Embedding Risk Management in Decision Making: A Comprehensive Guide, Exams of Business Economics

Download Embedding Risk Management in Decision Making: A Comprehensive Guide and more Exams Business Economics in PDF only on Docsity! 1 [Date] RIMS - CRMP Complete Study Guide 1 Analyze the Business Model 2 Developing Organizational Risk Strategies 3 RIMS CRMP-Implementing the Risk Risks - answers>The effect of uncertainty on objectives The chance of something happening that will have an impact on objectives Being prepared for the worst and being poised to exploit opportunities as they are discovered Enterprise Risk Management - answers>A strategic business discipline that supports the achievement of an organization's objectives by addressing the full spectrum of its risks and managing the combined impact of those risks as an interrelated risk portfolio. Support Function: Business continuity and crisis management - answers>Risk identification, assessment and creation of emergency response and recovery plans related to threats or hazards that might lead to operational disruptions Analysis - answers>A systematic examination and evaluation of data or information by breaking it into its component parts to uncover their relationships. An examination of data and facts to uncover and understand cause-effect relationships, thus providing basis for problem solving and decision making. To embed risk management in both routine and strategic decision, what should managers be able to recognize? - answers>The type of decision being made; Who should be included in the decision making process; Where in the process decisions are being made 2 [Date] Risk management strategies' general focus - answers>Meeting or exceeding an organization's objectives Adhering to control-based objectives, rules and/or controls Complying with regulatory requirements Support Function: Internal Audit - answers>Risk identification, assessment and treatment through audit plans with focus on fraud, corruption, regulatory noncompliance and/or misrepresentation related to the organization's internal control systems, financial operations, financial statements and reporting as well as enterprise risk and the organization's risk management framework and process. What steps can the risk management professional take to embed risk management in decision making? - answers>Include risk assessment in planning process; Leverage cross-functional risk assessment team and subject matter experts to identify enterprise risks; Consider cascading and cumulative effects Gap Analysis - answers>Technique that can be used to determine what steps might need to be taken to improve the organization's capacity to move from a current state to a desired future state. Risk appetite - answers>The total exposed amount that an organization wishes to undertake on the basis of risk-return trade-offs for one or more desire and expected outcomes. Communication and Consultation - answers>Risk management professional's role in Implementing Risk Strategies 5 [Date] Support Function: Safety - answers>Risk identification, assessment and treatment of risks focused on preserving the physical well-being of employees and third parties. Likelihood, Consequences, other criteria such as timing, duration, vulnerability and interdependencies - answers>Risk is typically analyzed on the basis of Support Function: Information Security - answers>Risk Identification, assessment and treatment of risk arising our of or affecting information and technology infrastructure. To build organizational awareness, risk management creates the most value when - answers>Risk management Aligns with strategic goals; Takes corporate culture into account; Involves key enterprise functions Financial Statements - answers>Internal source of information that includes financial analytics or projections strategic planning team - answers>The risk manager should be a part of the _______________________ to provide the structure discipline for consideration of risks in a strategic portfolio. Internal Audit Reports - answers>Internal source of information that focuses on business practices important to the goals and reflection of regulatory environment of the organization risk management - answers>__________________ should be an agenda item at every strategy session. 6 [Date] Support Function: Facilities - answers>Risk identification, assessment and treatment of the organization's properties, equipment and physical infrastructure systems. Simple and frequent - answers>A type of decision that are automatic, taken in the moment. These decisions generally rely on the knowledge and capability of the decision maker using the back-of-the-napkin technique. Bow tie analysis - answers>hazard analysis technique (cause and consequence) Business impact analysis - answers>consider business impacts at a location or from a specific process Support Functions: Quality - answers>Risk identification, assessment and treatment of risks related to products and services. Significant importance or complex - answers>A type of decision that require more deliberate effort. These decisions generally have some period of planning and a longer decision timeline. Organizational Structure - answers>Internal source of information that reports from different departments (HR, Legal, risk, operations, HS, environment, etc.) Review the existing strategic plan - answers>The first step for the risk manager is to __________________________ to identify and understand the organization's goals. 