Qs 5 2 Flashcards

Question

Risk should be a 'golden thread' that links all of the organisation's strategies, communications, policies and training. The LILAC model describes how a risk-aware culture can be created. Which of the following form part of the LILAC model? A. Leadership and Learning B. Investment and Accountability C. Appraisal and Communication D. Learning and Information

Answer 1

Answer: A Explanation: The LILAC Model is; Leadership, Involvement, Learning, Accountability and Communication. P. 149

Answer 2

Answer: D Explanation: A Cross Functional Team should create a risk register. It shouldn't be the responsibility of one person to do this- more points of view will lead to more risks being identified. Accountability for the Risk Register may however sit with the CEO or a Department Manager. This is explained on p. 132

Answer 3

Answer: D Explanation: Poisson Distribution would be used for this. Poisson Distribution predicts the likelihood of an event occurring. This is explained on p. 129 of the study guide but this YouTube video explains it a lot better: https://www.youtube.com/watch?v=zA7fp2s7FlM

Answer 4

Answer: A, B Explanation: Power and Legitimacy are part of the Stakeholder Salience Model - the third characteristic is Urgency. See p. 138

Answer 5

Answer: C Explanation: monitor and review is the last stage. The full cycle is; establish context - identify risks - analyse and evaluate risks - treat -communicate and consult - monitor and review. See p. 142

Answer 6

Answer: A, B Explanation: Advantages of ISO28000 are competitive advantage and cost savings. The textbook explains that cost savings come through a reduction in security incidents. For more info on ISO28000 see p. 141

Answer 7

Answer A, B Explanation: ISO 9001 is Quality Management- answers 1 and 2 are correct. ISOs are a popular topic on this exam so be sure to revise them - and not only what the names of them are, but also the principles behind each ISO. ISO 9001 is discussed on p. 25 of the CIPS study guide.

Answer 8

Answer: A Explanation: Banking and Insurance industries usually have a dedicated resource. This mean people working within the company are dedicated to this role (as opposed to using a third party). P. 146

Answer 9

Answer: A Explanation: This is an internal risk. A procurement risk would be issues with a supplier or contract, and economic risk would be exchange rate fluctuations etc. See p.118 for more information on internal risks- it's a known exam topic

Answer 10

Answer: B, D Explanation: Answers 2 and 4 are correct. A Business Continuity Plan is held at the top level, not a disaster recovery plan. This can be held at the department level- or whoever would have the ability to enact this if a disaster were to happen. A company is likely to have several Disaster Recovery Plans for different departments and different scenarios so several people within the organisation may be accountable for these. Option 3 is incorrect as the focus is on recovering systems (e.g. getting people back online) not on profit. P.155

Answer 11

Answer: B Explanation: This is Greenwashing. Greenwashing is the process of using a good deed to cover up unethical responsibility. See p. 45. In this example Company X has thrown some money at a charity in order to cover up the fact it has child labour issues within the supply chain. See https://en.wikipedia.org/wiki/Greenwashing

Answer 12

Answer: C Explanation: This could be for cultural reasons within the company. P. 135 states that sometimes causes of risk are not recorded as this could lead to a blame culture within the company.

Answer 13

Answer D Explanation: This is an example of bribery. The trip to Barbados is the bribe. For more information on these types of fraud see p.19

Answer 14

Answer: B, D Explanation: The correct responses are 2 and 4: risk management is a continual process and helps companies ensure the smooth and successful running of P+S. These are direct quotes from p.3 of the study guide. The other answers are wrong- if risk management is a continuous process it's not something that is done once a year- so this option is automatically discounted. Option 1 is also wrong as you can never reduce all risks to 0, and option 5 is also wrong- risks can be treated and transferred, but they can also be tolerated and terminated.

Answer 15

Answer: C Explanation: The correct answer is 3 'no- the team should review the company's risk appetite before creating a risk register'. This questions tests to see if you understand what risk appetite is and when this should be reviewed. Risk appetite is the first stage in developing any plan as it will influence the next stages. For example if the company has a large risk appetite, this would affect how they would classify risks and what mitigating actions they would take. Risk appetite is explained in chapter 1.1 (p.4) but it also comes up in Learning Outcome 3

Answer 16

Answer C Explanation: The correct answer is 3 'no Leo LLP could do nothing and increase its prices instead'. Firstly the CFO is wrong. There are other ways to mitigate this risk than hedging- hedging isn't the ONLY thing you can do. Therefore you automatically need to discount options that begin with yes. Then looking at the options that begin with no, insurance isn't going to help in this situtation. Therefore, by process of elimination you will be left with 'no Leo LLP could do nothing and increase its prices instead'. This question is taken from p.95 - there is a section here describing alternatives to hedging. When dealing with currency fluctuations, an alternative to fixing a price is to build in a margin on your own prices. This margin acts as a buffer for if prices go up- your price can remain the same. Other alternatives to hedging suggested by CIPS include; negotiating long term contracts, buying out the supplier and ingredient substitution

Answer 17

Answer: D Explanation: analyse is the correct answer. The full process is: establish context- identify- analyse - evaluate - treat - monitor and review. This is from p.122

Answer 18

Answer: A, B,C Explanation: 1 2 and 3 are factors which can lead to a supplier becoming insolvent. 4- increased market share is a good thing, as it indicates the supplier is doing better than their rivals. A high financial ratio is also a good thing as it shows they have more assets than debt - so this is not a sign of insolvency. See p.24 for 'Supplier Risks'

Answer 19

Answer: D Explanation: A black swan event is an unusual occurrence - something that is rare. See p.124

Answer 20

Answer: A, C, D Explanation: 1, 3 and 4 are the correct options. Binomial is based on discreate events not continuous and it assumes the events of each trial are independent of one another. This YouTube video explains it all perfectly using the chance that an ice-cream cone is broken. It's a nice memorable example to help you remember what binomial distribution is and how it works: https://www.youtube.com/watch?v=3EZbX2ftCUk - it's a very memorable example and really helped me. You can also see more info in the cips textbook p.131

Answer 21

Answer: A, C, D Explanation: 1 3 and 4 are the correct answers. There are 7 key areas that ISO 26000 focuses on. As well as these three, there is also labour practices, the environment, fair operating practices and community involvement. See p. 51 of the study guide. ISOs are a popular exam topic so do revise these before the exam.

Answer 22

Answer(s): B Explanation: This is the description of treat mentioned on p. 143. The 4 Ts is a popular exam topic

Answer 23

Answer(s): D Explanation: The correct answer is 'publish a summary of how the directors have engaged with employees'. For more information on this piece of legislation see p. 145

Answer 24

Answer(s): D Explanation: Risk Management = ISO31000. Learn the ISOs for the exam as it's a popular exam topic. 31000 is explained on p. 140. As well as the numbers, you should also learn the guiding principles of each ISO for the exam.

Answer 25

Answer(s): A,E Explanation: 1 and 5 are correct- it is the most common type of distribution and it looks like a bell curve when it's drawn as a graph. There's one on p.127 to look at. The other three statements are incorrect- it's a bell shape rather than a curve, it requires a large number of data points and most of the data points correlate around the middle.

