ARM 401 UPDATED ACTUAL Questions and CORRECT Answers
1. holistic approach -broader in scope, managing all areas of the business, not just hazard risks
to managing risk -encompasses the analysis and predictability of business processes and organi-
zational decisions
-mandates the collaboration of internal and external stakeholders to identify,
assess, and treat risks
-involves looking at what might be gained from decisions or actions
-can uncover inconsistencies in how a company managers loss retention
-can help orgs better absorb losses
2. strategic risk -uncertainties associated with the organization's long-term goals and manage-
ment decisions
-may carry a greater risk dynamic, positive or negative, that the other categories
3. operational risk uncertainties associated with the organization's procedures, systems, and policies
4. financial risk uncertainties associated with the organization's financial activities
5. today's concep- incorporates the idea that taking risks is fundamentally necessary for growth
tion of risk
6. predictive model- can empower decision making by uncovering previously imperceptible risk factors
ing
7. Internet of network of devices that sense their environment, process data, and share it
Things instantly
8. cloud computing enables orgs to store and share data through wireless internet and networking
services
9. blockchain tech- -facilitates secure transactions without the need for a third party
nology -protects against cyber threats
-eliminates the need to verify the accuracy of risk management data
-lets risk managers spend more time on forward-looking functions
,10. what fuels the the capture, storage, and analysis of data
future of holis-
tic risk manage-
ment?
11. covariance -the measure of how two random risk variables will change in relation to each
other
-calculates correlation between the variables
12. variance -the spread of the data set, or how far apart the numbers are in relation to the
mean
13. team approaches 1. facilitated workshops
to risk identifica- 2. Delphi technique
tion 3. scenario analysis
4. HAZOP
5. SWOT
14. why is it im- -provide diverse perspectives on risks
portant to take -can reveal how risks are connected across an org, reducing the likelihood for risks
a team-orient- to be overlooked
ed approach to
identifying risks?
15. facilitated work- -a neutral party, who has no stake in the outcome, administers the risk workshop
shops and propels the group to achieve its goal
-wise to include people from diverse groups
-can be used for a specific project or process, as well as to identify those risks that
affect overall org objectives
-if using to identify all org risks: facilitator must be skilled in risk ID and manage-
ment as well as group communication and be prepared for a long-term project
16. delphi technique
, -uses the opinions of a select group of experts to identify risks
-typically they don't meet but respond to a survey or inquiry instead
-question-and-response cycle: answer question anonymously, see results, answer
same question until reach consensus
-benefits: cost-effective, eliminates group bias and encourages honesty by
anonymity
-disadvantages: experts' opinions may be limited to their current thinking on a
subject
17. scenario analysis -identifies risks and predicts the potential consequences of those specific risks
-can help identify a range of potential consequences and prioritize risks
-benefit is it brings all the concerns of different parts of the org together so they
can be addressed as a whole
-should assemble an internal cross-functional team to get a multidimensional
view
-disadvantage: may be limited by the imagination and brainstorming capabilities
of the team selected
18. HAZOP -a comprehensive review of a process or system
-a team of subject matter experts and stakeholders identifies the risks associated
with a given process and recommends a solution
-primarily used to design complex, scientific systems
-used when virtually all risks must be eliminated
19. steps in HAZOP 1. subdivides the project or system design into small components
process 2. reviews each component to identify risks
3. identifies the cause and potential outcomes for each risk
4. develops a solution for each risk
5. ensures that solutions work and reevaluates as necessary
20. SWOT Analysis -team approach that's useful in analyzing a new project or product
-strengths and weaknesses are internal environmental factors
-opportunities and threats are external environmental factors
, -a goal is necessary to keep the SOT analysis from becoming too general or failing
to provide actionable info
-concludes with a "go" or "no go" recommendation
21. assessing risks of -unique qualities of org
an organization -industry it's in
-internal/external factors
-upstream and downstream external factors (upstream: suppliers and manufac-
turers; downstream: distribution channels and consumer demands)
22. traditional risk 1. risk thresholds
assessment tools 2. checklists
and techniques 3. workshops
4. risk registers and risk maps
5. process flow analysis
6. audits
7. cause and effect analysis
8. fault tree analysis
9. failure mode and effects analysis
23. risk thresholds -when an org must decide what it's willing to sacrifice or accept in exchange for
achieving its goals
24. checklists -easy to use and communicate known risks to employees with little efforts
-don't help identify unknown risks
25. workshops -allows attendees to brainstorm and assess risks in an open, collaborative forum
-gives more perspectives
-downside is the potential for senior management to influence the flow of ideas
from stakeholders; some people conform
26. risk registers and -used to sort and rank a large number of risks
risk maps -risk register: a ledger of identified risks that're recorded in a table in a document;
1. holistic approach -broader in scope, managing all areas of the business, not just hazard risks
to managing risk -encompasses the analysis and predictability of business processes and organi-
zational decisions
-mandates the collaboration of internal and external stakeholders to identify,
assess, and treat risks
-involves looking at what might be gained from decisions or actions
-can uncover inconsistencies in how a company managers loss retention
-can help orgs better absorb losses
2. strategic risk -uncertainties associated with the organization's long-term goals and manage-
ment decisions
-may carry a greater risk dynamic, positive or negative, that the other categories
3. operational risk uncertainties associated with the organization's procedures, systems, and policies
4. financial risk uncertainties associated with the organization's financial activities
5. today's concep- incorporates the idea that taking risks is fundamentally necessary for growth
tion of risk
6. predictive model- can empower decision making by uncovering previously imperceptible risk factors
ing
7. Internet of network of devices that sense their environment, process data, and share it
Things instantly
8. cloud computing enables orgs to store and share data through wireless internet and networking
services
9. blockchain tech- -facilitates secure transactions without the need for a third party
nology -protects against cyber threats
-eliminates the need to verify the accuracy of risk management data
-lets risk managers spend more time on forward-looking functions
,10. what fuels the the capture, storage, and analysis of data
future of holis-
tic risk manage-
ment?
