Risk Management Fundamentals

Questions and Answers

Which of the following is not a key step in Risk Assessment?

• Identification of Risks
• Assessing Risk and Control types
• Review of Risks (correct)
• Measurement of Risks

Robert is a project manager for a significantly important project. The project sponsor is highly interested to see the high-level risk register. Which of the following processes should be performed to create a high-level risk register?

• Perform Qualitative Risk Analysis
• Monitor risks
• Plan Risk responses
• Identify Risks (correct)

Which of the following is a true statement?

• The key aspect of any risk assessment is the identification of opportunity risks
• Risk managers have the capacity to eliminate all risks
• The primary aspect of any risk assessment is the identification of relevant risks (correct)
• To avoid issues during the identification of risks, it is useful to include people with an limited knowledge of the program or process that will be analyzed.

Which of the following is not an example of a capacity risk?

Failing to maintain beneficial relationships with customers (B)

The following are internal constraints that should be considered in risk assessment except for

GDP of the Philippines (B)

Which of the following is a false statement?

Measurement of risks should be driven by facts only (A)

Which of the following characterizes expanded impact rating of Negligible- very low?

Insignificant personal support required (C)

It is something that has the potential to cause harm to people, property or the environment

Hazard (C)

Which of the following is considered to be part of the external organization?

All of the above (D)

All are part of the internal organization except:

Competitor (B)

Which of the following statements is true?

No threat is expected for Unlikely-very low expanded likelihood rating (A)

Which of the following statements about Risk Matrix is true?

Risk Matrix reflects the likelihood & potential impact so that the organization can focus to more critical risks (A)

All of the following defines objective based approach of assessing risk except for

Based on actual events (D)

Which of the following resolves bottlenecks?

Streamlining (B)

Which of the following resolves issues related to consignment?

Integrate real-time inventory management software (A)

The best option for risk response in all circumstances is to tolerate risk.

False (B)

Legal and regulatory requirements is one of the considerations in tolerating risk.

True (A)

Organizations always tolerate risks within their risk appetite without exceptions.

False (B)

Normally, risks are accepted or tolerated after the consideration of some of the cost effective controls.

False (B)

Treating the risk is applied mostly in situations of high likelihood and low impact risk.

True (A)

Risk of regulatory non-compliance is one of the risks which is normally tolerated.

False (B)

Risk is normally tolerated if the expected benefit is lower than the estimated cost.

True (A)

Investing your own money is one of the examples of tolerating financial loss.

True (A)

Businesses avail property insurance to transfer financial risks of property damage to the insurance company.

True (A)

Insurance is the main tool for hazard risk transfer and to a greater extent of control risk.

False (B)

Terminating risk is applicable for high likelihood, high-impact risk.

True (A)

The risk response for potential risk of overheating for automobile manufacturing is one of the examples for terminating risk.

True (A)

The risk response to recall a batch of poisoned canned product is one of the examples of transferring risk.

False (B)

When an organization cannot terminate a risk because the activity associated with the risk is fundamental to its operations, alternative measures would be necessary.

True (A)

Substituting the process or activity is one of the approaches in tolerating risks.

False (B)

Flashcards

Identification of Risks

Discovering potential risks that could affect the project.

Measurement of Risks

Analyzing and prioritizing risks based on their potential impact and likelihood.

Assessing Risk and Control types

Assessing risk management strategies and control measures.

Create a high-level risk register

Process to create a summary document of identified risks.

Primary Aspect of Risk Assessment

The core of risk assessment is pinpointing relevant threats.

Capacity risk

An attribute that prevents meeting production demands.

GDP of the Philippines

National economic indicator; does not directly affect risk assessment.

Measurement of risks should be driven by facts only

Driven by facts, not personal feelings or opinions.

Expanded impact rating of Negligible

A very low impact on any area, needing little help.

Hazard

Something with the potential to cause harm.

Regulators

Organizations or individuals who set and enforce regulations.

Competitor

A competitor is not part of the internal organization.

Very likely-high expanded likelihood rating

Sure, unavoidable threat.

Risk Matrix

Graphic that shows risk impacts and likelihood.

Based on actual events

Analyzing risks based on what has happened.

Streamlining

Resolving a bottleneck within a process.

Integrate real-time inventory management software

Controls the flow of goods related to items on consignment.