Answer 26

Answer(s): B Explanation: This is 'contingent business interruption' insurance. This protects you if anything were to happen to your suppliers' premises. Business Interruption Insurance would cover you if something were to happen to your premises. See p.99

Answer 27

Answer(s): C Explanation: The correct order is 2, 1, 3 - this is from p.108 of the study guide: 'The Components of a Business Continuity and Disaster Recovery Plan'.

Answer 28

Answer(s): D Explanation: changes to import levies is an external risk. Not internal. See p.118-119 for more information on internal risks - this is a popular exam topic. Internal risks are stuff that happens inside a company, external risks are risks from the external environment (whether this is political, economical, weather etc)

Answer 29

Answer(s): B,D Explanation: 2 and 4 are correct. Audits should be unscheduled so that any issues can't be covered up in advance. Interviews with workers should also be conducted in private as this will allow them to speak their mind with confidence. Where interviews are conducted as a group there may be peer-pressure to say the correct thing. especially if there are managers around. see p.88 for information on Audits

Answer 30

Answer(s): D Explanation: As a consultant he will need Professional Indemnity insurance. This insurance is for roles that include providing advice, designs and services. Insurances comes up a bit in the exam so revise this from p.96-100

Answer 31

Answer(s): A,C Explanation: 1 and 3 are correct answers. Options 2,4, and 5 are true for NEC contracts - NEC is more collaborative than FIDIC, early warning notices are given and change controls are called 'Compensation Events'. See p.74 for more information on FIDIC and NEC Contracts. This does come up in the exam

Answer 32

Answer(s): C Explanation: a C grade = substantial risk. This is based on the grading system of AAA-D and is explained on p. 80. basically anything that isn't an A is bad.

Answer 33

Answer(s): B,C Explanation: The correct answers are conduct benchmarking and create a risk assessment. This supplier provides low value and low risk products - therefore the fact they have a bad credit rating isn't too much of a risk to your company. It's worth doing a benchmarking exercise to compare their position to others in the market to see if there are any industry-wide trends, and to create a risk assessment and mitigation plan. This could involve working with the supplier to help them improve their credit score, for example by using more favourable payment terms so they have a better cash flow. There's no need to replace them immediately, and there's no need to tell the CEO- they probably have more important things to think about than a singular supplier of non-critical items See p.81

Answer 34

Answer(s): A Explanation: Indemnity clauses should contain duties of both parties, a monetary limit and a time limit (1 2 and 5). It should also detail what types of costs are covered. These four points are explained on p.61. An indemnity clause doesn't necessarily signal a breach in contract, and levels of insurance are not relevant here.

Answer 35

Answer(s): C,D Explanation: Patent and Trademark are types of IP protection. There are 4 in total - the other two are copywrite and trade secret. This is covered on p.63-64 of the study guide

Answer 36

Answer(s): D Explanation: The hurricane is the force majeure event. Natural disasters such as this, or any events outside of the parties' control could be considered force majeure. This is a popular exam topic - see p. 66 in the study guide

Answer 37

Answer(s): A Explanation: Tolerate is one of the 4 Ts. This is a popular exam question so do learn the 4 Ts: Tolerate, Treat, Transfer and Terminate. See p.32.

Answer 38

Answer(s): C Explanation: Sarbanes Oxley Regulations encourages transparency in financial reporting. The regulations came in response to the Enron scandal in 2001 when Enron bosses were falsifying financial records to make the company look better than it was, then the company went bust. The point of Sarbanes Oxley is to ensure that this doesn't happen again- that business leaders report correct financial statements to shareholders. The study guide talks about this on p.42 but I'd recommend also watching this video as it gives a good background to the regulation: https://www.investopedia.com/terms/s/sarbanesoxleyact.asp

Answer 39

Answer(s): C,D Explanation: The correct answers are 3 + 4. To mitigate the risk, you want to ensure price stability for the duration of the contract- you don't want the prices to keep going up and down. Therefore options 1 and 2 wouldn't help- the prices would still go up and down regardless of which currency was used for quotes. Using a forward contract, or fixing the exchange rate, however, would give price certainty, and therefore mitigate the risk. See p.23 for more information on currency risks and how to overcome these

Answer 40

Answer(s): D Explanation: Company D is the strongest. You want a company with high liquidity (this means they can easily pay any debts) and low gearing (meaning that their company isn't financed by debt). This question comes from p.24 of the CIPS study guide. It doesn't go into a lot of detail on financial ratios and gearing, as this was covered in Level 4. If you're rusty on financial ratios and gearing I recommend revising these before the exam.

Answer 41

Answer(s): A Explanation: This is a financial risk. A drop in share prices is a huge financial risk for a company. Having lots of items as WIP is also a financial risk as this signifies that a lot of money is tied up in stock being held on site. Types of risk are very popular exam questions for this module- for a full list of these and s see p.11

Answer 42

Correct Answer: C Indemnity clauses transfer risk from one party to another. It is an arrangement whereby one party promises to compensate the other party for a trigger event. An example of an indemnity clause could be a construction firm is building a new bridge and the project is supposed to be completed by 1st June. An indemnity clause may state that should the bridge not be ready by this date, the construction firm will compensate the buyer by X amount. See p.61 for more information on indemnity.

Answer 43

Answer(s): C Explanation: SWOT is used for this. S + W is strengths and weaknesses, which are internal risks. O+T are opportunities and threats which are external risks. See p. 12 for more information

Answer 44

b. Internal technology failure. Here's why: Operational risk refers to the risk of loss resulting from inadequate or failed internal processes, people, and systems, or from external events. Let's look at why the other options are not primarily operational risks: a. Unexpected interest costs: This is primarily a financial risk. It relates to the cost of borrowing money and how changes in interest rates can impact an organization's expenses. c. Increased competitor activities: This is a strategic or market risk. It concerns the potential negative impact of competitors' actions on an organization's market share and profitability. d. Fluctuating exchange rates: This is a financial risk, specifically related to currency risk and how changes in exchange rates can affect international transactions and the value of assets and liabilities. Sources and related content

Answer 45

The correct answer is d. 1 and 4 only. The Sarbanes-Oxley Act of 2002 (often referred to as SOX) in the United States was enacted in response to major corporate accounting scandals. Its primary focus is on: Investor protection: SOX aims to protect investors by increasing the reliability and accuracy of corporate financial reporting. Corporate financial disclosure: A significant part of SOX mandates greater transparency and accountability in how public companies disclose their financial information. This includes requirements for internal controls over financial reporting and certifications of financial statements by company executives. While important, product quality and clear commercial advertising are not the central focus of the Sarbanes-Oxley regulations. These areas are typically governed by other laws and regulations related to consumer protection and product safety.

Answer 46

B. an exclusion clause. Here's why: An exclusion clause is a provision in a contract that seeks to limit or exclude liability for certain events or circumstances. In this case, the supplier is specifically excluding liability for disruptions or damages caused by natural disasters like tsunamis, earthquakes, and volcanic eruptions.

Answer 47

answer is B. A risk. Here's why: Risk, in the context of project management and general business, is defined as an uncertain event or condition that, if it occurs, has a positive or negative effect on one or more project objectives. These objectives can include scope, schedule, cost, and quality. Let's look at why the other options are not the best fit: A. An issue is a problem that has already occurred and is currently impacting the project. It's no longer an uncertain event. C. An uncertainty is a broader term that implies a lack of complete knowledge about something. While risk involves uncertainty, the definition of risk specifically includes the potential for positive or negative impact on objectives. D. A sponsor is an individual or group who provides resources and support for the project and is accountable for its success. They are not an uncertain event or condition.

