Module 6: Risk frameworks (advisory)

Question 1

The Orange Book

Answer 1

The UK government has a publication called Management of Risk - Principles and Concepts.

This is a higher level guide than other risk management frameworks and is designed to provide broad-based general guidance on the principles of risk management in the public and private sectors.

In addition to describing a risk management process including the initial identification and analysis of risk, it includes more advanced guidance, such as the importance of horizon scanning (a systematic activity designed to identify indicators of change in risk).

Question 2

Outline the key principles embedded in the Orange Book

Answer 2

• the importance of linking risks to objectives
• the distinction between the risk and its impact
• the need to distinguish inherent and residual risks
• prioritisation of risks is more important than quantification
• risk appetite should be subdivided into corporate, delegated and project
• a dedicated risk committee is recommended

Question 3

4 Related Elements of

The Treasury Board of Canada Integrated Risk Management Framework

Answer 3

1. Developing the corporate risk profile
   - — The organisation’s risks are identified through environmental scanning (reviewing internal and external risk factors)
   - — The current status of risk management within the organisation is assessed.
   - — The organisation’s risk profile is identified.
2. Establishing an Integrated Risk Management Function (RMF)
   - — Management direction on risk management is communicated, understood and applied
   - — The approach to making integrated risk management operational is implemented through existing decision-making and reporting structure
3. Practising Integrated Risk Management
   - — A common risk management process is consistently applied at all levels.
   - — The results of risk management practices at all levels are integrated into informed decision-making and priority setting.
   - — Consultation and communication with stakeholders is ongoing.
4. Ensuring continuous risk management learning
   - — A supportive work environment is established where learning from experience is valued, lessons are shared.
   - — The results of risk management are evaluated to support innovation, learning and continuous improvement.
   - — Experience and best practices are shared, internally and across government.

Question 4

4 Key principles embedded in The Treasury Board of Canada Integrated Risk Management Framework that distinguish it from others

Answer 4

• the importance of the establishment of a comprehensive understanding of an organisation’s risk profile, appetite and tolerance
• the focus on the RMF and the integration of risk management activities
• the value of a continuous and supportive learning environment
• the need to establish the “relationship between the organisation and its operating environment, revealing the interdependence of individual activities and the horizontal linkages”.

Question 5

List the 7 elements of the process set out by AS/NZS 4360

Answer 5

1. Establish the context (including SWOT factors)
2. identify risks
3. analyse risks
4. evaluate risks
5. treat risks
   6 monitor and review
6. communicate and consult

Question 6

AS/NZS 4360

Answer 6

AS/NZS 4360 is a practice Risk Management Standard published by Standards Australia.

Question 7

Outline the key principles of AS/NZS 4360 that distinguish it from others

Answer 7

• the detail on risk analysis for non-financial organisations
• the recommendation that the risk management process is formulated into a risk management plan
• the stressing of the importance of senior management buy-in
• the need for adequate resources being allocated to risk management.

Question 8

ISO 31000

Answer 8

The widespread adoption of AS/NZS 4360 and COSO may, in future, be superseded by the newer ISO 31000, the global Risk Management Guidance Standard issued by the International Organization for Standardization.

ISO 31000 has the same overall objective as existing standards, providing generic guidelines for the principles underlying best practice risk management rather than dealing with specific risks or sectors, and in fact has much similar content.

Question 9

3 Distinguishing characteristics of ISO 31000

Answer 9

• emphasis on the possibility of an ‘effect’, rather than the possibility of an ‘event’
• focus on how such effects could affect objectives.
• viewing the risk framework as being dynamic - developing through a continuous cycle (akin to the Actuarial Control Cycle).

Question 10

RAMP

Answer 10

A methodology for Risk Assessment and Management of Projects (RAMP) has been developed jointly between the Institute and Faculty of Actuaries and Institute of Civil Engineers.

While it is mainly concerned with capital projects rather ongoing business activities, it is still relevant to day-to-day business, especially when considering the business as a portfolio of projects.