ARM 401 EXAM STUDY GUIDE
Holistic approach to managing risk - Answers --broader in scope, managing all areas of
the business, not just hazard risks
-encompasses the analysis and predictability of business processes and organizational
decisions
-mandates the collaboration of internal and external stakeholders to identify, assess,
and treat risks
-involves looking at what might be gained from decisions or actions
-can uncover inconsistencies in how a company managers loss retention
-can help orgs better absorb losses
Strategic risk - Answers --uncertainties associated with the organization's long-term
goals and management decisions
-may carry a greater risk dynamic, positive or negative, that the other categories
Operational risk - Answers -uncertainties associated with the organization's
procedures, systems, and policies
Financial risk - Answers -uncertainties associated with the organization's financial
activities
Today's conception of risk - Answers -incorporates the idea that taking risks is
fundamentally necessary for growth
Predictive modeling - Answers -can empower decision making by uncovering
previously imperceptible risk factors
Internet of Things - Answers -network of devices that sense their environment, process
data, and share it instantly
Cloud computing - Answers -enables orgs to store and share data through wireless
internet and networking services
Blockchain technology - Answers --facilitates secure transactions without the need for a
third party
-protects against cyber threats
-eliminates the need to verify the accuracy of risk management data
-lets risk managers spend more time on forward-looking functions
What fuels the future of holistic risk management? - Answers -the capture, storage, and
analysis of data
Covariance - Answers --the measure of how two random risk variables will change in
relation to each other
,-calculates correlation between the variables
Variance - Answers --the spread of the data set, or how far apart the numbers are in
relation to the mean
Team approaches to risk identification - Answers -1. Facilitated workshops
2. Delphi technique
3. Scenario analysis
4. HAZOP
5. SWOT
Why is it important to take a team-oriented approach to identifying risks? - Answers --
provide diverse perspectives on risks
-can reveal how risks are connected across an org, reducing the likelihood for risks to
be overlooked
Facilitated workshops - Answers --a neutral party, who has no stake in the outcome,
administers the risk workshop and propels the group to achieve its goal
-wise to include people from diverse groups
-can be used for a specific project or process, as well as to identify those risks that
affect overall org objectives
-if using to identify all org risks: facilitator must be skilled in risk ID and management as
well as group communication and be prepared for a long-term project
Delphi technique - Answers --uses the opinions of a select group of experts to identify
risks
-typically they don't meet but respond to a survey or inquiry instead
-question-and-response cycle: answer question anonymously, see results, answer
same question until reach consensus
-benefits: cost-effective, eliminates group bias and encourages honesty by anonymity
-disadvantages: experts' opinions may be limited to their current thinking on a subject
Scenario analysis - Answers --identifies risks and predicts the potential consequences
of those specific risks
-can help identify a range of potential consequences and prioritize risks
-benefit is it brings all the concerns of different parts of the org together so they can be
addressed as a whole
-should assemble an internal cross-functional team to get a multidimensional view
-disadvantage: may be limited by the imagination and brainstorming capabilities of the
team selected
HAZOP - Answers --a comprehensive review of a process or system
-a team of subject matter experts and stakeholders identifies the risks associated with a
given process and recommends a solution
-primarily used to design complex, scientific systems
-used when virtually all risks must be eliminated
,Steps in HAZOP process - Answers -1. Subdivides the project or system design into
small components
2. Reviews each component to identify risks
3. Identifies the cause and potential outcomes for each risk
4. Develops a solution for each risk
5. Ensures that solutions work and reevaluates as necessary
SWOT Analysis - Answers --team approach that's useful in analyzing a new project or
product
-strengths and weaknesses are internal environmental factors
-opportunities and threats are external environmental factors
-a goal is necessary to keep the SOT analysis from becoming too general or failing to
provide actionable info
-concludes with a "go" or "no go" recommendation
Assessing risks of an organization - Answers --unique qualities of org
-industry it's in
-internal/external factors
-upstream and downstream external factors (upstream: suppliers and manufacturers;
downstream: distribution channels and consumer demands)
Traditional risk assessment tools and techniques - Answers -1. Risk thresholds
2. Checklists
3. Workshops
4. Risk registers and risk maps
5. Process flow analysis
6. Audits
7. Cause and effect analysis
8. Fault tree analysis
9. Failure mode and effects analysis
Risk thresholds - Answers --when an org must decide what it's willing to sacrifice or
accept in exchange for achieving its goals
Checklists - Answers --easy to use and communicate known risks to employees with
little efforts
-don't help identify unknown risks