Answer 48

a. Cybercrime. Here's why: Cybercrime directly relates to technological risks in a highly integrated and data-transparent environment like ManCo Inc.'s supply chain. Interconnected systems are more vulnerable to cyberattacks, data breaches, and disruptions to technological infrastructure. Let's look at why the other options are less directly related to technological risk in this context: b. Global economics: While global economic factors can impact ManCo's business, they are not primarily a technological risk. They fall under economic or market risks. c. Labour standards: Issues related to labour standards in the supply chain are social and ethical risks, not technological ones. d. Economic uncertainty: Similar to global economics, economic uncertainty is a broader macroeconomic risk, not specifically a technological risk. Given the description of ManCo's interconnected systems and high data transparency, the most pertinent technological risk would be threats to the security and integrity of those systems and data, which is encompassed by cybercrime.

Answer 49

B. Risk Register. Here's why: A Risk Register is a comprehensive document used in project management and risk management to identify, analyze, evaluate, and track potential risks. It typically includes details such as the description of the risk, its likelihood and impact, planned responses, responsible parties, and current status.

Answer 50

The most appropriate option for PMG to manage its Euro currency risk exposure, given that it has both Euro payables and Euro receivables, is likely a B. Swap. Here's why: Swap: A currency swap allows PMG to exchange a stream of payments in one currency for a stream of payments in another currency. Since PMG has both Euro inflows (receivables) and Euro outflows (payables), a swap can be structured to match these flows. For example, PMG could agree to pay a fixed amount in GBP and receive a variable amount in EUR (linked to their receivables) while simultaneously agreeing to receive a fixed amount in GBP and pay a variable amount in EUR (linked to their payables). This can effectively hedge both sides of their Euro exposure and potentially lock in more predictable GBP cash flows. Let's look at why the other options might be less ideal in this specific scenario: A. Forward contract: A forward contract would allow PMG to lock in a specific exchange rate for a future transaction (either a payment or a receipt). While useful for individual transactions, managing both payables and receivables with separate forward contracts could become complex and might not fully leverage the offsetting nature of their currency flows. C. Currency account: Holding a Euro currency account would help manage the transaction costs associated with converting currencies for each payment and receipt. However, it wouldn't directly protect PMG from fluctuations in the Euro/GBP exchange rate. The value of the Euros held in the account would still change relative to GBP. D. Option: A currency option gives PMG the right, but not the obligation, to buy or sell Euros at a specific exchange rate in the future. While this offers flexibility and protection against adverse movements, it comes at the cost of a premium. Given that PMG has consistent flows in both directions, a swap might be a more cost-effective hedging strategy. In summary, the swap allows PMG to manage its overall Euro currency exposure by potentially netting off its receivables and payables in Euros and locking in more predictable GBP cash flows.

Answer 51

A. Regular one-on-ones with John. Here's why: Regular one-on-ones provide a dedicated space for open communication. You can: Understand John's concerns, frustrations, and career aspirations. Address any issues before they escalate to the point of him wanting to leave. Provide feedback, recognition, and support, making him feel valued. Discuss his professional development and future within the company. While the other options can contribute to employee satisfaction and retention, they are less directly focused on proactively identifying and addressing potential issues that could lead to someone quitting: B. Comprehensive professional development plan: This is important for long-term growth and engagement, but it might not prevent someone from leaving due to immediate concerns or feeling unheard. C. The highest salary in the team: While compensation is a factor, it's not always the primary reason people leave. Lack of communication, feeling undervalued, or lack of growth opportunities can be equally or more significant. D. More responsibility: While some employees thrive on increased responsibility, for others it can lead to stress and burnout if not managed well or if other underlying issues aren't addressed. Giving more responsibility without understanding John's capacity and desires could even hasten his departure. In summary, regular one-on-ones create a crucial channel for dialogue and early intervention, making it the most direct way to reduce the chances of a valued employee like John suddenly quitting.

Answer 52

b. 2 and 3 only. Here's why: 2. Reputation: A company's reputation is intrinsically linked to its brand. Negative incidents, poor quality, or unethical behavior can severely damage the brand's image and customer trust. This is a direct risk to the brand. 3. Positioning: Brand positioning refers to how a company's products or services are perceived in the market relative to competitors. Poor or unclear positioning can weaken the brand's identity and make it less appealing to target customers, posing a direct risk to its success. Let's look at why the other options are less directly associated as risks to the brand itself: 1. Marketing: While ineffective marketing can hinder brand growth and recognition, marketing itself is a function used to build and promote the brand. It's the failure or negative impact of marketing efforts (e.g., misleading campaigns) that would pose a risk to the brand. 4. Support: Poor customer support can certainly damage a company's reputation, but "support" itself is a service offered under the brand. The quality of support and negative customer experiences are the direct risks to the brand's reputation.

Answer 53

A. Risk Analysis. Here's why: Risk Analysis is the process of evaluating identified risks to determine their likelihood of occurrence and their potential impact. This assessment allows for the prioritization of risks, enabling the organization to focus its resources on the most significant threats and opportunities. Let's look at why the other options are not the best fit: B. Risk Brainstorming: This is a technique used during Risk Identification to generate a comprehensive list of potential risks. It doesn't involve the subsequent assessment of impact and probability for prioritization. C. Risk Identification: This is the process of determining and documenting potential risks that could affect the project or organization. It precedes risk analysis. D. Risk Appetite: This refers to the level of risk an organization is willing to accept in pursuit of its objectives. It influences how risks are prioritized but is not the process of prioritization itself based on impact and probability.

Answer 54

a. Yes, because these staff are more likely to be aware of such malpractices. Here's why: Employees working directly within the supply chain, whether they are your own staff or those of your suppliers, are often best positioned to observe unethical behavior such as fraud, corruption, human rights violations, or environmental breaches. Encouraging whistle-blowing can provide crucial early warnings and insights that might not be visible through audits or other oversight mechanisms. Let's look at why the other options are less accurate: b. Yes, because they will always know if there is unethical behaviour: While they are more likely to be aware, it's not guaranteed they will always know. Unethical behavior can be concealed. c. No, because there is usually no means of them doing so confidentially: Reputable organizations should establish confidential and secure channels for whistle-blowing to encourage reporting without fear of retaliation. This is a key aspect of an effective whistle-blowing program. d. No, because in many countries this will be illegal as it is confidential information: Encouraging the reporting of unethical behavior is generally not illegal. Laws often exist to protect whistle-blowers. Confidentiality of the reporter is usually a priority, but the act of reporting wrongdoing is typically not illegal. The focus is on addressing potentially harmful or illegal activities.

