Risk Management and Auditing Overview

Questions and Answers

What statistical method is used to compare a population mean to a sample mean for data sets with fewer than 30 items?

T-test (correct)

Z-test

Chi Square

ANOVA

Which of the following describes the concept of Poka Yoke?

A technique for resource allocation

A method for risk assessment

A method for mistake-proofing (correct)

A financial assessment strategy

What is the primary purpose of Safety Programs in businesses?

Limit employee engagement

Increase material costs

Enhance employee turnover

Improve compliance and reduce costs (correct)

In NIOSH's three-step process for risk assessment, which of the following is the first step?

Identify hazard

Which of the following statements reflects one of the Seven Cardinal Rules of Risk Communication?

Plan carefully and evaluate efforts

What does vicarious liability refer to?

Liability associated with a legal relationship to the injurer

Which element is NOT part of the Hierarchy of Controls?

Forecasting

What is the primary concern in umbrella and excess liability underwriting?

Loss severity

What does facultative reinsurance allow the primary insurer to do?

Select which losses to submit for reinsurance

What is NOT a purpose of premium audits?

To help determine future claims settlements

How does predictive modeling assist underwriters?

By blending historical data with various variables to forecast outcomes

What defines a hazard in risk management?

A factor that increases the frequency or severity of a loss

What does ALARA stand for?

As Low As Reasonably Achievable

Which strategy involves transferring financial responsibility for losses?

Transfer

What is the primary purpose of Job Safety Analysis (JSA)?

To measure inherent risk in work processes

What does the Domino Theory state about accidents?

They are caused by a chain of events

What is a key technique for identifying risks within an organization?

Team approaches

Which option is NOT one of the four primary risk response strategies?

Reinvestment

Which of the following is NOT a method used in risk analysis?

Marketing research

What does risk retention involve?

Planning to generate funds to pay for losses

Which risk control technique aims to lessen the frequency or severity of loss?

Loss prevention techniques

What does severity in risk management refer to?

The amount of a loss typically measured in dollars

Which of the following is NOT considered a personal and advertising injury?

Property damage

What does medical payments coverage provide?

Medical expenses for injuries on the insured's property

What is pure risk characterized by?

Chance of loss without any opportunity for gain

Which ethical principle stresses the importance of presenting information accurately?

Fair presentation

What is the first step in the Behavior-Based Safety process?

Form assessment team(s)

Which of the following is part of the calculation for Compensation cost?

Gross / Profit margin %

Which term refers to the risk that remains after risk treatment?

Residual risk

An experience modification rate below which value is considered very good?

1

What does a Pareto analysis chart help an organization to do?

Rank items by severity or frequency

Which of the following is NOT one of the five conditions that increase the likelihood of success in safety?

Strong Financial Performance

What is a life care plan intended to identify?

A person's medical condition and ongoing care requirements

Which of the following is a key component of risk management?

Decreasing frequency or severity of losses

What type of insurance covers incidents that occur during the policy period?

Occurrence insurance

In risk management, what does retained risk refer to?

Risk that is accepted by the organization

Which of the following is a resource for extracting critical behaviors?

Accident / Incident Reports

In terms of consequences, which factor is NOT emphasized for impacting employee behavior?

Uncertain

What is one of the seven principles for auditing according to ISO 19011?

Independence

What is the formula for calculating the loss ratio?

Losses / (E modifier X Manual premium)

According to modern management theory, how should consequences be recognized?

Positive or negative

Study Notes

Risk-Based Auditing

• Risk-based auditing prioritizes using an organization's internal audit resources in areas posing the greatest risk.
• It emphasizes auditing to business objectives, focusing on material risk, and identifying threats to business goals.

Risk Management and Organizational Alignment

• Risk management involves providing insurance and risk management solutions to control or contain losses and satisfy customers.
• Common objectives include balancing risk and reward, supporting decision-making, and achieving goals such as tolerable uncertainty, legal and regulatory compliance, social responsibility, survival, business continuity, earnings stability, profitability, and growth.