7 [Date] key performance indicators - answers>Each high-level strategy objective should be broken down into more tactical, operational _____________________ for analysis. External Organization Information - answers>External source of information that includes external audit reports, competitive analysis, rating agency, consumer reports, legal matters, media coverage Strategic importance and complex - answers>A type of decision that call for formal planning process over a longer timeline in which multiple risk management techniques can be applied. Decision quality elements should be embedded in the process. Due to the importance of the decision, biases should be formally considered by the entire planning team. Support Function: Project Management - answers>Assess and identify project risks, mitigate threats and capitalize on opportunities that my affect the success of a specific project. Gap analysis - answers>determine steps to improve the organization's capacity to move from a current state to a desired, future state. (current available factors, success factors needed to achieve future desired objectives, highlighting the gaps) How to obtain the real story aside from reading information? - answers>Talk to those inside the organization; Talk with external stakeholders ; Do site visits assumptions - answers>The risk manager can then identify ________________ made by management when developing these goals. 10 [Date] Action plans - answers>_____________ should be developed to address gaps between the key risks to the strategic plan and the successful delivery of the mission. Organize - answers>After obtaining information, what should be the next step to be done? organizational strategy - answers>Risk strategy should be continually revised to align with ____________________. Element of decision quality: Develop realistic options available to the decision makers - answers>How feasible, acceptable or desirable is each option and which will be most useful in achieving the objective? Scenario analysis - answers>process of analyzing possible and plausible future events by considering alternative settings, circumstances and outcomes. It provides a basis for making decisions in the context of different conditions. Training needs assessment: How can the performance deficiency be fixed? - answers>Can training fix the performance deficiency or suggest other remediation if training is not appropriate? Conduct a performance analysis to identify what skill deficiency is to be fixed by a training remedy. Risk analysis results to - answers>determine the risk adjusted probability of achieving strategic objectives; determine the key risks that may negatively or positively affect the achievement of the strategic objectives 11 [Date] Synthesize - answers>A process of combining information in ways that are coherent, logical and meaningful. Element of decision quality: Understand clearly the values and trade-offs - answers>In pursuing each option, what are the consequences of making the trade-offs that will be needed? How clearly is the expected value understood? Training needs assessment: What is the best way to perform? - answers>Is there a better or preferred way to do a task to get the best results? Are job performance standards set by the organization? Are thre governmental regulations to consider when completing the task in a required manner? Conduct a task analysis to identify the best way to perform. Site analysis - answers>leaders at each site perform an assessment by analyzing and evaluating the potential risks based on what is being produced at the site and its environmental factors. This may include threat, vulnerability and criticality analyses. Prioritize - answers>The step to choose the information that is most relevant, timely, useful and valuable for assessing risks that could affect the organization's objectives. risk register - answers>________________ is a tool that can be used to provide an overview or the organization's risk profile aligned to corporate strategy Element of decision quality: Use logical correct reasoning - answers>What biases may be influencing reasoning? 12 [Date] Training needs assessment: When will training take place? - answers>What is the best timing to delivery training? Attendance at training can be impacted by work cycles, holidays and so forth. Conduct a contextual analysis to answer logistic questions. SWOT analysis - answers>strengths and weaknesses (internal), opportunities and threats (external) Monte Carlo analysis - answers>mathematical technique that generates random variables for modelling risk or uncertainty of a certain system (simulation). The random variables or inputs are modelled on the basis of probability distributions Developing training goals: Align training to specific organizational performance goals - answers>Training should directly support specific organization performance goals, such as increasing, revenues, decreasing costs, teaching a new process, launching a new product or complying with regulations. What are the primary risk management skills? - answers>Organize and synthesize; Differentiate and prioritize; Employ computer and math skills What are the components of enterprise risk profile that must be communicated to key stakeholders? - answers>Risk assessment; Risk appetite; Risk tolerance; Control process Element of decision quality: Acting on the decision - answers>Are these resources available for allocation to the decision? How readily will the decision be accepted and supported by stakeholders? 