Answer 55

C. During the whole lifetime of a project. Here's why: Risk Identification is not a one-time activity. While it's crucial to start identifying potential risks early in the project lifecycle (at the beginning and during planning), new risks can emerge as the project progresses through execution and even closure. Let's look at why the other options are less comprehensive: A. At the beginning of a project: This is an important time to identify initial risks, but it's not the only time. B. During project planning: This is when a more detailed risk assessment and planning for risk responses occur, building on the initial risk identification. However, risks can still arise later. D. During project execution: While you'll certainly deal with risks that materialize during execution, you should also continue to be vigilant for new risks that might emerge due to changes, unforeseen circumstances, or increased understanding of the project. Therefore, risk identification is an iterative process that should be performed continuously throughout the entire project lifecycle to ensure that new and evolving risks are identified and managed effectively.

Answer 56

Given the high probability (70%) of a tropical storm, the most prudent way to handle this risk is to A. Change the location of the conference. Here's why: Changing the location directly avoids the primary risk of the storm disrupting or preventing the conference from happening at the planned venue. This is a risk avoidance strategy, which is often the most effective when the probability and potential impact are high. Let's look at why the other options are less ideal as a primary response: B. Buy insurance to cover possible damage: While insurance is a good risk mitigation strategy for potential financial losses if the storm hits, it doesn't prevent the disruption of the conference itself. You would still face potential cancellations, travel issues for attendees, and the negative impact of a poorly executed or canceled event. C. Book another place nearby to mitigate the risk of the first location unavailable due to the storm: This is a form of contingency planning and is a good secondary measure. However, it doesn't eliminate the risk of the storm affecting the nearby location as well, potentially leading to double the logistical challenges and costs. It's better to avoid the high-risk area altogether if feasible. D. Inform all participants of the possible storm: While transparency is important, simply informing participants doesn't address the core risk of the conference being severely impacted or canceled. It puts the onus on them to decide whether to attend and doesn't solve the logistical and organizational challenges you would face. Therefore, changing the location is the most proactive and effective way to handle a high-probability, high-impact risk like a tropical storm potentially affecting your conference.

Answer 57

D. Yes - the plan will show how the supplier will continue to operate and deliver the service in a disaster situation. Here's why: Given that the contract is high-risk and the procurement organization is critically dependent on the supplier, ensuring the supplier's ability to continue operations during a disruption is paramount. A disaster recovery plan outlines the steps the supplier will take to minimize downtime and maintain service delivery in the face of adverse events. This directly addresses the high-risk nature of the contract and the critical dependency. Let's look at why the other options are less appropriate: A. Yes - disaster recovery plans should be a standard requirement for all suppliers on all contracts: While having disaster recovery plans is generally good practice, making it a standard requirement for all contracts, regardless of risk or value, might be overly burdensome and unnecessary for low-risk, low-value contracts. The level of due diligence should be proportionate to the risk and criticality. B. No - the procurement manager is responsible for creating the disaster recovery plan: The supplier is the expert in their own operations and processes. They are best positioned to develop a realistic and effective disaster recovery plan for their business. The procurement manager's role is to specify the requirement and review the plan to ensure it meets the organization's needs. C. No - disaster recovery planning is only required on high-risk and high-value contracts: While high-value contracts might also warrant disaster recovery plans, the critical factor here is the high-risk and critical dependency. Even a medium-value contract can pose a significant risk if the procurement organization's operations heavily rely on that supplier. Therefore, requiring a disaster recovery plan from a critically important, high-risk supplier is a prudent and appropriate action for the procurement manager to take.

Answer 58

C. As many stakeholders as practical. Here's why: Risk management is most effective when it incorporates diverse perspectives and expertise. Different stakeholders will have unique insights into potential risks and their potential impacts.

Answer 59

The two recognised risk management strategies to mitigate risks from the options provided are A. Treat and E. Transfer. Here's why: A. Treat (or Mitigate): This involves taking action to reduce the likelihood or impact (or both) of a risk. This could involve implementing controls, changing processes, or developing contingency plans. E. Transfer: This involves shifting the responsibility for managing a risk and the potential financial burden to a third party. Common methods include purchasing insurance or outsourcing the activity associated with the risk.

Answer 60

Correct Answer: B Answers A and B are good solutions. Buying insurance will help to avoid budget overrun. Finding a good expert will help reduce the probability of breakdown. However, we have tasks on a critical path. It means they tolerate little risks to the Project Schedule. So, having a team on standby to keep the equipment working is the best option here.

Answer 61

Correct Answer: B Without proper analysis, you can’t state that a risk has an impact on the project. Likewise, you should not assume that the risk has no impact at all. Therefore, always log all possible risks first. Decide later. Learn more about Risk Management Process.

Answer 62

D. Yes, all relevant information must be fully disclosed otherwise the insurance will be void. Here's why: Utmost Good Faith (Uberrimae Fidei): This is a fundamental principle of insurance contracts. It means that both the insurer and the insured have a duty to disclose fully and honestly all material facts relevant to the risk being insured. Failure by the insured to disclose relevant information can render the policy void. Let's look at why the other options are incorrect: A. No, caveat emptor is the fundamental principle of all insurance related contracts: Caveat emptor means "let the buyer beware." This principle generally applies to sales transactions where the buyer is responsible for checking the quality and suitability of goods before purchasing. It does not apply to insurance contracts, where the principle of utmost good faith places a higher duty of disclosure on both parties, particularly the insured. B. Yes, it places the burden of responsibility on the insurance company to check the facts: While insurance companies do conduct their own risk assessments, the primary responsibility for disclosing all relevant material facts lies with the insured under the principle of utmost good faith. C. No, it is always assumed that there are no material facts unless they are expressly stated: This is incorrect. The principle of utmost good faith requires the disclosure of all relevant material facts, even if they are not explicitly asked for by the insurer. The insured has a duty to disclose anything that might influence the insurer's decision to provide coverage or the terms of that coverage. Therefore, the principle of utmost good faith in insurance contracts necessitates full and honest disclosure of all relevant information by the insured. Failure to do so can have serious consequences, including the invalidation of the policy.

Answer 63

Correct Answer: E A prioritized list of risks, list of risk for additional analysis and investigation, list of urgent risks, the watch list, AND list of risks grouped by categories are the output of the Qualitative Risk Analysis process

Answer 64

A. Yes, but only if the event is genuinely beyond the control of one or all of the parties. Here's why: Force Majeure: This is a legal term referring to unforeseen circumstances that prevent someone from fulfilling a contract. These events are typically outside the reasonable control of the contracting parties and can include natural disasters, war, riots, or other catastrophic events. Let's look at why the other options are incorrect: B. No, a contract is legally binding and the parties cannot be excluded from any liability: While contracts are legally binding, they can and often do include clauses that excuse parties from liability in specific circumstances, such as force majeure. C. Yes, it is not possible for liability to arise for any party if something unexpected happens: This is too broad. Not all unexpected events qualify as force majeure. The event must typically be beyond the parties' control and have a significant impact on their ability to perform the contract. D. No, it is not possible to exclude responsibility for liability that might arise under a contract: This is incorrect. As mentioned earlier, contracts can contain clauses, like force majeure clauses, that specifically exclude liability for certain types of events. Therefore, the statement is correct only with the crucial qualification that the unforeseen event must genuinely be beyond the control of the parties involved to be considered force majeure and potentially excuse liability. The specifics of what constitutes force majeure are usually defined within the contract itself and can vary.