Workshops - Answers --allows attendees to brainstorm and assess risks in an open,
collaborative forum
-gives more perspectives
-downside is the potential for senior management to influence the flow of ideas from
stakeholders; some people conform
Risk registers and risk maps - Answers --used to sort and rank a large number of risks
, -risk register: a ledger of identified risks that're recorded in a table in a document; data
in this is specific to the org
-risk map: a graphic diagram showing the components of a the register; identify,
prioritize, and quantify risks in a two dimensional pictorial that illustrates frequency and
severity on vertical and horizontal axes
Process flow analysis - Answers --dissects processes within the org from input to
output for the purpose of improving them
Audits - Answers --can identify both negative risks and opportunity risks
Cause and effect analysis - Answers --looks backward through a defective process and
identifies the possible reasons, direct and contributory, that caused a negative event or
problem
-impossible to solve or prevent a problem without finding the root cause
-combines brainstorming, communications, and mapping to find the caused of a
problem and the solution
Fault tree analysis - Answers --a process that originates with an assumption about what
caused an event or failure
-work downward from assumption then used a diagram to connector the factors that
caused the failure and determine how to devise methods to prevent similar failures in
the future
Failure Model and Effects Analysis (FMEA) - Answers --uses a team of individuals to
examine a process and identify potential failures at each step in the process, as well as
the consequences of each failure
Emerging risk assessment tolls and techniques - Answers --emerging tech and smart
devices provide real-time data
-radio frequency identification, seniors, AI, computer vision
-don't replace traditional methods but do overcome some of the shortcomings of the
tradition methods
Risk registers - Answers --a tool developed at the risk owner level that links specific
activities, processes, projects, or plans to a list of identified risks and results or risk
analysis and evaluation and that is ultimately consolidated at the enterprise level
-use when you are dealing with a lot of risks
-identify, describe, and prioritize risks
-an effective register describes each risk, determines each risk's likelihood and potential
consequences, offers controls that could mitigate the negative effects of each risk, and
identifies the party responsible for executing those controls
-can be used for one scenario or all of an org's risks
-organizational risk registers can organize risks by scenario, risk quadrant, or affected
business unit or risk owner
Holistic approach to managing risk - Answers --broader in scope, managing all areas of
the business, not just hazard risks
-encompasses the analysis and predictability of business processes and organizational
decisions
-mandates the collaboration of internal and external stakeholders to identify, assess,
and treat risks
-involves looking at what might be gained from decisions or actions
-can uncover inconsistencies in how a company managers loss retention
-can help orgs better absorb losses
Strategic risk - Answers --uncertainties associated with the organization's long-term
goals and management decisions
-may carry a greater risk dynamic, positive or negative, that the other categories
Operational risk - Answers -uncertainties associated with the organization's
procedures, systems, and policies
Financial risk - Answers -uncertainties associated with the organization's financial
activities
Today's conception of risk - Answers -incorporates the idea that taking risks is
fundamentally necessary for growth
Predictive modeling - Answers -can empower decision making by uncovering
previously imperceptible risk factors
Internet of Things - Answers -network of devices that sense their environment, process
data, and share it instantly
Cloud computing - Answers -enables orgs to store and share data through wireless
internet and networking services
Blockchain technology - Answers --facilitates secure transactions without the need for a
third party
-protects against cyber threats
-eliminates the need to verify the accuracy of risk management data
-lets risk managers spend more time on forward-looking functions
What fuels the future of holistic risk management? - Answers -the capture, storage, and
analysis of data
Covariance - Answers --the measure of how two random risk variables will change in
relation to each other
,-calculates correlation between the variables
Variance - Answers --the spread of the data set, or how far apart the numbers are in
relation to the mean
Team approaches to risk identification - Answers -1. Facilitated workshops
2. Delphi technique
3. Scenario analysis
4. HAZOP
5. SWOT
Why is it important to take a team-oriented approach to identifying risks? - Answers --
provide diverse perspectives on risks
-can reveal how risks are connected across an org, reducing the likelihood for risks to
be overlooked
Facilitated workshops - Answers --a neutral party, who has no stake in the outcome,
administers the risk workshop and propels the group to achieve its goal
-wise to include people from diverse groups
-can be used for a specific project or process, as well as to identify those risks that
affect overall org objectives
-if using to identify all org risks: facilitator must be skilled in risk ID and management as