Normally, risks are accepted or tolerated after the consideration of some of the cost effective controls. False

Sometimes risks are accepted due to cost-effective controls.

False

Is a Risk is normally tolerated if the expected benefit is lower than the estimated cost?

Terminating risk

Stopping a high-impact risk activity.

Study Notes

• The following are study notes on Risk Management

Key Steps in Risk Assessment

• Assessing risk and control types is a key step
• Identification of risks is a key step
• Measurement of risks is a key step
• Reviewing risks is a key step

High-Level Risk Register Creation

• Identifying risks is required to create a high-level risk register
• A project sponsor is typically interested in seeing the high-level risk register
• Robert is a project manager for a significantly important project

Risk Assessment

• The primary aspect involves the identification of relevant risks
• It is not a good idea to include people with an limited knowledge of the program or process that will be analyzed when identifying risks
• The key aspect is not necessarily the identification of opportunity risks
• Risk managers cannot eliminate all risks

Capacity Risk

• Capacity risk refers to the risk that is not failing to maintain beneficial relationships with customers
• It also refers to the risk that is generating excessive amounts of waste
• It also refers to the fact that an organization has an inability to produce as many units as required
• It also refers to the risk of delivering ordered goods or services past the promised date

Internal Constraints in Risk Assessment

• GDP of the Philippines is an external constraint, not an internal one
• Equipment is considered an internal constraint
• Managers are considered an internal constraint
• Regulations are considered an internal constraint

Measurement of Risks Overview

• Measurement should be driven by facts only
• Measurement should be essential right after risk identification
• The measurement process can be either qualitative or quantitative
• Subjective measures are not driven by the participants’ experiences

Expanded Impact Rating (Negligible - Very Low)

• Expanded impact rating (negligible-very low) requires insignificant personal support
• Minor impact on environment with no lasting effects
• Not limited impact on the local environment with short or long term effects
• People are not displaced

Risk Terminology

• A hazard has the potential to cause harm to people, property, or the environment

External Organization

• Politics is external
• Regulators are external
• Social factors are external

Internal Organization

• A competitor is not part of the internal organization
• The board and senior management are part of the internal organization
• Colleagues are part of the internal organization
• Policy is part of the internal organization

Expanded Likelihood Rating

• Unlikely-very low expanded likelihood rating means that no threat is expected
• Very likely-high expanded likelihood rating means that a sure/ unavoidable threat is expected
• Remote- low-somewhat likely expanded likelihood rating means that a highly probable threat is expected
• Certain or imminent-very high expanded likelihood rating means that a probable threat is expected

Risk Matrix

• Risk Matrix is not required for all risk management plans of all organizations
• Risk Matrix is not an ancillary instrument for risk based audits
• Risk Matrix reflects the likelihood & potential impact so that the organization can focus to more critical risks
• Risk Matrix is recommended tool in Risk management

Objective Based Approach of Assessing Risk

• Objective based approach of assessing risk is based on actual events
• Events may have positive or negative impact
• All events affecting the organization’s objectives partially or completely should be considered
• Objective based approach of assessing risk is not based on theoretical scenarios

Resolving Bottlenecks

• Streamlining resolves bottlenecks

Resolving Issues Related to Consignment

• Integrating real-time inventory management software resolves issues related to consignment

Risk Response

• The best option for risk response in all circumstances is not to tolerate risk
• Legal and regulatory requirements is one of the considerations in tolerating risk
• Organizations do not always tolerate risks within their risk appetite without exceptions
• Risks are accepted or tolerated after the consideration of some of the cost effective controls

Risk Treatment

• Treating the risk is applied mostly in situations of high likelihood and low impact risk
• Risk of regulatory non-compliance is one of the risks which is normally not tolerated
• Risk is normally tolerated if the expected benefit is lower than the estimated cost
• Investing your own money is an example of tolerating financial loss
• Businesses avail property insurance to transfer financial risks of property damage to the insurance company

Risk Transference

• Insurance is not the main tool for hazard risk transfer and to a greater extent of control risk
• Terminating risk is applicable for high likelihood, high-impact risk
• The risk response for potential risk of overheating for automobile manufacturing is an example of terminating risk
• The risk response to recall a batch of poisoned canned product is not an example of transferring risk
• When an organization cannot terminate a risk because the activity associated with the risk is fundamental to its operations, alternative measures would be necessary
• Substituting the process or activity is not one of the approaches in tolerating risks