Unit 2 Risk Management Standards Flashcards
Unit 2: Risk management standards General risk management standards, alternative risk management approaches.
Which one of the following risk standards contains ‘control activities’ as a feature in the risk process?
COSO ERM cube
Which one of the following definitions is the same as the definition of the risk management context?
The risk management framework
Which part of the risk framework focuses on answering the question ‘Who does what’ in the organisation in relation to risk management?
Risk architecture
Activity 2.1. In the light of your reading, write a one-sentence definition of each of these key terms: a) Risk management standard b) Risk management framework c) Risk management process
Your definitions should be along the following lines a) Risk standard – A published guide for managing risk, usually comprising a risk framework and (especially) a risk process. b) Risk framework – Also known as the risk management context. This comprises the risk strategy, risk architecture and risk protocols and forms the risk context which helps to drive the risk process. c) Risk process – The stages in the process of managing risk, which is driven mainly by how you set up the framework (but also affected by the internal and external environment).
Activity 2.1. Write a one-sentence definition of each of these key terms: a) risk architecture b) risk context c) risk protocols d) risk strategy
Your definitions should be along the following lines a) Risk architecture – Part of the risk framework, which focuses on answering the question ‘Who does what?’ in the organisation in relation to risk management. This is discussed in Hopkin in Chapter 21. b) Risk context – This covers three layers of organisation which together drive the risk process; they are the external environment, the internal environment and the risk management context (also known as the risk framework). c) Risk protocols – The set of tools, procedures and instructions that an organisation has for managing risk. d) Risk strategy – The agreed overriding purpose and aims of risk management in the organisation, which involves the publication of a risk policy document and the setting of the risk appetite.
Activity 2.3. Define the purpose of risk management and summarise the eight principles associated with the application of ISO 31000.
ISO 31000 defines the purpose of risk management as ‘the creation and protection of value’. It goes on to set out the eight principles which Hopkin summarises as: 1 Framework and processes should be customized and proportionate 2 Appropriate and timely involvement of stakeholders is necessary. 3 Structured and comprehensive approach is required. 4 Risk management is an integral part of all organizational activities. 5 Risk management anticipates, detects, acknowledges and responds to changes. 6 Risk management explicitly considers any limitations of available information. 7 Human and cultural factors influence all aspects of risk management. 8 Risk management is continually improved through learning and experience.
Activity 2.4.From your work on this unit, do you think opportunity (the flip side of risk) is adequately addressed by the risk management processes outlined in this unit
From the range of processes that we have looked at, we can see from the underlying definitions of risk that most are meant for dealing with both opportunities and risks (with perhaps the exception of the 8Rs and 4Ts approach – you should see why when we reach unit 6). But perhaps they could be criticised in assuming that the process for managing opportunities does not appear to be distinguished in any way from managing downside risk.
