A large manufacturing organization has renewed an insurance policy and has accepted a significant increase in the policy deductible. What is this most likely to indicate?
Which of the following are tools that can measure risks allowing an organization to make more risk-informed decisions?
The key advantage a Governance Risk and Compliance framework offer when compared to retaining separate and independent risk control functions are it can promote individual risk initiatives at working levels.
Contribution decision roles is not an access review level for assessing risk management accountability and data privileges.
The Chief Risk Officer within a large manufacturing organization has been asked by the Board of Directors to provide an example of a pure risk. A suitable example would be:
The consequence of a failure to identify all significant risks that an organization faces is likely to be
1. business objectives may not be achieved.
2. operating costs may increase.
3. opportunities may be overlooked.4. Risks will be better identified in the future.
What is typically the day-to-day responsibility of a Chief Risk Officer within a large organization?
Financial constraints could be a primary reason enterprise risk management (ERM) systems fail.
Which type of risks are characterized by a perceived lack of control and catastrophic potential?
When applying probability theory to a specific period of time, a measurement of 0.85 indicates that the event will never occur.
As a direct result of recent disasters in the oil drilling and exploration sector, for companies in this sector there has been an increase in new regulations and safety controls.
In a manufacturing organization, what is a fault tree typically designed to show?
Which of the following would you expect to see in the context of the risk strategy of an organisation? 1-The risk and audit team report to the board quarterly. 2-The tolerance level of risk is clearly defined. 3-Ownership of risk is delegated to business units. 4-The organisation has a defined risk appetite.
ISO 31000 risk management process, ‘monitoring and review’ is best thought of as _______.
The determination of whether a specific risk is tolerable will involve consideration of
1. the size of the residual risk.
2. history of losses.
3. risk appetite for that risk.
4. the cost of insurance.
A risk manager in an organization is evaluating a risk and multiplies the probability of the risk occurring with the potential impact. The result of the calculation is the production of a risk:
Within a large global organization, ______ has the primary responsibility of identifying individual risk owners and making sure appropriate risk control activities are carried out.
Which risk management standard places a specific emphasis on internal risk controls?
When considering risk management within a manufacturing organization, what is a key benefit of conducting a detailed structured analysis of the entire organization?
Which of the following is included in the phases in BI ERM implementation?
Within a large global organization, the compliance function is normally:
One key reason for a risk manager to review an organizational chart is to:
In relation to a large organization’s risk management process, what does the internal audit function typically have responsibility for?
A risk register has been produced for a large engineering company, but, one of the difficulties with a risk register is that it is impossible to update a risk register on a regular basis.
The ISO 31000 standard separates risk management areas into:
When implementing an enterprise risk management (ERM) framework, a large organization should be aware that ERM:
Within an organization, when attempting to manage and control risk, the organization should be aware that:
Dr. Robins chose to stop practicing when malpractice insurance premiums became too high for him to afford. He is managing risk by _____________ risk.
All of the following are primary business intelligence ( BI) system functions that apply to ERM practices:
A. BI information user roles
B. BI data mining and risk notification
C. Master data management
D. Primary Decision role
The following questions consist of TWO statements. Read each statement and consider if each one is ‘True’ or ‘False’. If Statement 1 is‘True’, consider if Statement 2 is a correct or an incorrect explanation for why Statement 1 is ‘True’.
Choose from the following FIVE possible combinations of answers where the first True/False refers to Statement 1 and the second statement 2.
In the context of the above scenario, choose the appropriate answerfrom the following.
Purchasing insurance is a technique used to assume risk.
A broker is undertaking a business interruption review on behalf of a client. This would most commonly include an evaluation of the effectiveness of a business continuity plan.
A key consideration when designing an organizational risk register is that the organization’s risk profile is captured.
The types of risk being assessed by large organizations are assessing the [a] and [b] of one of its customers
As part of an organization’s risk management process, when considering risk and uncertainty, the risk team must be aware that risk can apply to both opportunities and threats to the organization.
A logistics manager for a supermarket chain identifies that there is a continual delay in the deliveries to stores. What is the most appropriate technique to identify the cause of the problem?
Silo-based risk management can be put into place at a financial organization to assess whether its risk management systems are likely to fail.
Risk information maps are developed for only some of the business areas that affect the organization’s strategic value chain.
A large organization is assessing a risk using a typical risk management process and has just established and identified the risks to which it is exposed. What is likely to be the next stage in the process?
The perception of risk by senior management typically shapes the organization’s risk appetite and attitude towards risk acceptance.
[a], [b] and [c] are the type of risk framework expected to improve efficiency by aligning strategy, processes, technology and people.
Case Study: Foods Company is a cold storage warehouse, storing and delivering frozen foods for supermarkets. Established in 1999, Foods Company employs 30 people.
An accident book is kept on site. Normally there are only a few minor injuries recorded but the last month has seen 2 employees go off ill and subsequently diagnosed with asthma. A potential cause is a dry atmosphere when working in extremely cold temperatures increases the likelihood of employees showing signs of asthma.
A bi-weekly meeting takes place on-site between the site manager and the health and safety manager to discuss risk management matters. The agenda for today’s meeting is risk assessment with a review of health and safety hazards and the matters discussed are restricted to operational risks.
Which one of the following would help reduce the level of risk when working in the warehouse?
A train has crashed and is badly damaged. There have been numerous claims from injured passengers as well as a loss of revenue for the train operator. This is an example _________.
Within an organization, business risk can typically be categorized as the:
A key requirement for successfully implementing a governance risk and compliance framework within an organization is for:
An international bank has identified the risks associated with economic changes in the countries in which it operates which it describes as External – Reputational.
Understanding the potential causes of risk events will primarily help an organization to:
An engineering company is assessing the key risks faced within the manufacturing process. Although cover is in place for most of the potential losses that may arise, the company should be aware that human error cannot be eliminated.
It is important that an organization attempts to measure the benefits of risk management in financial terms because it will record all electronic interventions to provide an audit trail.
Why can it be difficult for an organization to categorize risks?