Answer 65

The two elements that are part of the conventional methodology for assessing risks are C. Probability and E. Impact. Here's why: Probability: This refers to the likelihood that a specific risk will occur. It's often assessed using qualitative scales (e.g., Low, Medium, High) or quantitative measures (e.g., percentages). Impact: This refers to the potential consequence or severity if the risk does occur. Like probability, it's often assessed using qualitative scales (e.g., Low, Medium, High) or quantitative measures (e.g., financial loss, schedule delay). Risk assessment conventionally involves evaluating these two dimensions to determine the overall significance of a risk and to prioritize it for further action. Risk value or score is often calculated as a function of probability and impact (e.g., Probability x Impact).

Answer 66

The correct answer is A. Supply chain. A supply chain encompasses all the stages involved in the flow of goods, from the initial sourcing of raw materials to the final delivery of the finished product to the end consumer. It includes various entities such as manufacturers, suppliers, transporters, warehouses, retailers, and the customers themselves, all working together in a network.

Answer 67

The correct answer is B. 2 and 3. Here's why: Risk 1: MIM took out insurance to provide full protection. This action describes 3. Transfer. By purchasing insurance, MIM is transferring the financial risk of the event to the insurance company. Risk 2: MIM was comfortable accepting the risk of the supplier's short-term performance issues. This action describes 2. Tolerate. MIM decided to accept the potential impact of the supplier's short-term issues, likely because the supplier was trusted and had a plan for resolution, making the risk acceptable within MIM's risk appetite.

Answer 68

A. Procedural. Here's why: Monetary flow: Money moves down the supply chain from the buyer to the seller for goods and services, and sometimes up in the form of rebates or refunds. Information flow: Information moves both up (e.g., forecasts, orders) and down (e.g., delivery schedules, instructions) the supply chain. Physical flow: Goods and materials move down the supply chain from raw materials to the end consumer, and sometimes up in the form of returns or recycling. Procedural aspects, while governing how the supply chain operates, are not a flow of tangible or intangible items moving through it in the same way as money, information, or physical goods. Procedures are the rules and processes that facilitate these flows.

Answer 69

C. Terminating. Here's why: Terminating the practice is how Dr. Dick is managing the risk. He is eliminating the activity (practicing medicine) that exposes him to the risk of malpractice claims and the associated high insurance premiums.

Answer 70

A. Consequential loss. Here's why: Consequential loss (also known as indirect loss) is a financial loss that occurs as a consequence of a direct loss. In this scenario, the direct loss is the destruction of the vehicle fleet by the fire. The consequential loss is the loss of business and revenue that the transport company suffers because it cannot fulfill customer orders due to the lack of vehicles. Let's look at why the other options are incorrect: B. Direct loss: This refers to the immediate physical damage (the destroyed vehicles). C. Positive loss: This is not a standard term in risk management or insurance. Loss generally implies a negative outcome. D. Reputational loss: While the inability to fulfill orders might eventually damage the company's reputation, the immediate loss described is the loss of business and revenue, which is a direct financial consequence of the initial event. Reputational damage would be a secondary, potential outcome.

Answer 71

The priority clauses for SDI in this contract are 1. Intellectual property rights and 4. Indemnity. Therefore, the correct answer is D. 1 and 4 only. Here's why: 1. Intellectual property rights: The scenario explicitly states that SDI will pay XNX a one-off fee for exclusive and full ownership of Project Y once the development is complete. Therefore, clearly defining the ownership and transfer of intellectual property rights in the contract is crucial for SDI to secure its investment and future control over the new development. 4. Indemnity: The agreement that XNX will compensate SDI for potential future liability on Project Y in respect of the development work it has undertaken directly relates to an indemnity clause. SDI needs this clause to protect itself from potential legal or financial repercussions arising from XNX's work on the project. This is a significant point of negotiation and a priority for SDI to have clearly documented in the contract. Let's look at why the other options are less of an immediate priority based on the provided information: 2. Force majeure: While force majeure clauses are standard in many contracts to address unforeseen events, the immediate priorities for SDI in this specific scenario revolve around securing ownership of the developed product and protecting themselves from liabilities arising from XNX's work. 3. Jurisdiction: A jurisdiction clause, which specifies the governing law and where disputes will be resolved, is important for any contract, especially one involving different organizations. However, given the emphasis on ownership and liability in the provided context, it is a secondary concern compared to intellectual property rights and indemnity for SDI in this particular situation.

Answer 72

The core international labour standards, as defined by the International Labour Organization (ILO), include 3. Freedom from forced labour and 4. Freedom from discrimination. Therefore, the correct answer is E. 3 and 4. Here's a brief explanation of why these are core standards and why the others are not typically included in the fundamental principles: Freedom from forced labour: This principle prohibits all forms of forced or compulsory labour. Freedom from discrimination: This principle promotes equality of opportunity and treatment in employment and occupation, without distinction based on race, color, sex, religion, political opinion, national extraction, or social origin.

Answer 73

C. Complements. Here's why: ISO 20400 provides guidelines for sustainable procurement. It doesn't replace or supersede the other listed standards and principles. Instead, it works alongside them, providing a specific focus on how organizations can integrate sustainability into their purchasing processes. The UN Guiding Principles on Business and Human Rights outline the state's and companies' duties and responsibilities to prevent and address human rights abuses. ISO 20400 can help organizations implement the corporate responsibility to respect human rights within their procurement activities. ISO 26000 offers broader guidance on social responsibility. ISO 20400 aligns with and supports the social responsibility principles outlined in ISO 26000 within the specific context of procurement. ISO 31000 provides principles and guidelines for risk management. Sustainable procurement, as guided by ISO 20400, involves managing various risks, including environmental and social ones, thus complementing the broader risk management framework of ISO 31000. ISO 14001 specifies requirements for an environmental management system. ISO 20400 helps organizations extend their environmental considerations into their supply chain through sustainable procurement practices, thus complementing ISO 14001.

Answer 74

The correct answer is A. Corporate Governance. Corporate governance is the system of rules, practices, and processes by which a company is directed 1 and controlled. It essentially involves balancing the interests of 2 a company's many stakeholders, such as shareholders, management, customers, suppliers, financiers, the government, and the community. 3

Answer 75

The correct answer is B. Objectives. According to ISO 31000:2018, risk is defined as the "effect of uncertainty on objectives". Uncertainty, in this context, refers to the state of deficiency of information related to an event, its consequence, or likelihood. Objectives can be financial, operational, strategic, or any other goals an organization is trying to achieve. Risk management aims to identify, analyze, evaluate, and treat risks that could affect the achievement of these objectives.

Answer 76

The correct answer is D. All the above. Here's why: A. Cash flow - supplier's ability to meet short-term debt: Analyzing a supplier's cash flow is crucial to assess their immediate liquidity and ability to pay their short-term obligations (e.g., accounts payable, salaries). A healthy cash flow indicates financial stability in the near term. B. Gearing - amount of long-term debt: Gearing (also known as leverage or debt-to-equity ratio) indicates the extent to which a supplier is financed by debt. High gearing can signal higher financial risk, as the supplier has significant long-term obligations to meet. C. Profitability ratios: Profitability ratios (e.g., gross profit margin, net profit margin, return on assets) reveal how efficiently a supplier is generating profits from its operations. Consistent profitability is a key indicator of long-term financial health and sustainability. By considering all three of these areas, buying organizations can gain a comprehensive understanding of a supplier's financial position, both in the short term and the long term, and assess their overall financial stability and risk.

