risk management Flashcards
(17 cards)
What is the definition of risk according to King IV?
Risk is about the uncertainty of events, including the likelihood and effect (positive or negative) on achieving organizational objectives. It includes missed opportunities.
How is risk calculated?
Risk = Probability × Impact.
What is the relationship between strategy and risk management?
Strategy identifies competitive strategies; risk management identifies, assesses, and manages the threats from pursuing those strategies.
What are the three SAICA competencies related to risk?
- Strategy
- Risk Management
- Governance
What are the major categories of risk?
Strategic, Operational, Financial, Information/IT, Reputation, Compliance, and Sustainability.
What is strategic risk?
Voluntary risks taken to increase returns. High return strategies require high risk tolerance. Managed by reducing likelihood and improving response.
What is operational risk?
Internal risks, often avoidable, from unauthorized actions or operational failures.
Example: trapped workers due to equipment failure.
What is financial risk?
External, uncontrollable risks like natural disasters or economic changes. Focus on impact minimization.
What is information risk?
Risks from failure or misuse of information systems and IT infrastructure.
What are reputational and compliance risks?
Reputational: Losses from damage to a firm’s image. Compliance: Legal/financial losses due to non-compliance with laws or regulations.
What are sustainability risks?
Risks affecting an organization’s ability to create value long-term. Assessed using 6 Capitals, SWOT, PESTEL, and stakeholder analysis.
What is the Triple Bottom Line in sustainability?
ESG: Environmental, Social, and Governance factors used in decision-making.
Give examples of each ESG factor.
Environmental: Climate change, water, biodiversity. Social: Health, safety, displacement. Governance: Corporate policy, bribery, data privacy.
What is COSO’s role in risk management?
Provides frameworks for ERM, internal control, and fraud prevention to improve governance and performance.
What is the definition of Enterprise Risk Management (ERM)?
A process influenced by leadership, applied across the enterprise to identify potential events, manage risks within appetite, and provide assurance for achieving objectives.
What is ISO31000?
An international standard for risk management principles and guidelines.
What is the role of directors in risk management?
Directors are responsible for setting the tone for integrated risk culture and ensuring balanced risk-return decisions.
