurance.

They cover losses up to an agreed threshold after which the primary insurer will pay out.


Describe 2 advantages of captive insurance

1. Savings achieved as premiums are set lower

2. Allows access to reinsurance markets where premium rated and risk capacity are favourable

3. Exposure to the cost of claims creates greater awareness and concern about loss control

4. Greater insurance cover can be provided than in the commercial market

5. Some tax benefits associated with captive insurance companies


Describe 2 disadvantages of captive insurance

1. The captive is exposed to claims that would otherwise be covered by commercial insurers

2. Parent company has to allocate capital to ensure adequate solvency of captive insurance co.

3. When large losses are paid by the captive they are consolidated on the parent's balance sheet

4. Compliance issues associated with captives operating in non-domicile territories

5. Admin cost, time and effort can be involved in management of the captive by the parent head office


Name the 6 Cs of insurance buying



Describe the 4As of project risk response

Adopt (appropriate contingency plans)
Accept (the uncertainty attached to the risk)
Avoid (the uncertainty attached to the risk)
Adapt (procedure and introduce controls)


What side of a bow tie diagram would control measure relate to and why?

Left hand side as these address the causes of risk.


What side of a bow tie diagram would recovery measures relate to and why?

Right side as they address the consequences of risks materialising


Loss control relates to the mitigation of hazard risk. What are the three components that make up loss control?

Loss prevention (focuses on likelihood)
Damage limitation (focuses on magnitude)
Cost containment (focuses on reducing impact and consequence)


What is a Preventative control?

Eliminates or reduces source of risk (not always cost effective e.g. CUK can't stop delivering potentially risky patient care)

Response: terminate
Loss control: loss prevention


What are Corrective controls?

Steps to limit the scope of loss i.e. barriers/job rotation/passwords

Response: treat
Loss control: loss prevention, damage limitation and cost containment


What are Directive controls?

Designed to ensure a particular outcome is achieved i.e. training and supervision, PPE, written systems and procedures

Response: transfer
Loss control: loss prevention, damage limitation and cost containment


What are Detective controls?

Designed to identify occasions when risks have been realised i.e. audit, incident investigation, health monitoring (NEWS).

Response: tolerate
Loss control: cost containment