Define Decision Making: (2)
Decision making is a complex process that entails choosing to act/not act in a deliberate manner, that lends itself to the pursuit of organisational goals.
Define and explain the conditions for decision-making: (6)
- Decision under certainty: Exists when information is sufficient to predict the results of each alternative in advance of implementation. Certainty is the ideal problem-solving and decision-making
environment. - Decision under Risk: Exists when decision-makers lack complete certainty regarding the results of various courses of action, but they can assign probabilities of occurrence. Probabilities can be assigned through objective statistical procedures or personal
intuition. - Decision under Uncertainty: Exists when managers have so little information that they cannot even assign probabilities to various alternatives and possible results.
How does risk affect objective achievement? (2)
Risk creates uncertainty for the achievement of strategic objectives due to changes in circumstances or consequences of events.
Define “Risk” according to the COSO definition, and what does that highlight? (3)
Risk is the possibility that events will occur and affect the achievement of strategy and business objectives.
This definition highlights the relationship
between risk and organizational strategy, focusing on the impact that potential
events may have on achieving desired outcomes.
How does the ISO 31000 define risk? (1)
Risk is the effect of uncertainty on objectives.
Give the business dictionary’s definition of risk: (2)
Risk is a probability or threat of damage, injury, liability, loss, or any other negative occurrence that is caused by external or internal vulnerabilities, and that may be avoided through preemptive action.
Explain the difference of traditional vs. contemporary Risk perspectives: (4)
*Traditional definitions of risk deal with
loss, injury, or other undesirable
impacts.
*Risks have therefore been generally
viewed as being negative.
*When an enterprise engages in its
activities, it accepts some measure of risk.
*The notion or understanding of risk
should therefore explicitly consider
possible outcomes ( positive/negative)
Define ‘Risk management’: (2)
Risk management is a continuous process of identifying and determining the extent of risks and putting in place strategies to reduce or eliminate risks that may influence business strategy, objectives, and implementation of strategies.
Name and explain the major risk categories: (6)
*Business risks: this relates to the possibility
that an organisation will / will not compete
successfully in its operations.
*Financial risks: this relates to the possibility
that an entity will not / will have adequate
funds for its operations.
*Hazard risks: this is concerned with
exposures that can cause loss without the
possibility of gain.
Explain the role of risk management in strategic performance: (2)
- Successful strategic management is dependent on how well an organisation can determine and manage risk.
- Robust risk management is necessary to ensure operations are effective and efficient, Risk management is essential for business continuity and for the creation and protection of value.
Define Enterprise Risk Management (ERM): (4)
ERM is a process that is effected by an entity’s board of directors, management and other personnel,… applied in a strategy setting and across the enterprise,… designed to identify potential events that affect the entity and manage risks to be within its risk appetite,… to provide reasonable assurance regarding the achievement of entity objectives.
Explain COSO’s frame of the internal environment: (2)
*It encompasses the “tone at the top” of the enterprise and influences the organisation’s governance process and the risk and control consciousness of its people.
What are the four focus points of the COSO’s framework?
- Corporate governance
- Internal control
- Risk
- Business Ethics
Name COSO’s Framework components: (7)
- Objective Setting
- Event Identification
- Risk Assessment
- Risk Response
- Control Activities
- Information Communication
- Monitoring
Explain ‘Objective Setting’ as a COSO framework component: (2)
Objectives are aligned with the entity’s strategy and risk philosophy,
which then drives event identification, risk
assessment and risk response.
Explain ‘Event Identification’ as a COSO framework component: (2)
Potential negative/Positive events
represent risks that provide a context for
assessing risk and alternative responses
and/or upside to strategy.
Explain ‘Risk Assessment’ as a COSO framework component: (2)
Management considers qualitative and
quantitative methods to evaluate the likelihood and impact of potential
events, individually or by category within a time horizon.
Explain ‘Risk Response’ as a COSO framework component: (2)
Alternatives risk response options and
their effect on risk likelihood and impact as
well as the resulting costs versus benefits.
Explain ‘Control Activities’ as a COSO framework component: (2)
Implements policies and procedures
throughout the organisation, at all levels
and in all functions, to help ensure that
risk responses operate effectively.
Explain ‘Information Communication’ as a COSO framework component: (2)
Capture and communicate pertinent
information from internal and external sources in a form and timeframe that
enables personnel to carry out their
responsibilities.
Explain ‘Monitoring’ as a COSO framework component: (2)
Ensure that the ERM activities are functioning as intended and to identify any
necessary modifications or improvements.
Name the ERM components and the principles of each component: (5)
- Governance & Culture: Board exercises risk oversight, establishes structures,
demonstrate commitment to values. - Strategy and objective setting: analyse context, define risk appetite
- Performance: Identify risk, assess the severity of risk, prioritize risk.
- Review and revision: Assess substantial change, review risk and performance.
- Information communication and reporting: Leverage IT, Communicate risk
information
Define and explain the purpose of the ISO 31000: (4)
- ISO 31000 is the most popular risk management standard used by organisations.
- ISO 31000 caters for any organisation regardless of size, activity or sector.
- ISO 31000 allows organisations adopting ISO 31000 to compare their risk management strategies with an internationally recognized benchmark so as to provide sound principles for risk management and governance.
- ISO 31000 provides detailed guidelines on the planning, implementing, measuring,
and learning features of a risk management system, but less explicit information on
the context, leadership and support features required of a management system
standard.
Study ISO Risk Management Process on slides: p. 29/31
Use this card to rate how well you know the ISO 31000 Risk Management Process graph.