15 [Date] situations; How customers are treated, remuneration of staff and how firms deal with conflicts of interest ability to assess and plan - answers>Organizational risk competency capabilities: _______________________ for the appropriate number and type of resources necessary to execute a risk strategy and tactical plan Monte Carlo, stress analysis - answers>Examples of quantitative methodology for analyzing data How do learning objectives function? - answers>Learning objectives are SMART: five characteristics of effective learning objectives are that they are: specific, measurable, achievable, relevant and time bounded. Risk management professional's role: Coordinator - answers>arranging logistics of formal risk management planning meetings; set the date, location and agenda; keep team current and engaged; this can include risk updates to support a report, highlight specific risk for comment, detailing successes or adverse events. What are the steps to validate organizational information and behavior against an organization's intended culture? - answers>Scrutinize organizational functions; Compare the organization's business model and strategy with its operations to identify connections and points of dissonance risk awareness - answers>Organizational risk competency capabilities: ____________ as a core cultural characteristic 16 [Date] What are attributes of a learning organization? - answers>Supports constructive criticism; Supports healthy debates; Open to understand attitudes about uncertainties, risk taking and tolerance forward-looking, long-term view - answers>Organizational risk competency capabilities: ___________________ into emerging risks Risk evaluation - answers>uses which risk criteria (risk appetite, risk tolerance, outputs from risk identification and risk analysis process) to determine which risks are acceptable and which require additional modification or treatment Pre-decision environment - answers>Decision has not yet been made; RMP should be able to articulate the value that can be gained by including more formal risk management process into the decision-making process for more significant or complex project, initiatives and strategy setting How are learning objectives communicated? - answers>Learning objectives have four parts: Each learning objective should indicate who will perform the action (person), the specific behavior to be performed, the conditions under which the behavior will be performed, and the degree to which the person must perform the behavior. Risk appetite - answers>is the total exposed amount that an organization wishes to undertake on the basis of risk-return trade-offs for one or more desire and expected outcomes. Coaching - answers>Methods of helping others to improve, develop, learn new skills, find success, achieve aims and manage change and challenges. Providing 17 [Date] support and advice to an individual or group in order to help them recognize ways to improve their competencies and effectiveness. Active-decision Environment - answers>Decision is in the process of being made; RMP should identify the stakeholders, understand success measures; integration of risk management process; develop monitoring process What are the steps in benchmarking? - answers>Compare organization with peers and competitors; Differentiate and prioritize to identify peers trusted adivsor - answers>Organizational risk competency capabilities: Reputation for being technically risk-savvy and effective at influencing key decisions. Has earned the trust of leadership and decision-makers and is seen as a _____________. To benchmark the organization against its peers and competitors, which information must be obtained? - answers>Industry and trade publications; Stock analyst reports for publicly traded companies; Do your own research: Publicly available information such as google trends and prepare and competitive analysis identify, assess and treat risk - answers>Organizational risk competency capabilities: Ability to _______________ within a clear appetite and tolerance context. Risk tolerance - answers>is the amount of uncertainty an organization is prepared to accept in total - or more narrowly, within a certain business unit, a particular risk category, or for a specific initiative. 20 [Date] strategy - answers>Common definitions, references, measurements and process; improve risk management competencies throughout the organization, iterative plan tasks aligned with organization's planning processs Identify impact in the decision making environment - answers>Which decisions make the greatest impact on a specific strategy? Leverage information by using organized internal and external sources; information gathered from meetings; key inputs and outputs of the value chain and operations Qualitative Scoring Method - answers>Scoring Method when rating organization against peers based on economic, environmental and philanthropic programs that increase brand quality Core Competency: Attributes - answers>Qualities, characteristics and behaviors that, when displayed, will assist risk management professionals in getting things done in areas where they do not hold direct responsibility. These attributes are particularly important when adapting and integrating a horizontal, portfolio approach to risk management across an organization. What are the specific knowledge risk professionals need during benchmarking? - answers>Market analysis and environmental scanning; Business acumen- market analysis and value assessment; Due diligence and analytics Core Competency: Organizational Knowledge - answers>Risk management professionals of all levels are expected to know unique aspects of their respective organizations: its industry dynamics, its operating environment, and the activities it undertakes to achieve its 21 [Date] strategy, goals and objectives. Hold harmless - answers>wording that requires one party to shield the other party from the effects of the legal liability assignable to transferor or obligor. Nine-box approach - answers>Approach that facilitates the consideration of the impact of decision within the various stages of decision-making. User knowledge from value chains and series of business processes steps that follow in succession. Tie in to the value creation and the resource of the value chain. Ultimate risk oversight responsibilities - answers>Belong at the board level Risk sharing/transfer - answers>action taken when i) costs of retaining risk exceeds the organization's risk tolerance; ii) risks or some portion can be transferred at a lower cost, iii) risks should be apportioned based o an