18 Questions
What determines the level of risk?
The combination of likelihood and magnitude
What is the purpose of the risk map?
To illustrate the level of risk
What is required to mitigate or exploit high risks?
The active attention of the Board and Senior Management
Who is responsible for mitigating or exploiting medium risks?
Middle management staff
What is the characteristic of risks marked as 'H' on the risk map?
They may materially influence the achievement of business objectives
What is the purpose of identifying the source of high risks?
To understand and execute positive actions
What is the primary objective of risk mitigation?
To reduce the level of occurrence or magnitude of impact of risks
What is the purpose of a risk assessment workshop?
To assess the impact and likelihood of identified risks
What is the purpose of the risk heat map?
To visualize and prioritize risks
What is the purpose of the risk assessment pack?
To provide input for the risk assessment workshop
What is the purpose of the performance measure 'Accuracy assessment reports'?
To measure the number of material errors in the assessment reports
How many risk treatment approaches are adopted by NNPC Limited and its subsidiaries?
Four
What is the purpose of conducting a risk assessment in an organization?
To make decisions about the significance of risks and whether to accept or treat them
What is the description of a 'Good' control rating?
The majority of risk exposure is effectively controlled and managed
What is the purpose of facilitated workshops in risk assessment?
To discuss and evaluate the likelihood and impact of identified risks
What is the purpose of structured interviews in risk assessment?
To obtain opinions on risk exposures through one-on-one discussions
What is the primary goal of risk management?
To assess and manage risks to an acceptable level
What is the purpose of desktop-based assessment in risk management?
To monitor and assess risks through key risk indicators (KRIs)
Study Notes
Risk Prioritisation and Ranking
- The level of risk is determined by combining the likelihood of occurrence and the magnitude of impact.
- The risk map is an illustration of the level of risk, categorizing risks as high, medium, or low.
Risk Map Categories
- High risks (H): may materially influence the achievement of business and strategic objectives, requiring attention from the Board and Senior Management.
- Medium risks (M): may influence short-term business and strategic objectives, possibly requiring attention from middle management.
- Low risks: unlikely to significantly impact business and strategic objectives.
Risk Assessment
- Conducted to evaluate the significance of risks and decide whether to accept or treat them.
- Involves:
- Assessing impact and likelihood
- Identifying key controls and mitigation activities
- Evaluating control effectiveness
- Ranking residual risks from high to low
- Developing a risk map
Risk Mitigation and Control
- Aims to reduce the level of occurrence or magnitude of impact of risks.
- NNPC Limited adopts one of four risk treatment approaches.
- Control effectiveness is described as:
- Poor: ineffective control measures
- Fair: room for improvement
- Good: majority of risk exposure effectively controlled
- Very Good: risk exposure effectively controlled and managed
Risk Management Approaches
- Desktop-based assessment: identifying key risk indicators (KRIs), setting thresholds, and monitoring them regularly.
- Facilitated workshops: discussing and evaluating likelihood and impact of risks with process owners.
- Structured interviews: one-on-one discussions with personnel to obtain opinions on risk exposures.
Assessing the competence of personnel and effectiveness of resources in risk management, and evaluating control measures to make informed decisions.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free
