Risk Assessment in ISO 31000:2018

Questions and Answers

What is the correct definition of a vulnerability in the context of risk evaluation?

• A possible effect or condition that could cause harm
• A systematic method for assessing risks
• A weakness that makes it easier for threats to occur (correct)
• The monetary value lost due to a threat

Which category indicates the most severe impact of loss when evaluating threats?

• Major
• Noticeable
• Severe (correct)
• Minors

Which law requires employers to maintain a safe and healthy workplace?

• 1987 Constitution
• RA 9165 Comprehensive Drug Act
• Anti Sexual Harassment Act
• PD 442: Labor Code (correct)

What does the Vulnerability Rating of 'Very High' indicate?

Almost certain to happen (B)

What is the primary purpose of risk evaluation?

To support decisions and understand factors (C)

What is the primary purpose of risk management within an organization?

To value and protect the organization (D)

Which of the following is considered an example of compliance risk?

Failing to adhere to industry regulations (A)

What does risk identification primarily involve?

Recognizing and describing potential risks (C)

Which type of risk involves uncertainty arising from internal control processes?

Control risk (D)

What characteristic makes risk management practices dynamic?

They adapt to changes as they occur. (A)

Which of the following best describes 'emerging risk indicators'?

Signs of potential new risks, such as rising costs (B)

What is an essential characteristic of risk assessment in an organization?

It must integrate stakeholders' knowledge and opinions. (B)

What does risk analysis aim to achieve within the risk management framework?

To comprehend the nature and characteristics of risk (B)

Flashcards

Risk

The effect of uncertainty affecting organizational objectives. It's usually described by sources, events, consequences, and likelihood.

Risk Assessment

Assessing, analyzing, and evaluating risks to manage uncertainties that affect organizational goals.

Risk Identification

The process of identifying and describing different types of risks.

Tangible Risk

Risks related to physical objects like machinery, equipment, or infrastructure.

Intangible Risk

Risks that involve non-physical factors like reputation, brand image, or customer trust.

Compliance Risk

Risks arising from failure to comply with laws, regulations, or industry standards.

Hazard Risk

Risks related to natural disasters like earthquakes, floods, or fires impacting operations.

Control Risk

Risks related to the uncertainty of internal controls, systems, or processes.

Opportunity Risk

Potential benefits or chances from investments, ventures, or strategic moves that could go wrong.

Risk Analysis

Understanding the nature and characteristics of risks to prepare for them.

Risk Evaluation

The process of evaluating the impact and likelihood of risks to support decision-making related to risk scenarios.

Impact of Loss

The potential damage caused by a threat, categorized by minor, noticeable, major, and severe.

Vulnerability Rating

The likelihood of a risk occurring, indicated by low, moderate, high, and very high categories.

Study Notes

Risk Assessment Framework

• Risk is the effect of uncertainty on objectives, typically expressed through sources, events, consequences, and likelihood.
• Risk assessment includes identification, analysis, and evaluation of risks to manage uncertainties affecting organizational goals.

Risk Identification

• The process of recognizing and describing various types of risks.
• Types of Risks:
  • Tangible Risks: Physical items like machinery.
  • Intangible Risks: Non-physical factors like bad reviews.
• Considerations include:
  • Cause and effect relationships.
  • Threats and opportunities, such as competition.
  • Vulnerabilities and strengths within an organization.
  • Changes in the internal and external context.
  • Emerging risk indicators, such as rising costs.
  • Asset and resource value assessment for training needs.
  • Evaluating consequences and impacts to achieve goals.

Types of Risk

• Compliance Risk: Failure to adhere to laws and regulations.
• Hazard Risk: Pure risk from natural disasters affecting operations.
• Control Risk: Arises from uncertainty related to internal controls.
• Opportunity Risk: Risks associated with potential beneficial investments or chances.

Value Creation and Protection

• Risk management should be integrated within organizational structures and project planning.
• Must be structured, comprehensive, customized, and inclusive of stakeholder input.
• Dynamic management adapts to changing circumstances.
• Continual improvement processes seek effective identification, assessment, and mitigation of risks.

Risk Analysis

• Understand the nature and characteristics of risks, aiding organizational preparedness.
• Highlights the importance of analyzing consequences, impacts, and probabilities.
• Utilizes both qualitative and quantitative assessments:
  • Qualitative: Standards and protocols.
  • Quantitative: Statistical data and calculations.

Impact of Loss

• Damage from threats is categorized as:
  • Minor: Negligible impact.
  • Noticeable: Distinct but not critical.
  • Major: Significant disruption.
  • Severe: Total breakdown.
• Vulnerability ratings indicate likelihood of occurrence:
  • Low: Unlikely event.
  • Moderate: Possible but not guaranteed.
  • High: Likely occurrence.
  • Very High: Almost certain event.

Risk Evaluation

• Supports decision-making by comparing chosen problems.
• Evaluates various factors involved in risk scenarios.

Legislative Framework for Safety and Security

• 1987 Constitution: Foundation for safety regulations.
• PD 442 Labor Code: Mandates maintenance of safe workplaces.
• OSH Standards: Sets requirements for occupational health and safety.
• EO 307: Establishes the OSH Center.
• PD 626: Provides a compensation framework for work-related injuries.
• Anti Sexual Harassment Act: Protects against workplace harassment.
• RA 9165: Addresses drug-related offenses.
• RA 8504: Aims to prevent and manage HIV/AIDS in workplaces.
• RA 11058: Strengthens compliance with OSHS and outlines penalties for violations.