Answer 77

B. Needs. This is the widely accepted definition of sustainable development as outlined in the Brundtland Report (Our Common Future) published in 1987 by the World Commission on Environment and Development (WCED). The full quote is: "Sustainable development is development that meets the needs of the present without compromising the ability of future generations to meet their own needs."

Answer 78

The seven core subjects and issues pertaining to social responsibility referred to in ISO 26000 are: c. Organizational governance d. Human rights f. Labour practices (which would encompass aspects of e. Working Hours) g. The environment h. Fair operating practices i. Consumer issues l. Community involvement and development While some of the other options listed are important aspects of business operations and sustainability, they are not categorized as the seven core subjects of social responsibility within the framework of ISO 26000. ISO 20400, which focuses on sustainable procurement, aligns with these core subjects of social responsibility from ISO 26000.

Answer 79

C. Direct loss. Here's why: Direct loss refers to the immediate financial harm resulting from a specific event. In this case, the damage or fault in the products and materials directly leads to the cost of replacement. Let's look at why the other options are less appropriate: A. Indirect loss (or Consequential loss): This refers to losses that occur as a consequence of the direct loss. For example, if faulty materials cause a production line to shut down, the lost production and revenue would be an indirect loss. B. Product loss: While technically accurate in a general sense, "direct loss" is the more specific and commonly used term in risk management and accounting to describe the cost of replacing damaged or faulty items. D. Product liability claim: This refers to a legal claim made by a third party who has suffered harm due to a faulty product. While the replacement of the product might be a consequence of such a claim, the act of replacing the damaged/faulty goods itself is a direct cost or loss for the organization.

Answer 80

According to ethical labour standards such as SA8000, the normal workweek shall not on a regular basis exceed B. 48 hours. SA8000 is a globally recognized social accountability standard that includes requirements for working hours, stating that the regular workweek should not exceed 48 hours and that overtime should be voluntary and compensated at a premium rate, with limits on regular overtime.

Answer 81

The ETI (Ethical Trading Initiative) base code has D. 9 provisions. These nine core principles cover areas such as: Employment is freely chosen Freedom of association and the right to collective bargaining are respected Working conditions are safe and hygienic Child labour shall not be used Living wages are paid Working hours are not excessive No discrimination is practised Regular employment is provided No harsh or inhumane treatment is allowed

Answer 82

The correct answer is B. They are written in the present tense in plain English. Here's why: NEC (New Engineering Contract) standard forms are intentionally drafted using clear, simple language in the present tense to reduce ambiguity and the potential for misinterpretation. This aims to make the contracts more accessible and easier for all parties involved to understand, thereby minimizing disputes.

Answer 83

B. There may be training costs. Here's why: B. There may be training costs: While standard forms aim for clarity, their specific clauses, processes, and terminology might still require training for procurement professionals and suppliers to ensure consistent understanding and application.

Answer 84

C. Both parties must be accurate and fully disclose all information. Here's why: Utmost good faith (Uberrimae Fidei) is a fundamental principle in insurance law. It requires both the insurer and the insured to act honestly1 and disclose all material facts relevant to the risk being insured. This duty of disclosure is more extensive than the general principle of "good faith" that applies to most contracts.

Answer 85

B. Product defect. Here's why: Inspection clauses in contracts typically outline the buyer's right to examine goods or services before formally accepting them.1 This process allows the buyer to identify any product defects, quality issues, or non-conformities with the agreed-upon specifications.1 By inspecting before acceptance, the buyer can reject faulty goods, request repairs, or negotiate adjustments, thereby mitigating the risk of receiving and paying for substandard products.2

Answer 86

D. Review a claim and whether it is valid. Here's a breakdown of their responsibilities: Review and Investigate: Claims adjusters investigate insurance claims to determine their validity based on the policy terms, conditions, and the circumstances of the loss. This often involves gathering information, interviewing parties involved, reviewing documentation (like police reports, medical records, repair estimates), and assessing the damage. Determine Coverage: They analyze the insurance policy to see if the claimed loss is covered under the policy's provisions. Assess Damages: If the claim is deemed valid, they evaluate the extent of the loss or damage to determine a fair settlement amount. This might involve getting independent appraisals or estimates. Negotiate Settlements: They negotiate with the insured or their representatives to reach a settlement agreement. Manage the Claims Process: They guide the insured through the claims process, ensuring necessary paperwork is completed and providing updates. While a claims adjuster's work ultimately leads to the insured receiving what is due if the claim is valid, their initial and core function is the review and validation of the claim. Limiting the insurance company's liability is a goal in the sense of only paying valid claims according to the policy, but their primary task isn't to arbitrarily reduce payouts on legitimate claims. Determining the insurance premium is the role of an underwriter, not a claims adjuster.

Answer 87

The correct answer is B. Notify the project manager within 8 weeks of becoming aware of the event. According to standard NEC contract conditions, the contractor has a specific timeframe to notify the project manager of an event they believe is a compensation event. While the exact clause and time limit might vary slightly depending on the specific NEC form and any amendments, a common timeframe is 8 weeks from when the contractor became aware of the event. Let's look at why the other options are generally incorrect: A. Send a quotation to the project manager within 3 weeks: While the contractor will eventually need to submit a quotation for the compensation event, the initial and more immediate requirement is to notify the project manager of the event itself. The quotation usually follows the notification and the project manager's instruction to provide one. C. Cease work until the claim is agreed: Ceasing work unilaterally is generally not permitted under NEC contracts and could be considered a breach of contract. Work should continue unless instructed otherwise by the project manager. D. Change the risk register: The risk register is typically maintained collaboratively by the project manager and the contractor. While a compensation event might trigger an update to the risk register, the contractor's immediate obligation is to notify the project manager.

Answer 88

A. Are a way of transferring risk. Here's why: An indemnity clause is a contractual provision where one party (the indemnitor) agrees to protect another party (the indemnitee) against financial loss or liability arising from specified events. Essentially, the indemnitor takes on the risk of certain potential losses that the indemnitee might face, thus transferring that risk. Let's look at why the other options are incorrect: B. Are a form of insurance: While indemnity clauses and insurance both deal with financial protection against potential losses, they are distinct mechanisms. Insurance involves paying premiums to an insurer who agrees to cover certain losses, whereas an indemnity is a direct contractual obligation between the parties involved in the contract. C. Have defined liquidated damages: Liquidated damages are a pre-agreed sum payable in the event of a specific breach of contract (e.g., late completion). Indemnity clauses cover losses arising from various events, not necessarily specific breaches, and don't inherently have a pre-defined damage amount. D. Have no monetary limit: Indemnity clauses can and often do have monetary limits specified within the contract to cap the indemnitor's liability. It's not a characteristic that they universally have no monetary limit.