agreement and iv) it is required by regulation. Operational risk assessment - answers>may be limitd to uncertainties associated with existing operations and operational plans - the assets, processes, people and systems in place - in order to deliver a particular outcome, such as planned earnings. Risk attitude - answers>the organization's or individual's view/perspective of the perceived qualitative and quantitative value that may be gained in comparison to the related potential loss or losses. What are the factors that are linked to value chain identification process? - answers>Value chains; Resources within the value chain; Key inputs and 22 [Date] outputs ; Differentiators within an organization with its peers; Influential macro- economic factors Core Competency: Business Knowledge - answers>To be competent in this area, risk management professionals need to have a thorough understanding of general business models and measurements of business performance, as well as the roles and responsibilities of various functional areas and interactions. Core Competency: Risk Management Knowledge - answers>Successful risk management professionals are knowledgeable about the standards, guidelines and concepts that reflect contemporary risk management thinking and practices. This area includes knowledge related to how risk management can be incorporated within diverse environments, process approaches, solutions and more extensive knowledge in respective subspecialty areas. What concepts do risk professionals need to be familiar during the value chain analysis? - answers>Economic concepts; Business Process; Value Chains; Interdependencies between external factors and internal performance; Analysis of value chains, peer groups and statistical analysis Risk seeker - answers>Risk attitude that take on risk in order to maximize gain expected from the decision Project risk assessment - answers>typically used to assess uncertainties and potential consequences related to expected outcomes of a particular initiative within the planned time, budget and scope. 25 [Date] Biases - answers>A method to identify uncertainties which can help identify potentially hidden expectations, motivations or even conflicts within the organization. It may sometimes lead to perceptual distortion, inaccurate judgment and illogical analysis of information. corporate success measures - answers>Success measures: aligning risk measures to ________________ corporate score card - answers>Success measures: Gaining lace on the ______________ Resources; - answers>A method to identify uncertainties allocates resources for managing risk related to organizational objectives. In facilitating risk discussions, who should be included? - answers>Decision makers, other influencers, accountable individuals; impacted stakeholders; those responsible for managing related risks Plan - answers>A step in continuous improvement model to identify an opportunity and plan for change. Risk metrics (key risk indicators) - answers>In monitoring risks, what should be integrated into the performance objectives of the organization? Reviews of the risk treatment plans - answers>In monitoring risks, what should be scheduled as an ongoing agenda item in the responsible leader's staff agenda? 26 [Date] Do - answers>A step in continuous improvement model to implement change on a small scale; collaborating on the process assessment and potential options; validating the continuous improvement options; selecting and executing improvement options. What are characteristics of decisions that may increase the odds of successful outcomes through risk-informed decisions? - answers>Be transparent; Resolve potential conflicts; Follow escalation guidelines What are the important ATTRIBUTES that are needed over the course of risk management professional career? - answers>Assertiveness; Inquisitiveness; Judgment; Curiosity; Courage; Persuasiveness performance evaluation process - answers>Success measures: Integrating risk success measurement into the organization's ________________ engagement and accountability - answers>Success measures: Making the case for risk management _______________ What are the important SKILLS that are needed over the course of risk management professional career? - answers>Investigation skills; Strategic thinking; Inductive reasoning; Behavior modification; Relationship development; Decision making What could successful discussions reveal - answers>Potential untapped opportunities; Uncertainties that may benefit from scenario planning; Cognitive Biases, anchoring and loss aversion; Potential outcomes 27 [Date] Check - answers>A step in continuous improvement model to use data to analyze the results of the change and determine whether it made a difference. Key performance indicators (KPI) - answers>help a firm see how it is performing in relation to its strategic goals and objectives. Key risk indicators (KRI) - answers>are leading indicators of risk to business performance, giving early warning about potential risks. Act - answers>A step in continuous improvement model to implement successful improvement changes on a wider scale and continuously assess your results. Risk management professionals can encourage continuous learning by - answers>Advising on alignment of the decisions within the organization's strategy and external information; Suggest improvements when changes may need to be made in other areas; Developing a sustainable communication process and network. Risk Manager Core Competency Model - answers>Consists of key skills and knowledge that will help a risk manager thrive. This can be used for position definition, professional development, communication and many other purposes corporate rewards strategy - answers>Success measures: Tying risk engagement, accountability and results to the ______________ Progress reports - answers>What should be monitored in terms of significant risks and use of risk process? 