11. covariance -the measure of how two random risk variables will change in relation to each
other
-calculates correlation between the variables
12. variance -the spread of the data set, or how far apart the numbers are in relation to the
mean
13. team approaches 1. facilitated workshops
to risk identifica- 2. Delphi technique
tion 3. scenario analysis
4. HAZOP
5. SWOT
14. why is it im- -provide diverse perspectives on risks
portant to take -can reveal how risks are connected across an org, reducing the likelihood for risks
a team-orient- to be overlooked
ed approach to
identifying risks?
15. facilitated work- -a neutral party, who has no stake in the outcome, administers the risk workshop
shops and propels the group to achieve its goal
-wise to include people from diverse groups
-can be used for a specific project or process, as well as to identify those risks that
affect overall org objectives
-if using to identify all org risks: facilitator must be skilled in risk ID and manage-
ment as well as group communication and be prepared for a long-term project
16. delphi technique
, -uses the opinions of a select group of experts to identify risks
-typically they don't meet but respond to a survey or inquiry instead
-question-and-response cycle: answer question anonymously, see results, answer
same question until reach consensus
-benefits: cost-effective, eliminates group bias and encourages honesty by
anonymity
-disadvantages: experts' opinions may be limited to their current thinking on a
subject
17. scenario analysis -identifies risks and predicts the potential consequences of those specific risks
-can help identify a range of potential consequences and prioritize risks
-benefit is it brings all the concerns of different parts of the org together so they
can be addressed as a whole
-should assemble an internal cross-functional team to get a multidimensional
view
-disadvantage: may be limited by the imagination and brainstorming capabilities
of the team selected
18. HAZOP -a comprehensive review of a process or system
-a team of subject matter experts and stakeholders identifies the risks associated
with a given process and recommends a solution
-primarily used to design complex, scientific systems
-used when virtually all risks must be eliminated
19. steps in HAZOP 1. subdivides the project or system design into small components
process 2. reviews each component to identify risks
3. identifies the cause and potential outcomes for each risk
4. develops a solution for each risk
5. ensures that solutions work and reevaluates as necessary
20. SWOT Analysis -team approach that's useful in analyzing a new project or product
-strengths and weaknesses are internal environmental factors
-opportunities and threats are external environmental factors
, -a goal is necessary to keep the SOT analysis from becoming too general or failing
to provide actionable info
-concludes with a "go" or "no go" recommendation
21. assessing risks of -unique qualities of org
an organization -industry it's in
-internal/external factors
-upstream and downstream external factors (upstream: suppliers and manufac-
turers; downstream: distribution channels and consumer demands)
22. traditional risk 1. risk thresholds
assessment tools 2. checklists
and techniques 3. workshops
4. risk registers and risk maps
5. process flow analysis
6. audits
7. cause and effect analysis
8. fault tree analysis
9. failure mode and effects analysis
23. risk thresholds -when an org must decide what it's willing to sacrifice or accept in exchange for
achieving its goals
24. checklists -easy to use and communicate known risks to employees with little efforts
-don't help identify unknown risks
25. workshops -allows attendees to brainstorm and assess risks in an open, collaborative forum
-gives more perspectives
-downside is the potential for senior management to influence the flow of ideas
from stakeholders; some people conform
26. risk registers and -used to sort and rank a large number of risks
risk maps -risk register: a ledger of identified risks that're recorded in a table in a document;
