Risk Management and Auditing Essentials

Questions and Answers

What does the 'C' in COPE stand for in the context of property underwriting?

• Construction (correct)
• Cost
• Compliance
• Condition

Which hazard is characterized by carelessness or indifference leading to potential losses?

• Environmental hazard
• Moral hazard
• Market hazard
• Morale hazard (correct)

What does a combined ratio greater than 100 indicate for an insurance company?

• Sustained growth
• Break-even performance
• Profit from underwriting
• Loss from underwriting (correct)

How is public fire protection defined?

Governmental services available to all properties in an area (A)

Which of the following is NOT a component evaluated in nonfinancial measures for monitoring underwriting results?

Market share (C)

What is the purpose of a loss run report in underwriting?

To detail an insured's history of claims (D)

What does the retention ratio represent in insurance?

The percentage of policies renewed by an insurer (D)

Which aspect is evaluated by underwriters to analyze loss exposures from surrounding properties?

External exposure (A)

What does residual risk include?

Unidentified risks and retained risks (B)

Which analysis technique is used to evaluate a product's safety?

Fault Tree Analysis (A)

What characterizes tangible costs?

Costs that can be directly observed and measured (D)

What does deductive analysis involve?

A top-down approach deducing behavior from premises (C)

Which type of workers most commonly use dynamic risk assessments?

Emergency service workers (B)

What is the primary goal of risk management?

To minimize or eradicate adverse effects of risks (B)

Which statement accurately describes risk homeostasis?

People adjust their behavior based on perceived risk levels (D)

Which analysis leads with a bottom-up approach?

Failure Modes and Effects Analysis (FMEA) (B)

What does risk financing primarily rely on for its management?

Insurance and its professionals (A)

What is meant by 'frequency' in the context of analyzing losses?

The number of losses occurring in a defined period (C)

Which control type actively discourages individuals from violating security policies?

Deterrent Control (B)

What role does an underwriter play in personal umbrella policies?

Checks compliance with underlying coverage requirements (C)

Which of the following is an example of a recovery control?

Backups that restore systems post-failure (C)

What is a key characteristic of an umbrella policy?

It increases liability limits beyond existing policies (C)

What does societal risk estimate?

The likelihood of people being harmed by an industrial incident (A)

What is the primary purpose of physical controls in risk management?

To limit physical access to sensitive facilities (C)

What distinguishes pure risk from speculative risk?

Pure risk results in a loss or no loss, whereas speculative risk can result in profit or loss. (C)

Which of the following describes a corrective control?

Responds to security violations to mitigate impact (D)

What is the primary goal of safety and health programs?

To prevent workplace injuries, illnesses, and financial hardship (C)

What is the purpose of Fault Tree Analysis (FTA)?

To identify possible causes of a failure (A)

In failure analysis, what does common cause failure analysis identify?

Multiple failures resulting from one original cause (C)

What technique refers to the formal analysis of a system to determine hazards?

System hazard analysis (B)

What differentiates inductive analysis from deductive analysis?

Inductive analysis starts from known causes to find effects, while deductive analysis identifies causes from known effects. (B)

What ratio defines the failure rate?

The number of failures to the total number of attempts (A)

What is the primary concern for underwriters in umbrella and excess liability underwriting?

Loss severity (D)

What does facultative reinsurance allow a primary insurer to do?

Choose which loss exposures to submit for reinsurance (C)

How do underwriting guidelines benefit insurers?

They specify which accounts the insurer is willing to insure (B)

What is the purpose of telematics in insurance?

To transmit data and track behaviors through technology (C)

Catastrophe insurance primarily covers which type of events?

Low-probability, high-cost events (C)

What does the term 'retrocession' refer to in the context of reinsurance?

The portion of risk a reinsurer decides not to keep (C)

Which of the following is NOT one of the categories identified by the Human Factors Theory?

Miscommunication (B)

Why are premium audits conducted by insurers?

To verify policyholder operations and determine actual exposure units (A)

What does the term retrocession refer to in risk management?