30 [Date] organization realize how risk-based decisions are impacting the organization? What evidence demonstrates that risk-based decisions are leading to continuous improvement? Catalyst - answers>Risk management professional's role is to provide insights on emerging risks and offer perspectives on leading practices; share knowledge on potential exposures and the implications to the organization. Maturity - answers>refers to an evolution toward full development of the risk management attributes and competency drivers. In facilitating risk identification, risk management professional servers as - answers>Data consolidator to aggregate and synthesize data that enable people within an organization to make risk-effective decisions. Benefits of process improvement for risk management professionals - answers>Establish a baseline of maturity levels; build consensus about areas for improvement and establish milestones; communicate clearly to the stakeholders and risk network Area of improvement to encourage continuous learning: Coaching the organization - answers>Develop and track feedback mechanisms to judge success and adjust risk management process accordingly. Is there a consensus on the evaluation of the outcome? What could be learned by including others into the decision-making process? What re the implications for the organization? Core Competency: Business Knowledge - answers>Business model; performance management, economics, functional areas 31 [Date] What is important in risk committees? - answers>Purpose and process must be established (committee use and structure); Relationship between risk performance and the reward system Core Competency: Risk Management Knowledge - answers>Standards/Frameworks; Concepts; Adaption approaches; process; solution; subspecialties Business area managers or risk owners - answers>Participants in the ERM governance model who engages in risk assessment at directed frequency; own risk treatment i.e. avoid, accept, transfer, mitigate, exploit; report on risk exposures/actions Collaboration in a more formal environment, such as a risk committee can provide what? - answers>give managers an open venue to share concerns and receive feedback from colleagues Benefits of process improvement for stakeholders - answers>Streamline risk management processes; eliminate dupplication of efforts and connect support functions with process owners; measure risk managemnt value, based on priorities; create a shreed language and vision Profitability and value - answers>A benefit of ERM that provides improved profitability, increased shareholder value, reduced financial volatility Cross-functional view and common risk assessment process - answers>An ERM method which can maximize the efficiency of an organization's risk management resources and activities 32 [Date] Benefits of process improvement for organizations - answers>tackle inadequately addressed uncertainties and opportunities; resolve business processes inefficiencies; build a repeatable and scalable process for better decision making. What occurs during the "push" flow of information? - answers>Risk management professionals have an outlet to push out information to department leaders that might prompt them to reassess their business processes or even identify new exposures Core Competency: Technical Skills - answers>Assessment methods & techniques; research; analytics; financial analysis; risk modification; statistics; data interpretation; behavior modification; information systems Top Management - answers>Participants in the ERM governance model who establishes risk management policies/tolerances; review and reports significant risk issues; controls risk governance and infrastructure Unmanaged risk - answers>greatest source of waste in business and economy and can have a damaging effect on companies, employees and communities where the business operates. Adoption of ERM-based approach - answers>Comptency Drivers: Executive support of ERM; business process definition and risk ownership, far-sighted risk management vision; front line and support process owner participation What occurs during the "pull" flow of information - answers>Risk management professionals can pull information about new developments and promote action plans that manage significant risks 35 [Date] Uncovering risk - answers>Competency Drivers: Formalized risk indicators and measures; adverse (potential) outcomes as opportunities; follow-up reporting; risk ownership by business areas Efficiency of risk management resources - answers>A benefit of ERM that maximizes the efficiency of an organization's risk management resources and activities through a cross-functional view and common risk assessment process Risk Treatments - answers>Avoidance, Transfer, Acceptance, Mitigate Performance management - answers>Compentency drivers: ERM information and planning; communicating goals; ERM process goals and activities governed and guided - answers>Component in implementing enterprise risk plan: Define who and how the plan will be _____________________ Emerging risks - answers>Completely new or extremely rare negative events Business resilience and sustainability - answers>Compentency Drivers: Analysis-based planning; resilience and operational planning; understanding consequences organizational risk management competencies - answers>Component in implementing enterprise risk plan: Design the plan so that it supports and aligns with the desired __________________ 36 [Date] Risk management culture and governance - answers>Examples include Adhere to systematic and consistent practices, limit future losses, optimal risk/reward structure Benchmarking - answers>comparing one's processes and performance metrics against those of organizations known to be leaders in one or mor easpects of their operations implementation plan