RIMS - CRMP Complete Study Guide; 1 Analyze the Business Model, 2 Developing Organizational Risk Strategies, 3 RIMS CRMP-Implementing the Risk Process, 4 Developing Organizational Risk Management Competency, 5 Supporting Decision Making

Risks The effect of uncertainty on objectives The chance of something happening that will have an impact on objectives Being prepared for the worst and being poised to exploit opportunities as they are discovered Enterprise Risk Management A strategic business discipline that supports the achievement of an organization's objectives by addressing the full spectrum of its risks and managing the combined impact of those risks as an interrelated risk portfolio. Support Function: Business continuity and crisis management Risk identification, assessment and creation of emergency response and recovery plans related to threats or hazards that might lead to operational disruptions Analysis A systematic examination and evaluation of data or information by breaking it into its component parts to uncover their relationships. An examination of data and facts to uncover and understand cause-effect relationships, thus providing basis for problem solving and decision making. To embed risk management in both routine and strategic decision, what should managers be able to recognize? The type of decision being made; Who should be included in the decision making process; Where in the process decisions are being made Risk management strategies' general focus Meeting or exceeding an organization's objectives Adhering to control-based objectives, rules and/or controls Complying with regulatory requirements Support Function: Internal Audit Risk identification, assessment and treatment through audit plans with focus on fraud, corruption, regulatory noncompliance and/or misrepresentation related to the organization's internal control systems, financial operations, financial statements and reporting as well as enterprise risk and the organization's risk management framework and process. What steps can the risk management professional take to embed risk management in decision making? Include risk assessment in planning process; Leverage cross-functional risk assessment team and subject matter experts to identify enterprise risks; Consider cascading and cumulative effects Gap Analysis Technique that can be used to determine what steps might need to be taken to improve the organization's capacity to move from a current state to a desired future state. Risk appetite The total exposed amount that an organization wishes to undertake on the basis of risk-return trade-offs for one or more desire and expected outcomes. Communication and Consultation Risk management professional's role in Implementing Risk Strategies Support Function: Legal Risk identification, assessment and treatment of risks related to the obligation an organization undertakes and transfers through contracting, as well as its compliance with applicable laws and regulatory obligations. What are the typical failures in risk management which can be avoided if it is embedded in the decision making process? Program not integrated into strategy or its execution; Focused on the wrong risks; Not executed in a repeatable process; Risk management is practiced in a silo; Activity not viewed as being value added Strategic Plan Determines that actions the organization will take at any stage of the planning period as circumstances change. Risk owner The individual who is ultimately accountable for ensuring that risk is managed appropriately, including the implementation of selected responses. Risk Identification Process Finding, Recognizing and Recording Risks Support Function: Compliance Risk identification, assessment and treatment of risk related to regulations that may affect the organization's ability to operate in its respective jurisdictions, as well as activities that fall within its compliance and ethics programs. To successfully integrate risk management into decision making, risk management professionals will rely on strategies that draw on personal and technical skills in Building organizational awareness; . Differentiating the different types of decisions used in varying situations using elements of decision quality; Performing various roles in the taking risk into account in decision-making process Strategy A complete plan of action for whatever situations might arise in achieving an organization's goals within the established time. Risk tolerance The amount of uncertainty an organization is prepared to accept in total or more narrowly within a certain business unit, a particular risk category or for a specific initiative. Strategic Risk Management A business discipline that drives deliberation and action regarding uncertainties and untapped opportunities that affect an organization's strategy and strategic execution. Value Chain The series of functions, processes, materials and activities (inputs) from concept to the eventual end user that creates and builds value at every step in order to deliver a product or service. To build organizational awareness, the risk management professional needs to do the following: Be a persuasive communicator and facilitator; Have a clear communication plan; Engage interested parties, including primary and secondary audiences; Demonstrate that risk management creates the most value ; Develop feedback loops for continuous learning Risk Analysis The process of characterizing and understanding the nature of risk and of considering the level of risk in the context of the organization's willingness to accept risk. Support Function: Safety Risk identification, assessment and treatment of risks focused on preserving the physical well-being of employees and third parties. Likelihood, Consequences, other criteria such as timing, duration, vulnerability and interdependencies Risk is typically analyzed on the basis of Support Function: Information Security Risk Identification, assessment and treatment of risk arising our of or affecting information and technology infrastructure. To build organizational awareness, risk management creates the most value when Risk management Aligns with strategic goals; Takes corporate culture into account; Involves key enterprise functions Financial Statements Internal source of information that includes financial analytics or projections strategic planning team The risk manager should be a part of the _______________________ to provide the structure discipline for consideration of risks in a strategic portfolio. Internal Audit Reports Internal source of information that focuses on business practices important to the goals and reflection of regulatory environment of the organization risk management __________________ should be an agenda item at every strategy session. Support Function: Facilities Risk identification, assessment and treatment of the organization's properties, equipment and physical infrastructure systems. Simple and frequent A type of decision that are automatic, taken in the moment. These decisions generally rely on the knowledge and capability of the decision maker using the back-of-the-napkin technique. Bow tie analysis hazard analysis technique (cause and consequence) Business impact analysis consider business impacts at a location or from a specific process Support Functions: Quality Risk identification, assessment and treatment of risks related to products and services. Significant importance or complex A type of decision that require more deliberate effort. These decisions generally have some period of planning and a longer decision timeline. Organizational Structure Internal source of information that reports from different departments (HR, Legal, risk, operations, HS, environment, etc.) Review the existing strategic plan The first step for the risk manager is to __________________________ to identify and understand the organization's goals. key performance indicators Each