Risks - ANSWER The effect of uncertainty on objectives
The chance of something happening that will have an impact on objectives
Being prepared for the worst and being poised to exploit opportunities as they are discov-
ered
Enterprise Risk Management - ANSWER A strategic business discipline that supports the
achievement of an organization's objectives by addressing the full spectrum of its risks and
managing the combined impact of those risks as an interrelated risk portfolio.
Support Function: Business continuity and crisis management - ANSWER Risk identifica-
tion, assessment and creation of emergency response and recovery plans related to threats
or hazards that might lead to operational disruptions
Analysis - ANSWER A systematic examination and evaluation of data or information by
breaking it into its component parts to uncover their relationships. An examination of data
and facts to uncover and understand cause-effect relationships, thus providing basis for
problem solving and decision making.
To embed risk management in both routine and strategic decision, what should managers be
able to recognize? - ANSWER The type of decision being made; Who should be included
in the decision making process; Where in the process decisions are being made
Risk management strategies' general focus - ANSWER Meeting or exceeding an organiza-
tion's objectives
Adhering to control-based objectives, rules and/or controls
Complying with regulatory requirements
1
,Support Function: Internal Audit - ANSWER Risk identification, assessment and treatment
through audit plans with focus on fraud, corruption, regulatory noncompliance and/or mis-
representation related to the organization's internal control systems, financial operations,
financial statements and reporting as well as enterprise risk and the organization's risk man-
agement framework and process.
What steps can the risk management professional take to embed risk management in deci-
sion making? - ANSWER Include risk assessment in planning process; Leverage cross-
functional risk assessment team and subject matter experts to identify enterprise risks; Con-
sider cascading and cumulative effects
Gap Analysis - ANSWER Technique that can be used to determine what steps might need
to be taken to improve the organization's capacity to move from a current state to a desired
future state.
Risk appetite - ANSWER The total exposed amount that an organization wishes to under-
take on the basis of risk-return trade-offs for one or more desire and expected outcomes.
Communication and Consultation - ANSWER Risk management professional's role in Im-
plementing Risk Strategies
Support Function: Legal - ANSWER Risk identification, assessment and treatment of risks
related to the obligation an organization undertakes and transfers through contracting, as
well as its compliance with applicable laws and regulatory obligations.
What are the typical failures in risk management which can be avoided if it is embedded in
the decision making process? - ANSWER Program not integrated into strategy or its exe-
cution; Focused on the wrong risks; Not executed in a repeatable process; Risk management
is practiced in a silo; Activity not viewed as being value added
Strategic Plan - ANSWER Determines that actions the organization will take at any stage
of the planning period as circumstances change.
2
,Risk owner - ANSWER The individual who is ultimately accountable for ensuring that risk
is managed appropriately, including the implementation of selected responses.
Risk Identification Process - ANSWER Finding, Recognizing and Recording Risks
Support Function: Compliance - ANSWER Risk identification, assessment and treatment
of risk related to regulations that may affect the organization's ability to operate in its re-
spective jurisdictions, as well as activities that fall within its compliance and ethics programs.
To successfully integrate risk management into decision making, risk management profes-
sionals will rely on strategies that draw on personal and technical skills in - ANSWER
Building organizational awareness; . Differentiating the different types of decisions used in
varying situations using elements of decision quality; Performing various roles in the taking
risk into account in decision-making process
Strategy - ANSWER A complete plan of action for whatever situations might arise in
achieving an organization's goals within the established time.
Risk tolerance - ANSWER The amount of uncertainty an organization is prepared to ac-
cept in total or more narrowly within a certain business unit, a particular risk category or for
a specific initiative.
Strategic Risk Management - ANSWER A business discipline that drives deliberation and
action regarding uncertainties and untapped opportunities that affect an organization's strat-
egy and strategic execution.
Value Chain - ANSWER The series of functions, processes, materials and activities (inputs)
from concept to the eventual end user that creates and builds value at every step in order to
deliver a product or service.
3
, To build organizational awareness, the risk management professional needs to do the follow-
ing: - ANSWER Be a persuasive communicator and facilitator; Have a clear communica-
tion plan; Engage interested parties, including primary and secondary audiences; Demon-
strate that risk management creates the most value ; Develop feedback loops for continuous
learning
Risk Analysis - ANSWER The process of characterizing and understanding the nature of
risk and of considering the level of risk in the context of the organization's willingness to ac-
cept risk.
Support Function: Safety - ANSWER Risk identification, assessment and treatment of risks
focused on preserving the physical well-being of employees and third parties.
Likelihood, Consequences, other criteria such as timing, duration, vulnerability and interde-
pendencies - ANSWER Risk is typically analyzed on the basis of
Support Function: Information Security - ANSWER Risk Identification, assessment and
treatment of risk arising our of or affecting information and technology infrastructure.
To build organizational awareness, risk management creates the most value when - AN-
SWER Risk management Aligns with strategic goals; Takes corporate culture into account;
Involves key enterprise functions
Financial Statements - ANSWER Internal source of information that includes financial an-
alytics or projections
strategic planning team - ANSWER The risk manager should be a part of the
_______________________ to provide the structure discipline for consideration of risks in a
strategic portfolio.