The portion of risk the company chooses not to retain (C)

Which one of the following is a characteristic of the Fail Safe Passive system?

Equipment stops operating in a zero energy state (B)

What is the primary focus of safety and health programs in the workplace?

Reducing workplace injuries, illnesses, and deaths (C)

Which principle states that work expands to fill the time available for its completion?

Parkinson’s Principle (A)

In risk management, what does the probability measure?

The likelihood of an event occurring (A)

What does vicarious liability mean in a legal context?

Assigning liability to a person not directly responsible for an act (C)

Which risk analysis technique evaluates the impact of control measures added to a simple system?

Naked Man Technique (B)

Which statement best describes 'standard deviation' in statistics?

A measure of dispersion in a data set (A)

What does the Pareto Principle, sometimes referred to as the 80/20 Rule, imply?

80% of results come from 20% of efforts (C)

What is a hazard in the context of workplace safety?

A condition that could potentially cause harm (D)

Which of the following is NOT a control measure for risk management?

Ignoring safety protocols (D)

Which of the following is a recommended practice for risk communication?

Listening to public concerns (D)

What does a T-test compare in statistics?

Population mean to sample mean (B)

Flashcards

Underlying Insurer

The insurer that provides coverage on top of the primary insurance policy, often used for high-value risks.

Loss Analysis

Analyzing the insured's business to identify potential risks and evaluate their past losses.

Loss Severity

The primary concern in umbrella and excess liability underwriting, focusing on the potential magnitude of a loss rather than its likelihood.

Reinsurance

An agreement where an insurer transfers some of its risk to another insurer for a fee.

Facultative Reinsurance

A type of reinsurance where the primary insurer chooses specific risks to transfer to the reinsurer, who can accept or decline them.

Underwriting Guidelines

Written guidelines outlining an insurer's underwriting policies and acceptability criteria.

Hazard

A condition that increases the likelihood or severity of a loss, such as faulty wiring or a hazardous material.

Premium Audit

A comprehensive review of a policyholder's financial records to ensure accuracy and adjust premiums accordingly.

What is a loss run?

This is a report that details the history of claims an insured has made over a specific period.

What is a morale hazard?

This happens when a person or organization becomes careless or indifferent to the risks they're exposed to leading to a more frequent or severe loss.

What is private fire protection?

This refers to measures taken by property owners to protect their own assets from fire damage.

What is a fire division?

This is a section of a structure that is designed to prevent fire from spreading to other areas.

What is public fire protection?

This refers to equipment and services provided by the government to protect properties within a specific area from fire.

What is a rating plan?

This is a set of guidelines used to determine the premium for a specific line of insurance. It takes into account various factors like the exposure base, exposure unit, and the rate per exposure unit.

What is a combined ratio?

This ratio indicates the insurer's profitability from underwriting insurance. If it is below 100, the insurer makes a profit. If it is above 100, the insurer is losing money on underwriting.

What are non-financial measures used for underwriting?

These are measures used to monitor how well the underwriting process is working. They include things like selection criteria, product mix, pricing strategies, retention rates, and customer satisfaction.

Transfer of Risk

A type of risk financing that shifts responsibility for losses from one party to another through a contract, typically involving insurance policies.

Personal Umbrella Policy

A policy providing extra financial protection for significant liability claims exceeding existing coverage limits, potentially covering claims not covered by primary policies.

Underwriting

The process of evaluating risk associated with an insurance application, including assessing underlying coverage requirements and determining policy eligibility.

Physical Controls

Security measures restricting physical access to protected information or facilities, such as locks, fences, and security guards.

Technical Controls

Security measures implemented within the computing environment, such as firewalls, operating systems, and encryption software.

Directive Control

A type of security control that defines acceptable employee behavior, often through policies and guidelines.

Deterrent Control

A control measure that discourages individuals from violating security policies by making it difficult or unpleasant to do so.

Preventative Control

A control measure that prevents security incidents from occurring in the first place.