Underwriting

• Underwriting helps insurers develop and maintain a profitable book of business.
• It minimizes adverse selection, ensures adequate policyholder's surplus, and enforces underwriting guidelines.
• Underwriters select insureds, classify and price accounts, recommend or provide coverage, manage a book of business, support producers and insureds, and support the achievement of the insurer's marketing objectives.

Staff Underwriters

• Staff underwriters research the market, formulate underwriting policies, revise underwriting guidelines, evaluate loss experience, develop coverage forms, review rates, arrange reinsurance, assist with complex accounts, and conduct underwriting audits.

Underwriting Policy

• Underwriting policy guides individual and aggregate policy selection, supporting an insurer's mission statement.

Essential Knowledge for Underwriters

• Successful underwriters possess knowledge of insurance principles, practices, loss exposures, pricing, insurance rates, loss analysis, and internal/external information sources.

Rating

• Rating involves applying an appropriate rate and rating plan based on exposure to determine the policy premium.

Moral Hazard

• Moral hazard increases the likelihood of intentional loss or exaggeration.

Property Application

• Underwriters review loss history, COPE elements, and property values in property applications.

Supplemental Information

• Supplemental information (risk management programs, financial statements, risk control reports, and property valuation guides) helps assess a property account's quality.

COPE and Loss Run

• COPE elements include construction, occupancy, protection, and external exposures, analyzed by commercial property underwriters.
• A loss run details an insured's claims history over a specific period.

Morale Hazard

• Morale hazard increases loss frequency or severity due to carelessness or indifference.

Fire Protection and Division

• Underwriters analyze loss exposures of neighboring properties and the surrounding area.
• A fire division is a well-protected section of a structure that prevents fire spread.

Public and Private Fire Protection

• Public fire protection refers to governmental services in a defined area.
• Private fire protection refers to measures property owners take to protect their assets from fire loss.

Residential and Occupational Loss Exposures

• Underwriters consider hazards increasing liability losses from invited guests in residential exposures.
• Personal insurance applications inquire about occupation/employment for frequency/severity analysis.

Rating Plan

• A set of directions specifying criteria for exposure base, exposure unit, and rate per exposure unit determines premiums.

Combined Ratio

• A combined ratio of less than 100 signifies underwriting profit.
• A combined ratio exceeding 100 indicates an underwriting loss.

Nonfinancial Measures

• Key factors for evaluating underwriting results include selection, pricing, product mix, retention ratio, hit ratio, and customer service.

Retention Ratio

• Percentage of expiring policies an insurer renews.
• Renewals indicate profitable customer relationships.

Hit Ratio

• Measures how effectively underwriters meet sales goals.

Physical Controls

• Include locks, doors, fences and barriers used to limit access to protected resources.

Technical Controls

• Also called logical controls, technical controls are implemented in computing environments. Examples include operating systems, application programs, database frameworks, and firewalls.

Directive Control

• Specifies employee behavior through policies and guidelines. Examples include acceptable use policies.

Deterrent Control

• Practices that discourage security policy violations. Examples include CCTV monitoring.

Preventative Control

• Security measures that stop a security incident. Examples include background screenings.

Compensating Control

• Methods used when a system cannot provide protection required by the policy; examples include acceptable agreed exceptional processes.

Detective Control

• Alerting security professionals to attempted security violations.

Corrective Control

• Responding to a security violation to minimize negative impact, such as escorting unauthorized persons off site.

Hazard

• A condition or activity with potential harm.

Risk

• Probability of injury, loss, or hazard occurrence.

Incident

• An event where a work-related injury, illness, or fatality occurred or could have occurred.

Risk Response Strategies

• Strategies include avoidance, transfer, retention, and reduction.

Risk Assessment

• The overall process of risk identification, risk analysis, and evaluation of risk.

ALARA & ALARP

• ALARA: As Low As Reasonably Achievable.
• ALARP: As Low As Reasonably Practical.