high-level strategy objective should be broken down into more tactical, operational _____________________ for analysis. External Organization Information External source of information that includes external audit reports, competitive analysis, rating agency, consumer reports, legal matters, media coverage Strategic importance and complex A type of decision that call for formal planning process over a longer timeline in which multiple risk management techniques can be applied. Decision quality elements should be embedded in the process. Due to the importance of the decision, biases should be formally considered by the entire planning team. Support Function: Project Management Assess and identify project risks, mitigate threats and capitalize on opportunities that my affect the success of a specific project. Gap analysis determine steps to improve the organization's capacity to move from a current state to a desired, future state. (current available factors, success factors needed to achieve future desired objectives, highlighting the gaps) How to obtain the real story aside from reading information? Talk to those inside the organization; Talk with external stakeholders ; Do site visits assumptions The risk manager can then identify ________________ made by management when developing these goals. Root Cause Analysis multiple techniques designed to identify the underlying or initiating risk sources or drivers. (fault tree analysis, event tree analysis, failure mode and effect analysis and cause-and-effect analysis - fish bone diagram) Element of decision quality: Frame the issue; identify the need Is solving this problem or realizing this opportunity worthwhile? What are the intended outcomes? Risk Culture The norms and traditions of behavior of individuals and of groups within an organization that determine the way in which they identify, understand, idsuss and act on the risk organization confronts and takes. Influence analysis/diagrams identify the strength of influencing factors and help determine potential weighting for consideration during the risk assessment process. Define root causes for major risks, define the chain of events likely in a scenario and become the foundation for further modeling. Training needs assessment: Why conduct the training? to tie the performance deficiency to a working need and be sure the benefits of conducting the traiing are greater than the problems being cuased by the performance deficiency. Conduct two types of analysis to answer this question: 1) needs versus wants analysis and 2) feasibility analysis Element of decision quality: Explore doable alternatives What options are available and how effective or disruptive will each one be in solving the problem or realizing the opportunity? What unintended consequences will each alternative create? Knowledge A risk management professional must possess general business acumen to generate conversations that lead to deeper understanding of organizational structure; value chain; market analysis, PESTLE, etc. key risks to each strategic goal The risk manager can then use in-depth risk analysis to assess the __________________ as well as the risks to the successful execution of the strategic plan. Risk Register Analysis compile risk into a risk register to analyze and manage those risks in an organized way, typically by category. Training needs assessment: Who is involved in the training? involve appropriate parties to solve the deficiency. Conduct a target population analysis to learn as much as possible about those involved in the deficiency and how to customize a training program to capture their interest. Element of decision quality: Consider meaningful, reliable information Is the information accurate, applicable and useful? How will this information inform the decision-making process? What different interpretations of the data are possible and how will each one affect the decision-making process? Skills A risk management professional must possess communication, technical and interpersonal skills to obtain organizational information. Action plans _____________ should be developed to address gaps between the key risks to the strategic plan and the successful delivery of the mission. Organize After obtaining information, what should be the next step to be done? organizational strategy Risk strategy should be continually revised to align with ____________________. Element of decision quality: Develop realistic options available to the decision makers How feasible, acceptable or desirable is each option and which will be most useful in achieving the objective? Scenario analysis process of analyzing possible and plausible future events by considering alternative settings, circumstances and outcomes. It provides a basis for making decisions in the context of different conditions. Training needs assessment: How can the performance deficiency be fixed? Can training fix the performance deficiency or suggest other remediation if training is not appropriate? Conduct a performance analysis to identify what skill deficiency is to be fixed by a training remedy. Risk analysis results to determine the risk adjusted probability of achieving strategic objectives; determine the key risks that may negatively or positively affect the achievement of the strategic objectives Synthesize A process of combining information in ways that are coherent, logical and meaningful. Element of decision quality: Understand clearly the values and trade-offs In pursuing each option, what are the consequences of making the trade-offs that will be needed? How clearly is the expected value understood? Training needs assessment: What is the best way to perform? Is there a better or preferred way to do a task to get the best results? Are job performance standards set by the organization? Are thre governmental regulations to consider when completing the task in a required manner? Conduct a task analysis to identify the best way to perform. Site analysis leaders at each site perform an assessment by analyzing and evaluating the potential risks based on what is being produced at the site and its environmental factors. This may include threat, vulnerability and criticality analyses. Prioritize The step to choose the information that is most relevant, timely, useful and valuable for assessing risks that could affect the organization's objectives. risk register ________________ is a tool that can be used to provide an overview or the organization's risk profile aligned to corporate strategy Element of decision quality: Use logical correct reasoning What biases may be influencing reasoning? Training needs assessment: When will training take place? What is the best timing to delivery training? Attendance at training can be impacted by work cycles, holidays and so forth. Conduct a contextual analysis to answer logistic questions. SWOT analysis strengths and weaknesses (internal), opportunities and threats (external) Monte Carlo analysis mathematical technique that generates random variables for modelling risk or uncertainty of a certain system (simulation). The random variables or inputs are modelled on the basis of probability distributions Developing training goals: Align training to specific organizational performance goals Training should directly support specific organization performance goals, such as increasing, revenues, decreasing costs, teaching a new process, launching a new product or complying with regulations. What are the primary risk management skills? Organize and synthesize; Differentiate and prioritize; Employ computer and math skills What are the components of enterprise risk profile that must be communicated to key stakeholders? Risk assessment; Risk appetite; Risk tolerance; Control process Element of decision quality: Acting on the decision Are these resources available for allocation to the decision? How readily will the decision be accepted and supported by stakeholders?