Societal risk

Estimates the likelihood of people being harmed by an industrial incident.

Individual risk

Probability of a single person experiencing a specific consequence within a year.

MORT (Management Oversight and Risk Tree)

Method for analyzing causes and contributing factors to events, especially accidents.

Fault Tree Analysis (FTA)

Technique to identify potential causes of a system failure.

Cost-Benefit Analysis (CBA)

Analysis to evaluate the cost of reducing risk compared to the potential benefits.

Pure risk

Risk beyond human control, leading to loss or no loss, with no potential profit.

Speculative risk

Voluntary risk-taking with potential for profit or loss.

System hazard analysis

A formal analysis of systems and their connections to identify actual and potential safety hazards.

What is risk?

Risk is defined as the combination of the severity and probability of an event happening. The severity measures the extent of the negative impact the event might have, and the probability refers to the likelihood of that event occurring.

What is residual risk?

Residual risk is the amount of risk that remains after all risk treatment measures have been implemented. This can include risks that were not identified during the initial assessment or risks that were deemed acceptable to retain.

What is Pareto analysis?

Pareto analysis is a method of ranking risks based on their impact or frequency. It helps prioritize risks by focusing on the 'vital few' that contribute to the majority of issues, rather than the 'trivial many'.

What is FMEA?

Failure Modes and Effects Analysis (FMEA) is a systematic process for identifying potential failures in a system or product. It analyzes the potential causes of failure, their effects, and the severity of those effects in order to mitigate risks. It's a bottom-up approach that focuses on individual components.

What is Fault Tree Analysis?

Fault Tree Analysis (FTA) is a deductive method used to analyze how a particular undesirable event (top event) could occur. By tracing back from the undesired event, it identifies the potential contributing events (faults) and their logical relationships that could lead to the event.

What are dynamic risk assessments?

Dynamic risk assessments are informal, on-the-spot assessments conducted by individuals in dynamic environments. They involve evaluating the risks associated with specific tasks or situations and adapting actions to manage them.

What is formal hazard analysis?

Formal hazard analysis is used to identify and evaluate potential hazards within a system. It involves a systematic process of gathering data, analyzing risks, and developing mitigation strategies.

What are the different types of costs?

Cost types can be classified as either tangible or intangible. Tangible costs are readily quantifiable and directly measurable, while intangible costs are less quantifiable and involve indirect impacts, such as reputational damage.

Retrocession

The portion of risk or amount of insurance that a company chooses not to retain.

Indemnification Agreement

A contract that protects one party from liabilities created by the other party in a transaction.

Yates' Human Factors Theory

A human factors theory that categorizes accident causes into overload, inappropriate worker response, and inappropriate activities.

Petersen's Accident/Incident Theory

A theory that suggests accidents are caused by either human error or system failure.

Vicarious Liability

The principle that assigns liability for an injury to a person who has a legal relationship to the negligent party, even if they didn't directly cause the injury.

Peter Principle

A management principle suggesting that people are promoted to their level of incompetence.

Parkinson’s Principle

A management principle stating that work expands to fill the allotted time.

Pareto Principle (80/20 Rule)

A management principle that suggests 20% of employees are responsible for 80% of work and accidents.

Fail Safe Passive

A fail-safe mechanism that stops equipment in a zero-energy state, using devices like circuit breakers and fuses.

Fail Safe Active

A fail-safe mechanism that activates emergency features, like emergency lights.

Fail Safe Operational

A fail-safe mechanism that prioritizes human safety, using features like feed water valves, co-pilots, and autopilots.

Z score

A statistical measure that shows a single score's location within a normal distribution, indicating the percentage of area under the curve.

T-test

A statistical test used to compare a population mean to a sample mean, particularly effective for data sets smaller than 30.

Study Notes

Risk-Based Auditing

• Prioritizes use of limited internal audit resources in areas posing greatest risk to the organization
• Emphasizes auditing to business objectives, focusing on materiality of risk, and identifying threats to business goals.

