ORA 7 Flashcards
It is the overall process of risk identification, risk analysis and risk evaluation.
It should be conducted systematically, iteratively and collaboratively, drawing on the knowledge and views of
stakeholders, and should use the best available information
Risk Assessment
Involves the recognition of risks and the rating them to determine the significant risks facing the organization,
project or strategy.
Risk Assessment
The purpose of ____ is to identify the significant risks that could impact the corporate objectives,
stakeholder expectations, core processes and key dependencies.
Risk Assesment
3 Activities during Risk Assessment
– Risk identification
– Risk Analysis
– Risk evaluation
_____ is to FIND, RECOGNIZE and DESCRIBE risks that might help or prevent
an organization in achieving its objectives
Risk Identification
true or false
Relevant, appropriate and out-to-date information is important in identifying risks
false; up to date
t or f : The organization should identify risks, whether or not their sources are under its control.
True
Read only
Factors to Consider in Risk Identification
▪ Tangible and intangible sources of risks
▪ Causes and events
▪ Threats and opportunities
▪ Vulnerabilities and capabilities
▪ Changes in the external and internal context
▪ Indicators of emerging risks
▪ The nature and value of assets and resources
▪ Consequences and their impact on objectives
▪ Limitations of knowledge and reliability of information
▪ Time-related factors
▪ Biases, assumptions and beliefs of those involved
ok
its purpose is to COMPREHEND the NATURE of risk and its characteristics including, the LEVEL of risk.
Risk analysis
____ involves a detailed consideration of UNCERTAINTIES, risk sources, consequences,
LIKELIHOOD, events, scenarios, controls and their effectiveness and can be undertaken with varying
degrees of detail and complexity, depending on the purpose of the analysis, the availability and
reliability of information, and the resources available
Risk analysis
true or false
Analysis techniques can be qualitative or quantitative, but never a combination of these, depending on the circumstances and intended use.
false, sinve may combination
T or F
Highly uncertain events can be difficult to quantify and will require using only quantative techniques to provides greater insight.
F. combine quali and quanti techniques
T or F
Risk identification PROVIDES an INPUT to RISK EVALUATION, to decisions on whether risk needs to be treated
and how, and on the most appropriate risk treatment strategy and methods.
F
should be R. analysis, not R. identification
Read only
Factors to Consider in Risk Analysis
▪ The likelihood of events and consequences
▪ The nature and magnitude of consequences
▪ Complexity and connectivity
▪ Time-related factors and volatility
▪ The effectiveness of existing controls
▪ Sensitivity and confidence levels
ok
Activity in risk assessment that SUPPORT DECISIONS
risk evaluation
_____ involves COMPARING the results of the risk analysis with the established risk criteria to determine where additional action is required.
Risk evaluation
t or f
Risk eval decision could be:
▪ Do nothing further
True
Bonus:
other decisions in r. eval
▪ Consider risk treatment options
▪ Undertake further analysis to better understand the risk
▪ Maintain existing controls
▪ Reconsider objectives
ANY ACTIONS CONCERNING THE RISK
Which Risk management approach?
When risk assessment is being undertaken by the Board of Directors, the Chief Executive Officer
(CEO) and the other top-level management of an organization
Top down risk assessment
— focus on external than internal
— too superficial
Which Risk management approach?
When risk assessments are undertaken by involving individual members of staff and local department management.
Bottom-up Risk Assessment
— Focus more on Internal than Exteranal
— Time Consuming
– Very Detailted
Risk Assessment Techniques
THE USE OF ___ o collect information that will assist with the recognition of the
significant risks
QUESTIONNAIRES AND CHECKLISTS
Risk Assessment Techniques
Collection and sharing of ideas at workshops to discuss the events that could impact the objectives, core processes or key dependencies.
Workshops and Brainstorming
Risk Assessment Techniques
Physical inspections of premises and activities and audits of compliance with established systems and procedures.
Inspections and Audits
TRUE OR FASE
Questionnaires and
Checklists are Difficult to use for strategic risks
false.
should be Flow Charts and
Dependency Analysis
ANALYSIS of the processes and operations within the organization to identify critical components that are key to success
Flocharts and dependency analysis