Loss Control Measures

• Examples include Hazcom training, machine guards, and confined space programs.

Domino Theory

• All accidents are caused by a chain of events, and removing any part of the chain can prevent accidents.

Petersen's Accident/Incident Theory

• Causes of accidents/incidents are human error, system failure.

Risk Analysis vs. Risk Management

• Risk analysis estimates risk.
• Risk management determines risk acceptability and methods for risk reduction to an acceptable level.

Hazard Analysis Categories

• Three categories for analyzing hazards.

Environmental Issues

• Environmental factors that cause stress, hazards, and material failures.

Primary Methods for Reducing Accidents

• Prevention (loss control)
• Financial cost reduction

Objectives of Risk Management

• Objectives for businesses include anxiety reduction, corporate citizenship, and continued growth after loss.

Poka-Yoke

• A lean manufacturing technique that eliminates human error.
• Lean process for preventing or detecting process errors/mistakes.

Kaizen

• Continuous improvement in a process or system, often in a Japanese context.

Five-S Methodology

• An effective housekeeping technique involving sorting, straightening, scrubbing, systematizing, and standardizing.

Risk Management Techniques

• Risk control, preventing losses
• Risk financing, paying for losses (e.g., insurance)

Risk Management

• Exploring financial and non-financial considerations for risk management techniques.

Financial Considerations

• Factors including estimated losses, insurance types, and deductibles.

Non-Financial Considerations

• Business operations, customer and employee safety, and reputation.

Risk Management Techniques

• Using risk financing and risk control techniques.

Risk Financing Techniques

• Planning to pay for losses (e.g. retaining or transferring risk).

Risk Control Techniques

• Methods to reduce risk frequency or severity (avoiding, modifying, or preventing losses).

Implementing Risk Management Techniques

• Using professional risk managers for financing and risk control techniques.

Risk Communication

• The Seven Cardinal Rules of Risk Communication: accepting and involving the public, planning, listening to concerns, being honest and frank, working with credible sources, meeting the needs of the media, speaking clearly and compassionately.

Insurance Rating Plan

• A set of directions for determining premiums based on exposure base, exposure unit, and rate per exposure unit.

Combined Ratio

• A ratio showing if the insurance company is making or losing money on insurance premiums. Underwriting profit or loss.

Non-Financial Measures

• Measures for monitoring underwriting results (selection of insureds, pricing of accounts, product mix, retention ratio, hit ratio, customer service).

Retention Ratio

• A percentage of expired policies that are renewed by an insurer.

Hit Ratio

• A measure of how well underwriters are meeting sales goals by comparing the number of written policies to the number of quoted applications.

Risk Assessment Formulas

• Annual Rate of Occurrence (ARO): estimates the number of times an event might occur annually.
• Exposure Factor (EF): assesses the potential percentage loss to an asset if a threat is realized.
• Single Loss Expectancy (SLE): calculates the impact of an event by multiplying the exposure factor by asset value.
• EPA Human Health Risk Assessment: hazards, dose effects, exposure and risk characterization in a four-step process.

Underwriting Elements

• Higher limits of liability and deductibles for certain loss exposures.
• Use of underlying insurers for umbrella/excess coverage.

Loss Analysis

• Understanding insured operations to identify loss exposures and determine if loss experience is suitable.

Reinsurance

• Insurer transfers risk to another insurer through a contractual agreement.

Facultative Reinsurance

• Primary insurer chooses loss exposures to submit to the reinsurer, who accepts or rejects those losses.

Qualitative Assessment

• Categorical values for risk estimation.

Quantitative Assessment

• Numerical values for risk estimation, using historical incident occurrences and likelihood of reoccurrence.

Risk Evaluation

• Overall process of risk identification, risk analysis, and risk evaluation in order to determine the probability of a loss occurring.

Risk Response

• Methods to reduce risk frequency or severity (avoidance, transfer, retention, reduction).