Risk Management and Organizational Alignment

• Provides insurance and risk management solutions to control or contain losses and satisfy customers.
• Common objectives include balancing risk and reward, supporting decision-making, achieving goals such as tolerable uncertainty, legal and regulatory compliance, survival, business continuity, earnings stability, profitability, growth, and social responsibility

Underwriting

• Helps insurers develop and maintain a profitable book of business by minimizing adverse selection, ensuring adequate policyholder's surplus, and enforcing underwriting guidelines
• Underwriters select insureds, classify accounts, price accounts, recommend coverage, manage a book of business, support producers, insureds and support marketing objectives

Staff Underwriters

• Research the market, formulate underwriting policies, revise underwriting guidelines, evaluate loss experience, develop coverage forms, review rates, arrange reinsurance, assist with complex accounts, and conduct underwriting audits.

Underwriting Policy

• Provides a guide to individual and aggregate policy selection that supports an insurer's mission statement

Essential Knowledge for Underwriters

• Successful underwriters possess knowledge of insurance principles, practices, loss exposures and pricing, insurance rates, loss analysis and internal/external information sources

Rating

• (Information omitted, page contains only rating header)

Rating (Page 2)

• Involves applying an applicable rate and rating plan to an exposure, and performing necessary calculations to determine the policy premium.

Moral Hazard (Page 2)

• A condition increasing the likelihood of intentional loss or exaggeration

Property Application (Page 2)

• Underwriters examine crucial information, including loss history, COPE elements and property values.

Supplemental Information (Page 2)

• Information like risk management programs, financial statements, risk control reports, and property valuation guides further assesses a property account's quality.

COPE and Loss Run (Page 2)

• COPE elements include construction, occupancy, protection, and external exposures, analyzed by commercial property underwriters
• Loss run: a report detailing an insured's claims history over a specific period

Morale Hazard (Page 2)

• A condition of carelessness or indifference increasing the frequency or severity of loss

Fire Protection and Division (Page 2)

• Underwriters analyze loss exposures posed by immediate neighboring properties or the surrounding area.
• A fire division is a section of a structure protected to prevent fire spread to another section.

Public and Private Fire Protection (Page 2)

• Public fire protection: equipment and services available from the government.
• Private fire protection: measures taken by property owners to protect their assets.

Residential and Occupational Loss Exposures (Page 3)

• Underwriters evaluate residential losses considering guest hazards.
• Personal insurance applications contain questions about occupation or employment to determine potential loss frequency and severity.

Rating Plan (Page 3)

• A set of directions specifying criteria for determining premiums for a particular line of insurance, based on exposure base, exposure unit, and rate per exposure unit.

Combined Ratio (Page 3)

• A ratio of less than 100 indicates underwriting profit.
• A ratio of more than 100 indicates underwriting loss.

Nonfinancial Measures (Page 3)

• Used to monitor underwriting results including selection, pricing, product /line of business mix, retention ratio, hit ratio, and customer service.

Retention Ratio (Page 3)

• The percentage of expiring policies an insurer renews.
• Higher retention rates indicate profitability due to existing relationships.

Hit Ratio (Page 3)

• Compares policies written with applications quoted to evaluate underwriter performance in meeting sales goals.

Physical Controls (Page 3)

(Information omitted, page contains only physical controls header)

Technical Controls (Page 4)

• Logical controls in the computing environment, e.g. operating systems, application programs, database frameworks, and firewalls

Directive Control (Page 4)

• Specifies expected employee behavior, often in the form of policies and guidelines, e.g., acceptable use policy.

Deterrent Control (Page 4)

• Discourages individuals from violating policies due to the effort to circumvent them and the associated consequences, e.g., CCTV monitoring

Preventative Control (Page 4)

• Stops a security incident, e.g., background screenings

Compensating Control (Page 4)

• Implemented when the system can't provide all required policy protection; to reduce risk down to an acceptable level, e.g., an agreed exceptional process.