well as group communication and be prepared for a long-term project
Delphi technique - Answers --uses the opinions of a select group of experts to identify
risks
-typically they don't meet but respond to a survey or inquiry instead
-question-and-response cycle: answer question anonymously, see results, answer
same question until reach consensus
-benefits: cost-effective, eliminates group bias and encourages honesty by anonymity
-disadvantages: experts' opinions may be limited to their current thinking on a subject
Scenario analysis - Answers --identifies risks and predicts the potential consequences
of those specific risks
-can help identify a range of potential consequences and prioritize risks
-benefit is it brings all the concerns of different parts of the org together so they can be
addressed as a whole
-should assemble an internal cross-functional team to get a multidimensional view
-disadvantage: may be limited by the imagination and brainstorming capabilities of the
team selected
HAZOP - Answers --a comprehensive review of a process or system
-a team of subject matter experts and stakeholders identifies the risks associated with a
given process and recommends a solution
-primarily used to design complex, scientific systems
-used when virtually all risks must be eliminated
,Steps in HAZOP process - Answers -1. Subdivides the project or system design into
small components
2. Reviews each component to identify risks
3. Identifies the cause and potential outcomes for each risk
4. Develops a solution for each risk
5. Ensures that solutions work and reevaluates as necessary
SWOT Analysis - Answers --team approach that's useful in analyzing a new project or
product
-strengths and weaknesses are internal environmental factors
-opportunities and threats are external environmental factors
-a goal is necessary to keep the SOT analysis from becoming too general or failing to
provide actionable info
-concludes with a "go" or "no go" recommendation
Assessing risks of an organization - Answers --unique qualities of org
-industry it's in
-internal/external factors
-upstream and downstream external factors (upstream: suppliers and manufacturers;
downstream: distribution channels and consumer demands)
Traditional risk assessment tools and techniques - Answers -1. Risk thresholds
2. Checklists
3. Workshops
4. Risk registers and risk maps
5. Process flow analysis
6. Audits
7. Cause and effect analysis
8. Fault tree analysis
9. Failure mode and effects analysis
Risk thresholds - Answers --when an org must decide what it's willing to sacrifice or
accept in exchange for achieving its goals
Checklists - Answers --easy to use and communicate known risks to employees with
little efforts
-don't help identify unknown risks
Workshops - Answers --allows attendees to brainstorm and assess risks in an open,
collaborative forum
-gives more perspectives
-downside is the potential for senior management to influence the flow of ideas from
stakeholders; some people conform
Risk registers and risk maps - Answers --used to sort and rank a large number of risks
, -risk register: a ledger of identified risks that're recorded in a table in a document; data
in this is specific to the org
-risk map: a graphic diagram showing the components of a the register; identify,
prioritize, and quantify risks in a two dimensional pictorial that illustrates frequency and
severity on vertical and horizontal axes
Process flow analysis - Answers --dissects processes within the org from input to
output for the purpose of improving them
Audits - Answers --can identify both negative risks and opportunity risks
Cause and effect analysis - Answers --looks backward through a defective process and
identifies the possible reasons, direct and contributory, that caused a negative event or
problem
-impossible to solve or prevent a problem without finding the root cause
-combines brainstorming, communications, and mapping to find the caused of a
problem and the solution
Fault tree analysis - Answers --a process that originates with an assumption about what
caused an event or failure
-work downward from assumption then used a diagram to connector the factors that
caused the failure and determine how to devise methods to prevent similar failures in
the future
Failure Model and Effects Analysis (FMEA) - Answers --uses a team of individuals to
examine a process and identify potential failures at each step in the process, as well as
the consequences of each failure
Emerging risk assessment tolls and techniques - Answers --emerging tech and smart
devices provide real-time data
-radio frequency identification, seniors, AI, computer vision
-don't replace traditional methods but do overcome some of the shortcomings of the
tradition methods
Risk registers - Answers --a tool developed at the risk owner level that links specific
activities, processes, projects, or plans to a list of identified risks and results or risk
analysis and evaluation and that is ultimately consolidated at the enterprise level
-use when you are dealing with a lot of risks
-identify, describe, and prioritize risks
-an effective register describes each risk, determines each risk's likelihood and potential
consequences, offers controls that could mitigate the negative effects of each risk, and
identifies the party responsible for executing those controls
-can be used for one scenario or all of an org's risks
-organizational risk registers can organize risks by scenario, risk quadrant, or affected
business unit or risk owner