success - answers>Component in implementing enterprise risk plan: Develop metrics to measure _______________ management agreement - answers>Component of risk communication strategy: Define and secure _______________ for key risk messages Ways to benchmark - answers>Industry groups; conferences, sumits and workshops; participation in surveys; association, academic, government and other research; networking RMM attribute: Adoption of ERM-based process - answers>RMM attribute: This attribute measures the organization's risk culture, and considers the degree of executive or board-level support for enterprise risk management. Engaging risk network promotes - answers>greater consistency in approaches and in developing capabilities for risk management activities across the organization. risk strategy and tactics; the enterprise communication process, the desired risk culture - answers>Component of risk communication strategy: Ensure alignment with _______________ 37 [Date] RMM attribute: ERM process management - answers>RMM attribute: This attribute measures the extent to which the organization has adopted an ERM methodology throughout its culture and business decisions, and how well the risk management program follows best practice steps to identify, assess, evaluate, mitigate, and monitor risks. RMM attribute: Risk appetite management - answers>RMM attribute: This attribute evaluates the level of awareness around risk-reward trade-offs, accountability for risk, defining risk tolerances, and whether the organization is effective in closing the gap between potential and actual risk. Identifying what training is needed - answers>Logical first step before developing training goals communication channels - answers>Component of risk communication strategy: Determine _________________ to be used for the variety of intended messaging RMM attribute: Root cause discipline - answers>RMM attribute: This attribute assesses the extent to which an organization identifies risk by source, or root cause, versus the symptoms and outcomes they produce. Focusing on the root cause of a risk and classifying them accordingly, will strength response and mitigation efforts. Articulate specific training objectives - answers>Step to perform before preparing training media and materials. type and frequency - answers>Component of risk communication strategy: Define the _________________ of internal messaging delivered to risk stakeholder 40 [Date] enterprise culture; business mode; current enterprise strategy - answers>Strategies to obtain support: Assess current risk management competencies and identify gaps with misalignments with _______________ Consultation - answers>Risk Management Professional's role to anticipate that participants engage in conversation with the expectation that dialogue will contribute to and shape decisions. Engage Key Stakeholders - answers>A step in identifying risk whereby considering those most closely associated with achieving the organization's objectives. Tangible goods - answers>A risk management professional may offer budget dollars, equipment or personnel time in exchange for implementing enterprise-wdse collaboration immediate superior and his/her superior - answers>Strategies to obtain support: Secure alignment with _________________ Identify and gather available data - answers>A step in identifying risk whereby the purpose is to identify what might happen or what situations might exist that may affect the achievement of the organization's strategy, objectives and tactical plans. Tangible services - answers>A risk management professional may offer faster response, useful or sensitive information or public support in exchange for implementing enterprise-wide collaboration 41 [Date] sufficient support for the strategy - answers>Strategies to obtain support: Determine if there is ___________________ from your immediate chain of command organization's strategies - answers>Strategies to obtain support: Validate risk management strategies with key stakeholders to confirm alignment with the _________________________ Data collection - answers>A strategy for gathering data to identify a risk that should be comprehensive, strategic and timely Sentiments - answers>A risk management professional may offer gratitude, appreciation or praise in exchange for implementing enterprise-wide colaboration Surveys, interviews and focus groups - answers>Methodologies used for gathering data to identify a risk Compliance for Mutual benefits - answers>A form of exchange between departments and enterprise risk management where there is increased ability to manage volatility, improved operational efficiency, more efficient process, strengthened supply chain, reduced operating costs secure support - answers>Strategies to obtain support: Define, communicate and ___________________ from key leaders for the risk roles needed from stakeholders and employees in general, that would enable the desired risk competencies in the enterprise 42 [Date] Benchmarking, document review, assets and process reviews - answers>A strategy for gathering data to identify a risk involving external resources Compensation for Costs - answers>A form of exchange between departments and enterprise risk management where the latter offers to cover the cost associated with complying with the request; cost of additional staff, etc. remediate - answers>Strategies to obtain support: Identify gaps and __________ them objective; benefits - answers>Value proposition of ERM: It is _____________ as possible; it defines the __________ deliverable to each stakeholder Equivalent Payments - answers>A form of exchange between departments and enterprise risk management where the latter offers services in exchange for supporting and implementing enterprise-wide risk management process Existing capabilities - answers>A strategy for gathering data to identify a risk that