Answer 89

The correct answer is C. Yes but may also result in adjustment of the completion date or key dates. Here's why, according to the principles of NEC contracts: Compensation events under NEC contracts are defined events that, if they occur, entitle the contractor to be compensated for any resulting delay and/or additional cost. The aim of the compensation event mechanism is to keep the contract fair and to ensure the contractor is not penalized for events that are not their fault and impact their ability to deliver the works as planned. Therefore, a valid compensation event will typically lead to an adjustment of the Prices (additional payment) to cover the contractor's increased costs. Crucially, many compensation events also have an impact on the project schedule. In such cases, the Completion Date and potentially other Key Dates will also be adjusted to reflect the time lost due to the event.

Answer 90

A. Can negotiate and settle the claim on your behalf. Here's why: A loss assessor (also known as a public loss adjuster) is an independent professional hired by the policyholder (you) to help with your insurance claim. Their role is to: Investigate the loss: They will assess the damage and gather evidence to support your claim. Prepare and submit the claim: They will help you complete the necessary paperwork and present your claim to the insurance company in the best possible light. Negotiate with the insurer: They act as your advocate and negotiate with the insurance company's loss adjuster to reach a fair settlement on your behalf. Let's look at why the other options are incorrect: B. Is employed by the insurance company to settle the claim: This describes a loss adjuster (also called a claims adjuster) who works for the insurance company and represents their interests. C. Is the person who decides the initial insurance premium? This is the role of an underwriter working for the insurance company. D. Is the broker or agent through which the policy is held: A broker or agent helps you find and purchase an insurance policy but typically doesn't directly handle the claims settlement process on your behalf after a loss occurs (though they can offer guidance).

Answer 91

A. Recovery Time Objective. Here's what RTO stands for in the context of business continuity planning: Recovery Time Objective (RTO): This is the targeted duration of time within which a business process must be restored after a disaster or disruption to avoid unacceptable consequences1 associated with a break in business continuity.23 It essentially defines how quickly you need to get things back up and running

Answer 92

C. Determines the insurance premium. Here's why: Underwriters are primarily responsible for assessing the risk associated with insuring a particular applicant or asset. Based on this risk assessment, they determine the appropriate premium to charge for the insurance coverage. Let's look at why the other options are incorrect: A. Help the insured claim what is due: This is the role of a claims adjuster or a loss assessor (acting on behalf of the insured). B. Limit the liability of the insurance company: While underwriters consider potential liabilities when setting premiums and policy terms, their main function isn't actively limiting liability on existing claims. This is more the focus of the claims department. D. Review a claim and whether it is valid: This is also the primary responsibility of a claims adjuster.

Answer 93

C. Power, urgency & legitimacy. The stakeholder salience model, developed by Mitchell, Agle, and Wood (1997), builds upon Mendelow's power-interest matrix by adding the dimension of legitimacy. It identifies stakeholder salience based on the presence or absence of three attributes: Power: The stakeholder's ability to influence the organization. Legitimacy: The stakeholder's relationship with the organization being proper, desirable, or appropriate. Urgency: The degree to which stakeholder claims demand immediate attention. Stakeholders are categorized into different types (dormant, discretionary, demanding, dominant, dangerous, dependent, and definitive) based on the combination of these attributes they possess, which in turn determines their salience to the organization.

Answer 94

C. Culture. Here's why: For Business Continuity Management (BCM) to be truly successful and embedded within an organization, it needs to become ingrained in the organizational culture. This means that business continuity awareness, preparedness, and resilience are not just a set of plans or policies, but are part of the everyday mindset and behavior of employees at all levels. Awareness raising and training are key mechanisms for fostering this culture. When BCM is part of the culture: Employees understand their roles and responsibilities in maintaining business continuity. Resilience becomes a consideration in decision-making processes. There is a proactive approach to identifying and mitigating potential disruptions. The organization is better equipped to respond effectively when incidents occur. While strategy, policy, and structure are important elements of BCM, they are less likely to guarantee long-term success without a supportive and embedded culture. A strong BCM culture ensures that the plans and structures are actively used and maintained.

Answer 95

C. Opinions. Here's why: Subjective measures rely on personal judgment, experience, and interpretation. They are influenced by individual perspectives and can vary from person to person. Opinions are inherently subjective. Let's look at why the other options are not subjective measures: A. Factual: Facts are objective and based on evidence or data that can be verified. B. Reliable: Reliability refers to the consistency and dependability of a measure, whether subjective or objective. A subjective measure can be reliable if different individuals consistently provide similar ratings. D. Quantitative: Quantitative measures use numerical data and statistical analysis, making them objective rather than subjective.

Answer 96

B. risk can apply to both opportunities and threats to the organisation. Here's why: Risk in a modern risk management context, particularly as defined by standards like ISO 31000, is understood as the effect of uncertainty on objectives. These objectives can be positive (opportunities) or negative (threats). Therefore, risk management involves not only mitigating potential harm but also identifying and exploiting potential gains.

Answer 97

C. Business Continuity planning. Here's why: Business Continuity Planning (BCP) is the holistic process of developing and implementing strategies and procedures to ensure that an organization can continue to operate1 and deliver its critical products and services following a disruptive event. It encompasses a wide range of potential disruptions and aims for minimal impact on business operations.

Answer 98

B. Risk Evaluation. The typical steps in a risk assessment process are: Risk Identification: Determining what could go wrong. Risk Analysis: Understanding the likelihood and impact of the identified risks. Risk Evaluation: Comparing the results of the risk analysis with risk criteria to determine whether the risk and/or its magnitude is acceptable or1 requires treatment. Following risk evaluation, the next step would typically be Risk Treatment (option C), which involves selecting and implementing actions to address the risks. Risk Quantification (option D) is often a part of risk analysis, where numerical values are assigned to the likelihood and impact of risks. Risk Options (option A) would be considered during the risk treatment phase.

Answer 99

C. RPO and RTO. Here's why: RPO (Recovery Point Objective): This defines the maximum acceptable amount of data loss (measured in time) after a disruptive event. It essentially answers the question, "How much data are we willing to lose?" RTO (Recovery Time Objective): This defines the targeted duration of time within which a business process must be restored after a disaster or disruption to avoid unacceptable consequences.1 It answers the question, "How long can we be down?"

Answer 100

A. consider whether lessons could be learned for future management of risks. Here's why: Regular monitoring and review of the risk management process allow an organization to: Identify what worked well and what didn't: This helps in understanding the effectiveness of implemented risk treatments and the overall process. Learn from past experiences: Both successes and failures in managing risks can provide valuable insights for improving future risk management activities. Adapt to changes: The internal and external environment of an organization is constantly evolving, introducing new risks and altering existing ones. Regular review ensures the risk management process remains relevant and effective in this changing landscape. Improve efficiency and effectiveness: By identifying areas for improvement, the organization can optimize its risk management processes, making them more efficient and effective over time.

Answer 101

is C. 99.7% of the observations fall within 3 std. dev. either side of the mean m. This is a fundamental property of the normal distribution, often referred to as the 68-95-99.7 rule or the Empirical Rule: Approximately 68% of the data falls within one standard deviation of the mean (m±1S). Approximately 95% of the data falls within two standard deviations of the mean (m±2S). Approximately 99.7% of the data falls within three standard deviations of the mean (m±3S). Therefore, option C accurately describes this rule for the normal distribution.

