Deck 23: Identifying and Managing Risks

A) a weak risk culture.
B) a strong risk culture.
C) an effective risk management system.
D) low risk tolerance.
E) None of these responses are correct.

A) PEST analysis
B) STEEP analysis
C) Scenario planning
D) SWOT analysis
E) Cause-and-effect diagram

A) risk management register.
B) risk management plan.
C) risk management policies.
D) risk management system.
E) risk management protocols.

A) It encourages continual improvement.
B) It is included in decision making.
C) It is tailored to suit the organisation's needs and goals.
D) It creates value for the organisation.
E) All of these responses are correct.

A) an operational risk.
B) a reputational risk.
C) an intrinsic risk.
D) an external risk.
E) a strategic risk.

A) Identify, evaluate, analyse, treat
B) Identify, analyse, evaluate, treat
C) Identify, analyse, treat, evaluate
D) Identify, treat, analyse, evaluate
E) Identify, evaluate, treat, analyse

A) What the organisation is doing to enhance the risk
B) What the organisation is doing to remove the risk
C) What the organisation is doing to control the risk
D) The level of loss an organisation is prepared to accept from the risk
E) Contingency plans to be put in place should the risk occur

A) no risk tolerance.
B) some risk tolerance.
C) low risk tolerance.
D) high risk tolerance.
E) None of these responses are correct.

A) inherent risks.
B) residual risks.
C) tolerable risks.
D) registered risks.
E) managed risks.

A) risk analysis needs to be incorporated into the organisation's strategic planning and decision making and its organisation's various management systems.
B) risk management planning needs to be incorporated into the organisation's operational planning and decision making and its organisation's various management systems.
C) risk management planning does not need to be incorporated into the organisation's strategic planning and decision making or its various management systems.
D) risk analysis and risk management planning need to be incorporated into the organisation's operational planning and decision making and its various management systems.
E) risk analysis and risk management planning need to be incorporated into the organisation's strategic, business and operational planning and decision-making and its various management systems.

A) Identifying clear risk policies
B) Consulting with relevant stakeholders
C) Establishing a mandate for and commitment from the organisation's leadership
D) Conducting a risk analysis
E) Conducting risk monitoring and review

A) how aware an organisation is of risks and their potential effects on the organisation, employees at all levels and all parts of the organisation.
B) how aware an organisation is of opportunities and their potential effects on the organisation, employees at all levels and all parts of the organisation.
C) how conscious employees are of the role they play in controlling risks and opportunities.
D) how conscious employees are of the role they play in optimising risks and opportunities.
E) All of these responses are correct.

A) business continuity plans.
B) disaster recovery plans.
C) business impact analysis.
D) business evaluation plans.
E) contingency plans.

A) information technology.
B) pandemic.
C) Mother Nature.
D) the government.
E) the economy.

A) Everyone - all employees and all managers
B) The organisation's board of directors
C) Risk event management teams
D) Risk management committees
E) Risk owners

A) risk register.
B) heat map.
C) risk consequence table.
D) risk/opportunity matrix.
E) None of these responses are correct.

A) eliminate the risk.
B) prevent the risk from occurring.
C) reduce the consequences of the risk should it occur.
D) reduce the likelihood of the risk occurring.
E) None of these responses are correct.

A) Employees
B) Employees, contractors and suppliers
C) Any stakeholders involved in or affected by the risks facing the organisation
D) All of the organisation's stakeholders
E) Only those stakeholders affected by the risks facing the organisation

A) have moderate consequences, but be almost certain to occur.
B) have severe consequences, even though it is a very unlikely to occur.
C) have major consequences and possibly occur.
D) have severe consequences and possibly occur.
E) All of these responses are correct.

A) list the consequences that would follow in the event of a risk occurring.
B) rank the severity of consequences based on their impact in the event of a risk occurring.
C) rank the severity of consequences based on their impact and duration in the event of a risk occurring.
D) determine the likelihood of exposure to a risk.
E) determine the frequency of exposure to a risk.

A) avoiding a risk by removing its source.
B) accepting a risk.
C) rejecting an unacceptable risk.
D) transferring a risk.
E) reducing a risk to an acceptable level through controls or preventative measures.

A) identifying risks.
B) analysing risks.
C) evaluating risks.
D) treating risks.
E) avoiding risks.

A) proactively re-examine the risks it faces.
B) proactively re-examine its evaluation of the risks it faces.
C) analyse the strengths and weaknesses of the RMP.
D) identify opportunities to improve and update the RMP so that it will reflect changing circumstances inside and outside the organisation.
E) All of these responses are correct.

A) The treatment/s selected for each risk
B) The action items needed to implement the RMP
C) Identification of the management and control structures needed to execute the RMP
D) A list of resources the program needs
E) A review process that involves stakeholders and encourages continuous improvement, innovation and learning

A) external factors which are strengths.
B) external factors which are weaknesses.
C) internal factors which are strengths.
D) external factors which could be either strengths or weaknesses.
E) internal factors which could be either strengths or weaknesses.