includes understanding current risk management processes and approaches, existing controls and their levels of effectiveness to identify known risks Progress report should include these issues in the normal business - answers>Material risk target outcome; Specific activities that have taken place since the last report; Challenges in executing the risk treatment plan; A trend assessment in the risk profile against the targeted outcome 45 [Date] What does strategic risk management seeks to? - answers>Drive deliberate and action regarding uncertainties and untapped opportunities that affect an organization's strategy and strategy execution Risk Categorization - answers>helps assign accountability, allocate resources, and ensure that the risk reports are more easily understood by top management How to match training and media for audience? - answers>Message differs depending on the audience; Daily decision-making or general awareness; High-level overview operational instruction or general knowledge What actions could result to informed decisions that increase the likelihood of long- term organizational success? - answers>Building organizational risk competency; Aligning risk strategy to corporate strategy; Embedding risk awareness and competency throughout organizational functions and processes What must risk leaders understand? - answers>Organizational strategy and operations; Key strategic goals to define success; Operational tactics that will be used to achieve strategic goals; Ways in which risk will make or break mission accomplishment. Key risk indicators - answers>metrics used by organizations to provide an early signal of changes in risk exposures in various areas of the enterprise Identify risk; Analyze risk; Evaluate, select and implement responses; Monitor results and revise - answers>Describe the risk process 46 [Date] Brainstorming; Checklists; Interview and self-assessment; Facilitated workshops; Risk questionnaires and risk surveys; Scenario analysis; others such as value chain analysis, system design review, process analysis and benchmarking - answers>Specific techniques for identifying risks include: Risk network - answers>the integration of risk management activities and resources across the organization In developing risk strategy, it should: - answers>Align with the strategic plan; Infuses risk management throughout the structure of the organization Reporting structure and top management views - answers>Determine the risk categorization that most closely aligns with: Risk threshold - answers>Level of uncertainty and potential impact that precipitates an organization to take action Risk management professional should focus on: - answers>Strategic alignment; Success measures; Needed competencies; Securing support for the risk strategy Transfer risk using insurance - answers>Strategy of traditional risk management Collaborative relationship between risk management professionals, the risk network and other within the organization - answers>A key consideration in successful exchange of benefits 47 [Date] Strategic; Operational; Financial; Hazard; Regulatory - answers>Common risk categorization External; People; Process; Relationships; Systems - answers>Other type of risk categorization Budgeting for risk solutions - answers>Reporting on risk and _________________________ becomes naturally integrated, because each areas is required to report within the governance structure and budget resources to accomplish their respective objectives. Consider all risks and exploit risks as part of the strategy - answers>Strategy of Enterprise Risk Management Competitive advantage - answers>The major strengths of the company combine to form the core competencies that provide the basis for the company to achieve what? improvement - answers>Continuous improvement model (Plan): Identify continuous _____________ opportunities; Identify options for _____________ Total cost of risk - answers>Measurement of traditional risk management Risk Evaluation Process - answers>At what stage should the proposed risk treatment methods be evaluated to consider the cost-benefit of the measure to modify the risk and whether the risk treatment changes or introduces new to the organization and its value chain? 50 [Date] performance measures - answers>Elements of treatment plans: the ________________ that validate that the solutions are working as planned reporting and monitoring - answers>Elements of treatment plans: the required ___________________ of risks as part of normal business activity and reporting Accountability for risk - answers>this matters when it is measured and can achieve a trickle down effect as the operations and functional managers engage their staff to support in the achieving the objectives What should be evaluated that may dramatically impact the organization's strategic goals? - answers>effect of significant acquisitions, organizational and process changes, other changes How can risk management professionals gain insights into organizational performance related to the effectiveness of the organizational risk management? - answers>evaluating metrics and reports that result from a disciplined and informed risk management process How can risk management professionals gain credibility and engagement with key stakeholders - answers>validating insights with key stakeholders priorities - answers>Monitoring risk process: setting _______ based on desire performance performance objectives - answers>Monitoring risk process: developing risk metrics integrated with _______________ 51 [Date] monitoring schedules - answers>Monitoring risk process: Establishing _________________ to check progress over time expected value of the of the collective objectives - answers>Monitoring risk process: validating whether the ___________________ from making risk-informed decisions and implementing risk solutions have been achieved