Answer 102

NOT a typical event requiring disaster recovery (in the traditional IT sense) from the list is D. Supplier Failure. Here's why: Disaster recovery (DR) traditionally focuses on the recovery of IT infrastructure, systems, and data following a catastrophic event that disrupts the physical environment or technology. The other options (Fire, Floods, Earthquakes, Cyber attacks, Power Outages, Geopolitical events) can all cause significant damage or disruption to IT systems and require DR procedures to restore them. Supplier Failure, while a serious business continuity risk, typically requires different mitigation strategies. These might include having alternative suppliers, contractual agreements with penalties for failure, or bringing the function in-house. While IT systems might be affected by a supplier failure (e.g., if the supplier provides a critical IT service), the primary response isn't usually a technical "disaster recovery" of the organization's own IT infrastructure. Instead, it involves implementing the business continuity plan to address the loss of that supplier. Therefore, while supplier failure is a significant business risk that needs to be planned for in business continuity, it's not typically classified as an event requiring disaster recovery in the same way as the other options that directly impact an organization's physical assets or IT infrastructure.

Answer 103

The ISO 31000 standard separates risk management areas into C. principles, frameworks and processes. The standard is structured around these three key components: Principles: These are the fundamental concepts that underpin effective risk management. Framework: This provides the organizational arrangements for embedding risk management throughout the organization. Processes: These are the systematic activities involved in managing risk.

Answer 104

C. It may fail to take account of correlations between risks. Here's why: Complexity and Interdependencies: Large engineering companies face numerous interconnected risks. A risk register might list individual risks but struggle to capture how these risks can influence or exacerbate each other. For example, a delay in material delivery (Risk A) could impact the project timeline (Risk B), which in turn could lead to contractual penalties (Risk C). Failing to recognize these correlations can lead to an underestimation of the overall risk exposure. Let's look at why the other options are less likely to be the key difficulty: A. It is impossible to update it on a regular basis: While maintaining a risk register for a large organization requires effort, it is not impossible. Regular updates are crucial for its effectiveness and are a standard practice in risk management. B. It is likely to list only a very small number of risks: For a large engineering company, a comprehensive risk register is likely to contain a significant number of risks across various aspects of the business. The challenge is often managing a large number of risks effectively, not having too few. D. Stakeholders must be consulted upon all risk management decisions: While stakeholder consultation is important in risk management, it's not inherently a "difficulty" of the risk register itself. Effective communication and consultation are good practices. The difficulty lies in managing the diverse perspectives and priorities of various stakeholders, but this isn't a direct flaw of the register.

Answer 105

C. Manage risks to an acceptable level. Here's why: Risk management is a process of identifying, assessing, and controlling threats to an organization's capital and earnings.1 The ultimate goal is not to eliminate all risks, as some level of risk is inherent in most activities and can even be necessary for innovation and growth. Instead, the aim is to understand and manage risks to a level that the organization is willing to accept in pursuit of its objectives.

Answer 106

he two recognised risk management strategies to mitigate risks from the list are: A. Treat: This involves taking action to reduce the likelihood or impact of a risk. This can include implementing controls, modifying processes, or investing in preventative measures. D. Transfer: This involves shifting the responsibility or financial burden of a risk to a third party, often through insurance or outsourcing. Let's look at why the other options are not typically considered risk mitigation strategies: B. Trust: Trust is a factor in relationships but not a direct risk mitigation strategy. C. Take: "Take" in a risk context usually refers to risk acceptance, where the organization acknowledges the risk and decides to bear it. This is not a mitigation strategy. E. Test: Testing can be part of verifying the effectiveness of risk treatments or identifying vulnerabilities, but it is not a risk mitigation strategy in itself.

Answer 107

C. Transfer. By taking out an insurance policy, the organisation is transferring the financial risk associated with a supply disruption to the insurance company. In exchange for a premium, the insurer agrees to cover certain losses if the supply risk materializes.

Answer 108

C. Incident response: This phase outlines the immediate actions taken when a disruption occurs to minimize damage and ensure safety. D. Disaster recovery plan: This phase focuses on the technical recovery of IT systems and infrastructure. F. Business Continuity plan: This overarching phase details how the entire organization will continue critical business functions during and after a disruption. While B. Business Impact plan (Business Impact Analysis - BIA) is a crucial part of developing a business continuity plan, it's not typically considered one of the distinct phases of the plan itself. Risk identification (A) and Risk Treatment (E) are also part of the broader risk management process that informs the business contingency plan.

Answer 109

A. It is based on probability. The normal distribution is a probability distribution that describes how the values of a variable are distributed. D. It is symmetric in shape. The normal distribution curve is bell-shaped and symmetrical around its mean. F. Most values are around the mean. Due to the shape of the normal distribution, the majority of the data points cluster closely around the average (mean) value. Let's look at why the other options are incorrect: B. It is depicted as a straight line. The normal distribution is depicted as a bell-shaped curve, not a straight line. C. The values are evenly distributed. The values are not evenly distributed; they are concentrated around the mean and become less frequent as you move away from the mean. E. It shows the variation in extreme points. While a normal distribution does include extreme points, it emphasizes the concentration of values around the mean, not the variation in the extremes. The tails of the distribution represent less frequent extreme values. Sources and related content

Answer 110

The two types of direct loss from the list are: A. Stock burnt in fire: This is a direct physical loss of inventory. E. Damage to assets: This refers to physical harm or destruction of tangible property.

Answer 111

A. Breakdown of information and communications technology (ICT). Here's why: Internal risks within a supply chain are those that originate within the organization's own operations and systems. A breakdown of ICT directly affects the internal processes of managing the supply chain, such as communication with suppliers, order processing, inventory management, and logistics.

Answer 112

B. 1 and 3. Here's why: 1. Indirect loss cannot be easily quantified: Indirect losses, also known as consequential losses, are often more difficult to measure precisely. They involve ripple effects and can be harder to directly attribute a specific financial value to compared to direct physical damage. For example, the loss of future profits due to reputational damage is an indirect loss that can be challenging to quantify accurately. 3. Indirect loss is difficult to insure against: Insurance policies often focus on covering direct physical losses. Coverage for indirect or consequential losses can be more restricted, require specific policy extensions (like business interruption insurance), and may have more stringent conditions or limitations. Insurers find it harder to predict and price these less tangible losses.

Answer 113

D. ISO 20400. Here's why: ISO 20400:2017 - Sustainable procurement — Guidance: This international standard provides guidance for organizations on sustainable procurement, integrating sustainability principles into their purchasing processes. It addresses environmental, social, and economic aspects of sustainability. Let's look at why the other options are related but not specifically sustainable procurement standards: A. ISO 14001: This standard specifies requirements for an environmental management system. While relevant to sustainability, it's broader than just procurement. B. ISO 9000: This is a series of standards related to quality management systems. It focuses on meeting customer and other stakeholder needs consistently. C. ISO 31000: This standard provides principles and guidelines on risk management. While sustainability risks can be managed using this framework, it's not a specific standard for sustainable procurement practices.

Answer 114

A. Positioning. Here's why: Positioning: A brand's positioning refers to how it is perceived in the marketplace relative to its competitors. Negative brand associations, damage to reputation, or a failure to live up to brand promises can significantly erode its positioning and make it harder to attract and retain customers.

Qs 5 2 Flashcards

(139 cards)