Risk Management Documentation Flashcards Preview

IRMCert Mod 2 - Unit 2: Risk Strategy & Framework > Risk Management Documentation > Flashcards

Flashcards in Risk Management Documentation Deck (12):

Describe the benefits of good record keeping.

• Reduced time spent by staff looking for information
• Facilitates the effective sharing of info
• Reduces duplication
• Identifies how long records need to be kept for
• Defending against litigation
• Supports RM and BCP
• Less dependence on the memory of a few individuals


Describe how a risk register can be used to document risk responses and improvement plans

The risk register is used for recording controls for hazard and control risks. It should describe who is responsible for improvement plans and should be updated regularly to ensure the record is a dynamic risk management action plan.


How might a risk register be used to make a strategic risk assessment?

A risk register may be presented to the decision maker as part of a wider range of information.


What is the advantage of using a sophisticated database rather than a simple spreadsheet to store a risk register?

It’s easier to quantify risk exposure.


What are the benefits of recording ‘event report’ records?

Investigations into hazard and control risks identify recommendations for improvements to address weaknesses in controls and reduce significant failures.


Which function within the org might analyse event reports and recommendations to assess risk performance?

Internal audit


Why is risk performance reporting important?

Information about hazard allows management to establish whether this is within budget. Also gives a picture of how close risk exposure is to the orgs appetite/capacity.


Explain what is meant by ‘certification’ reporting.

Some industries require a statement (often by an independent/external third party) about the effectiveness of controls. This is a requirement in the US under the Sarbanes Oxley Act.


What should a carefully constructed risk register include?

• Source
• Cause
• Event
• Magnitude
• Impact
• Precise controls that can be audited


When should project risks be discussed?

At every project meeting


What is a strategic risk assessment likely to include?

Risk of undertaking a strategy vs risk of not undertaking a strategy


What are risk assessments associated with tactics e.g. such as business plans likely to consider?

Events that could impact the achievement of the plan.