Internal Audit Reports - ANSWER Internal source of information that focuses on business
practices important to the goals and reflection of regulatory environment of the organization
4
The chance of something happening that will have an impact on objectives
Being prepared for the worst and being poised to exploit opportunities as they are discov-
ered
Enterprise Risk Management - ANSWER A strategic business discipline that supports the
achievement of an organization's objectives by addressing the full spectrum of its risks and
managing the combined impact of those risks as an interrelated risk portfolio.
Support Function: Business continuity and crisis management - ANSWER Risk identifica-
tion, assessment and creation of emergency response and recovery plans related to threats
or hazards that might lead to operational disruptions
Analysis - ANSWER A systematic examination and evaluation of data or information by
breaking it into its component parts to uncover their relationships. An examination of data
and facts to uncover and understand cause-effect relationships, thus providing basis for
problem solving and decision making.
To embed risk management in both routine and strategic decision, what should managers be
able to recognize? - ANSWER The type of decision being made; Who should be included
in the decision making process; Where in the process decisions are being made
Risk management strategies' general focus - ANSWER Meeting or exceeding an organiza-
tion's objectives
Adhering to control-based objectives, rules and/or controls
Complying with regulatory requirements
1
,Support Function: Internal Audit - ANSWER Risk identification, assessment and treatment
through audit plans with focus on fraud, corruption, regulatory noncompliance and/or mis-
representation related to the organization's internal control systems, financial operations,
financial statements and reporting as well as enterprise risk and the organization's risk man-
agement framework and process.
What steps can the risk management professional take to embed risk management in deci-
sion making? - ANSWER Include risk assessment in planning process; Leverage cross-
functional risk assessment team and subject matter experts to identify enterprise risks; Con-
sider cascading and cumulative effects
Gap Analysis - ANSWER Technique that can be used to determine what steps might need
to be taken to improve the organization's capacity to move from a current state to a desired
future state.
Risk appetite - ANSWER The total exposed amount that an organization wishes to under-
take on the basis of risk-return trade-offs for one or more desire and expected outcomes.
Communication and Consultation - ANSWER Risk management professional's role in Im-
plementing Risk Strategies
Support Function: Legal - ANSWER Risk identification, assessment and treatment of risks
related to the obligation an organization undertakes and transfers through contracting, as
well as its compliance with applicable laws and regulatory obligations.
What are the typical failures in risk management which can be avoided if it is embedded in
the decision making process? - ANSWER Program not integrated into strategy or its exe-
cution; Focused on the wrong risks; Not executed in a repeatable process; Risk management
is practiced in a silo; Activity not viewed as being value added
Strategic Plan - ANSWER Determines that actions the organization will take at any stage
of the planning period as circumstances change.
2
,Risk owner - ANSWER The individual who is ultimately accountable for ensuring that risk
is managed appropriately, including the implementation of selected responses.
Risk Identification Process - ANSWER Finding, Recognizing and Recording Risks
Support Function: Compliance - ANSWER Risk identification, assessment and treatment
of risk related to regulations that may affect the organization's ability to operate in its re-
spective jurisdictions, as well as activities that fall within its compliance and ethics programs.
To successfully integrate risk management into decision making, risk management profes-
sionals will rely on strategies that draw on personal and technical skills in - ANSWER
Building organizational awareness; . Differentiating the different types of decisions used in
varying situations using elements of decision quality; Performing various roles in the taking
risk into account in decision-making process
Strategy - ANSWER A complete plan of action for whatever situations might arise in
achieving an organization's goals within the established time.
Risk tolerance - ANSWER The amount of uncertainty an organization is prepared to ac-
cept in total or more narrowly within a certain business unit, a particular risk category or for
a specific initiative.
Strategic Risk Management - ANSWER A business discipline that drives deliberation and
action regarding uncertainties and untapped opportunities that affect an organization's strat-
egy and strategic execution.
Value Chain - ANSWER The series of functions, processes, materials and activities (inputs)
from concept to the eventual end user that creates and builds value at every step in order to
deliver a product or service.
3
, To build organizational awareness, the risk management professional needs to do the follow-
ing: - ANSWER Be a persuasive communicator and facilitator; Have a clear communica-
tion plan; Engage interested parties, including primary and secondary audiences; Demon-
strate that risk management creates the most value ; Develop feedback loops for continuous
learning
Risk Analysis - ANSWER The process of characterizing and understanding the nature of
risk and of considering the level of risk in the context of the organization's willingness to ac-
cept risk.
Support Function: Safety - ANSWER Risk identification, assessment and treatment of risks
focused on preserving the physical well-being of employees and third parties.
Likelihood, Consequences, other criteria such as timing, duration, vulnerability and interde-
pendencies - ANSWER Risk is typically analyzed on the basis of
Support Function: Information Security - ANSWER Risk Identification, assessment and
treatment of risk arising our of or affecting information and technology infrastructure.
To build organizational awareness, risk management creates the most value when - AN-
SWER Risk management Aligns with strategic goals; Takes corporate culture into account;
Involves key enterprise functions
Financial Statements - ANSWER Internal source of information that includes financial an-
alytics or projections
strategic planning team - ANSWER The risk manager should be a part of the
_______________________ to provide the structure discipline for consideration of risks in a
strategic portfolio.
Internal Audit Reports - ANSWER Internal source of information that focuses on business
practices important to the goals and reflection of regulatory environment of the organization
4