Hazard and Risk Management

• Conditions that increase loss frequency/severity are hazards.

Predictive Modeling

• Blending historical data on events and behaviors to estimate future losses from catastrophic events; use in insurance.

Catastrophic Events

• Catastrophic events are low-probability high-cost events for which insurance is typically provided.

Reinsurance

• Insurance between a primary and secondary insurer, where the secondary partially covers losses for the primary insurer.

Retrocessions

• Part of risk/amount of insurance the primary insurer chooses not to retain.

Human Factors Theory

• Three broad categories: overload, inappropriate worker response, inappropriate activities.
• Theory by David Yates categorizing accident causes.

Incident Investigations

• Front-line supervisor is responsible for conducting investigations of incidents.

Accidental/Incident Theory

• Causes identified as human error or system failure via Petersen's theory.

Vicarious Liability

• Liability assigned to a person not causing the injury but with a particular legal relationship to the negligent party.

Risk Communication

• Seven cardinal rules: accept/involve public, plan carefully/evaluate efforts, listen to public concerns, be honest, work with credible sources, meet media needs, clearly communicate and compassionately.

Risk Calculation

• Compensation cost calculation (Gross profit margin%).
• Loss ratio calculation (Losses/ (E modifier X Manual premium)).
• CBA ratio calculation (Benefits/Cost)

Experience Modification Rate

• Rate indicating historical loss experience compared to standard.

Behavior-Based Safety Process

• Steps involved in the behavior-based safety process include forming assessment teams, identifying behavioral elements in past accidents, developing definitions, compiling data sheets, determining observation limits, training observers, collecting data, forming barrier removal teams, and finalizing the barrier removal process.

Conditions for Success

• Factors that improve likelihood of success

Resources for Extracting Critical Behaviors

• Examples of available resources for extracting critical behaviors in the workplace.

Consequences

• Impact of consequences on employee behavior, with consequences being positive, soon, or certain.

Modern Management Theory

• Consequences recognized as positive or negative, immediate or future, certain or uncertain.

ISO 19011

• Seven principles for auditing (integrity, fair presentation, confidentiality, due professional care, independence, evidence-based approach, risk-based approach).

Insurance

• Event coverage for occurrence period, or based on claim awareness date (Claims-Made).
• Risk coverage for low-probability, high-cost events.

Miscellaneous

• Key standards and associations (ASTM, ANSI, NFPA, IARC).
• Indemnification agreements (contracts).
• Risk management and controls.

Types of Controls

• Educational, physical, and avoidance controls.

Management Principles

• Peter Principle (promotion to incompetence), Parkinson's Principle (work expands to the allotted time), Pareto Principle (80/20 rule).

System Safety

• Passive, active, or operational failures (and concepts of safe operation).

Statistics

• Z-score, T-test, Chi-square. Standard deviation (1, 2, and 3 SD measures).

Poka-Yoke and Process Safety Management

• Mistake-proofing and inadvertent error prevention via process design.

Criteria for Controls

• Support, standards, training, leadership, and individual components of effective controls.

Criteria for Safety Programs

• Aspects of effective safety programs and controls.

Risk Assessment

• Step-by-step process for evaluating risk (identify hazard, define affected parties, assess potential effects, record results, and review).

Risk Assessment Applications

• Generic, specific, and dynamic risk assessment types.

Other Concepts

• Descriptive epidemiology, American Standards for Testing and Materials (ASTM), National Fire Protection Association (NFPA), and risk analysis.

Risk Communication

• Seven Cardinal Rules of Communication.

Risk & Health Programs

• Objectives, benefits, and applications or safety and health programs.

Risk Analysis Techniques

• Chi-square, event tree, and other methods of conducting risk analysis.

Description

This quiz explores the principles of risk-based auditing and its alignment with organizational goals. It highlights the significance of risk management in decision-making and underwriting practices that ensure business profitability and sustainability. Test your knowledge on these critical topics in risk management.