9. Embedding And Monitoring Of Risk Management Flashcards Preview

Financial Fraud > 9. Embedding And Monitoring Of Risk Management > Flashcards

Flashcards in 9. Embedding And Monitoring Of Risk Management Deck (36)
Loading flashcards...
1
Q

What does Neher identify as the primary functions of communication in organisations?

A
Compliance-gaining
Leading, motivating and influencing
Sense-making
Problem-solving and decision-making
Conflict management, negotiation and bargaining
2
Q

What are the three distinct models of communication?

A

Technical
Contextual
Negotiated

3
Q

TECHNICAL models of communication note that — can corrupt or dilute a message

A

Noise

4
Q

According to the technical model of communication, in what four ways can noise be minimised?

A

Use language relevant to audience
Keep message simple
Use repetition
Elicit feedback

5
Q

Contextual models of communication suggest — factors will influence how the message is delivered and understood

A

Contextual

6
Q

In the contextual model of communication, what are the main contextual factors?

A

Internal environment
Wider external factors (such as national culture and global risk climate)
Perceptions of groups and individuals

7
Q

— models of communication suggest communication is always evolving and adapting in the light of feedback and experience

A

Negotiated

8
Q

Communication may be distinguished by the level at which it takes place. What are the three levels?

A

Micro (interpersonal)
Meso (group, organisational and inter-organisational)
Macro (mass communication)

9
Q

Give three examples of communication at the micro level

A

Job descriptions detailing risk management responsibilities
Performance review of risk management
Individual reports to line manager on risk management performance

10
Q

Give three examples of communication at the meso level

A

Functional risk registers
Team meetings where risk performance measures reported and assessed
Cross functional risk workshops

11
Q

Give two examples of communication at the macro level

A

Annual report detailing risk management performance on internet
Organisation’s risk management strategy and policy on internet

12
Q

For what three reasons should risk management activities be monitored?

A

Assess whether risk profile changing
Provide assurance that risk management effective
Identify when further action necessary

13
Q

In an effective risk management system, monitoring and reporting mechanisms should be part of the organisation’s — —

A

Routine processes

14
Q

From what three generic sources can senior management obtain assurance that risk management processes are working effectively?

A

Routine process within system, process or activity
Non-routine process within system, process or activity
Process independent of system, process or activity

15
Q

In the risk management process, what should be monitored, reviewed and reported on?

A

Whether risks still exist
Whether new risks have arisen
Whether likelihood and impact of risks has changed
Whether risk priorities should be adjusted
Whether risk responses are effective
Regular review of the risk management PROCESS

16
Q

When providing assurance on the effectiveness of the whole risk management system, what activities should be objectively reviewed?

A

Organisational strategy and objective setting
Risk identification, evaluation and analysis
Setting and communication of risk appetite
Adequacy and effectiveness of risk responses
Accuracy and ease of monitoring
Response to issues shown up by monitoring
Responses to critical incidents and near misses

17
Q

What are the key objectives of the risk management process?

A

Identify and prioritise risks arising from strategy and activities
Management and board have determined level of risk acceptable to org
Risk mitigation activities designed and implemented to manage risk down to an acceptable level
Ongoing monitoring activities conducted periodically
Board and management receive periodic reports of results of risk management process

18
Q

List activities that may be used to provide the necessary evidence for assurance over an organisation’s risk management processes

A

See ithoughts note CGRM 001

19
Q

What other terms may be used to refer to a risk “incident”?

A

Issue
Event
Materialised risk

20
Q

What term is used to describe the occurrence of unpredicted high-impact incidents?

A

Black swan events

21
Q

Organisations should have — — in place in the event that risks to the achievement of key objectives materialise

A

Contingency plans

22
Q

Ideally, the organisation should be able to activate its contingency plans — the incident is recognised

A

Immediately

23
Q

Since there are often significant costs associated with developing contingency plans, a — - — analysis will need to be undertaken

A

Cost-benefit

24
Q

Following a risk event, the organisation should review the elements of the risk and response activity to…

A

Decide whether further risks should be identified
Decide whether further responses are needed
Decide whether costs would outweigh benefits and no further action should be taken

25
Q

In risk management, — — refers to the process through which organisations seek to improve the capacity of their members to understand and manage risk

A

Organisational learning

26
Q

In organisational learning, at what four levels should learning systems and processes operate?

A

Individual
Group
Organisational
Inter-organisational

27
Q

Organisations should aim to — risk management so it becomes part of the organisation’s culture and routine processes

A

Embed

28
Q

What eight factors will help an organisation embed risk management?

A
Top management support
Inclusion in organisational policies and processes
Common risk management language
Identify benefits to all
Momentum
Clear roles and responsibilities
Flexibility
Internal audit approach
29
Q

In what ways can senior management demonstrate support of risk management?

A

Allocate time at regular meetings to discuss RM
Call on senior managers to make presentations on key risks and responses in their area
Decide on and support risk management policy
Use risk terminology in everyday discussions
Ensure all papers and proposals to them include analysis of key risks and how they will be handled

30
Q

—, rather than risk management functions, should be responsible for embedding risk management in policies, processes and procedures

A

Management

31
Q

To facilitate embedding of risk management, effort needs to be put into demonstrating how risk management will…

A

Benefit staff personally as well as the organisation as a whole

32
Q

To facilitate the embedding of risk management, internal audit should…

A

Adopt a risk based approach to its audit work

33
Q

List five tools and techniques for embedding risk management

A
Performance objectives
Staff training
In-house expertise
Risk identification or CRSA workshops
Ready made framework
34
Q

List five benefits of embedding risk management

A
Less bureaucracy
More informed decision making
Speedier risk identification
Proactivity rather than reactivity
Improved change management
35
Q

List five key success factors that would demonstrate risk management has been successfully embedded

A
Inclusion in other processes and procedures
Part of regular management discussions
Regular updates
No unexpected risks
No unexpected impacts or probabilities
36
Q

C— is integral to effective risk management

A

Communication