Detective Control (Page 4)

• Alerts security professionals to attempted security violations

Corrective Control (Page 4)

• Responds to security violations to reduce or eliminate impact, e.g., escorting unauthorized persons offsite

Hazard (Page 4)

• A condition or activity with potential harm

Risk (Page 4)

• Probability of injury, loss, or hazard

Incident (Page 4)

(Information omitted, Page contains only incident header)

Risk Response Strategies (Page 5)

• Avoidance, Transfer, Retention, and Reduction

ALARA and ALARP (Page 5)

• As Low As Reasonably Achievable
• As Low As Reasonably Practical

Loss Control Measures (Page 5)

• Examples include Hazcom training, machine guards, and confined space programs

Domino Theory (Page 5)

• All accidents caused by a chain of events, removing any chain prevents accident.

Petersen's Accident/Incident Theory (Page 5)

• Accident/incident causes due to human error and/or system failure.

Risk Analysis vs. Risk Management (Page 5)

• Risk Analysis: estimates risk scientifically
• Risk Management: determines whether risk is acceptable and establishes strategies for reduction.

Hazard Analysis Categories (Page 5)

• Three categories (omitted, page contains header only)

Environmental Issues (Page 6)

• Issues causing stress, hazards and failures.

Primary Methods for Reducing Accidents (Page 6)

• Prevention (loss control)
• Financial (cost reduction)

Objectives of Risk Management (Page 6)

• Reducing anxiety before a loss.
• Meeting corporate responsibility.
• Continued growth after loss.

Poka-Yoke (Page 6)

• Lean manufacturing technique preventing or detecting errors.
• Mistake-proofing methods to ensure fail-safe systems minimizing human error.

Kaizen (Page 6)

• Japanese term for continuous improvement.
• 5-S an effective housekeeping technique: Sort, Straighten, Scrub, Standardize.

Risk Management Techniques (Page 6)

• Risk control: measures preventing or reducing losses
• Risk financing: insurance to help pay for losses.

Risk Management (Page 6)

• Feasibility assessment (omitted, page contains only risk management header)

Financial Considerations (Page 7)

• Forecasted losses, insurance types, deductibles

Non-Financial Considerations (Page 7)

• Business operations, customer and employee safety, and reputation

Risk Management Techniques Techniques (Page 7)

• Risk financing methods implemented by risk management professionals
• Risk control methods implemented by operations managers, requiring communication and training

Insurance (Page 7)

• Rating plan: criteria for exposure base, exposure unit, and rate per exposure unit to determine premiums
• Combined ratio: ratio of less than 100 indicates underwriting profit; ratio more than 100 indicates no underwriting profit
• Non-financial measures to monitor underwriting results: selection, product/line of business mix, pricing, retention ratio, hit ratio, and customer service

Retention Ratio (Page 7)

• Percentage of expiring policies an insurer renews

Underwriting (Page 7)

• Details percentage of renewal policies compared to new business
• Underwriting elements: limits of liability, deductibles, underlying insurance, loss severity

Reinsurance (Page 7)

• Transferring risk to another insurer through contract
• Facultative reinsurance: primary insurer submits loss exposures for individual review and acceptance by reinsurer.

Underwriting Guidelines (Page 7)

• Written manual guiding policy decisions, specifying attributes of insurable accounts.

Qualitative and Quantitative Risk Assessment (Page 7)

• Qualitative uses non-numeric values to estimate risk
• Quantitative uses numerical data from historical events or instances of risk.
• Including methods like Delphi Methods, Facilitated Risk Analysis Process (FRAP), and Operationally Critical Threat, Asset and Vulnerability Evaluation (OCTAVE)

(Remaining notes are too long to extract as bullet points and are best read as a whole, as many depend on preceding ones)

Description

This quiz covers the fundamentals of risk-based auditing, risk management, and underwriting. It emphasizes the importance of prioritizing audit resources based on risk and aligning organizational objectives with risk management strategies. Test your knowledge on key principles and practices that ensure effective risk control and business continuity.