CRM Principles of Risk Management CRM Principles of Risk Management
Exam, RIMS CRMP Exam Study Guide Common Terms, RIMS-CRMP
Vocabulary/Definitions, RIMS CRMP-Implementing the Risk Process, RIMS-
CRMP EXAM STUDY GUIDE, RIMS - CRMP Complete Study Guide;
Risks
The effect of uncertainty on objectives
The chance of something happening that will have an impact on objectives
Being prepared for the worst and being poised to exploit opportunities as they are
discovered
Enterprise Risk Management
A strategic business discipline that supports the achievement of an organization's objectives
by addressing the full spectrum of its risks and managing the combined impact of those risks
as an interrelated risk portfolio.
Support Function: Business continuity and crisis management
Risk identification, assessment and creation of emergency response and recovery plans
related to threats or hazards that might lead to operational disruptions
Analysis
A systematic examination and evaluation of data or information by breaking it into its
component parts to uncover their relationships. An examination of data and facts to uncover
and understand cause-effect relationships, thus providing basis for problem solving and
decision making.
To embed risk management in both routine and strategic decision, what should managers
be able to recognize?
The type of decision being made; Who should be included in the decision making process;
Where in the process decisions are being made
Risk management strategies' general focus
1|Page
,Meeting or exceeding an organization's objectives
Adhering to control-based objectives, rules and/or controls
Complying with regulatory requirements
Support Function: Internal Audit
Risk identification, assessment and treatment through audit plans with focus on fraud,
corruption, regulatory noncompliance and/or misrepresentation related to the
organization's internal control systems, financial operations, financial statements and
reporting as well as enterprise risk and the organization's risk management framework and
process.
What steps can the risk management professional take to embed risk management in
decision making?
Include risk assessment in planning process; Leverage cross-functional risk assessment team
and subject matter experts to identify enterprise risks; Consider cascading and cumulative
effects
Gap Analysis
Technique that can be used to determine what steps might need to be taken to improve the
organization's capacity to move from a current state to a desired future state.
Risk appetite
The total exposed amount that an organization wishes to undertake on the basis of risk-
return trade-offs for one or more desire and expected outcomes.
Communication and Consultation
Risk management professional's role in Implementing Risk Strategies
Support Function: Legal
Risk identification, assessment and treatment of risks related to the obligation an
organization undertakes and transfers through contracting, as well as its compliance with
applicable laws and regulatory obligations.
2|Page
,What are the typical failures in risk management which can be avoided if it is embedded in
the decision making process?
Program not integrated into strategy or its execution; Focused on the wrong risks; Not
executed in a repeatable process; Risk management is practiced in a silo; Activity not viewed
as being value added
Strategic Plan
Determines that actions the organization will take at any stage of the planning period as
circumstances change.
Risk owner
The individual who is ultimately accountable for ensuring that risk is managed appropriately,
including the implementation of selected responses.
Risk Identification Process
Finding, Recognizing and Recording Risks
Support Function: Compliance
Risk identification, assessment and treatment of risk related to regulations that may affect
the organization's ability to operate in its respective jurisdictions, as well as activities that fall
within its compliance and ethics programs.
To successfully integrate risk management into decision making, risk management
professionals will rely on strategies that draw on personal and technical skills in
Building organizational awareness; . Differentiating the different types of decisions used in
varying situations using elements of decision quality; Performing various roles in the taking
risk into account in decision-making process
Strategy
A complete plan of action for whatever situations might arise in achieving an organization's
goals within the established time.
Risk tolerance
3|Page
, The amount of uncertainty an organization is prepared to accept in total or more narrowly
within a certain business unit, a particular risk category or for a specific initiative.
Strategic Risk Management
A business discipline that drives deliberation and action regarding uncertainties and
untapped opportunities that affect an organization's strategy and strategic execution.
Value Chain
The series of functions, processes, materials and activities (inputs) from concept to the
eventual end user that creates and builds value at every step in order to deliver a product or
service.
To build organizational awareness, the risk management professional needs to do the
following:
Be a persuasive communicator and facilitator; Have a clear communication plan; Engage
interested parties, including primary and secondary audiences; Demonstrate that risk
management creates the most value ; Develop feedback loops for continuous learning
Risk Analysis
The process of characterizing and understanding the nature of risk and of considering the
level of risk in the context of the organization's willingness to accept risk.
Support Function: Safety
Risk identification, assessment and treatment of risks focused on preserving the physical
well-being of employees and third parties.
Likelihood, Consequences, other criteria such as timing, duration, vulnerability and
interdependencies
Risk is typically analyzed on the basis of
Support Function: Information Security
Risk Identification, assessment and treatment of risk arising our of or affecting information
and technology infrastructure.
4|Page
Exam, RIMS CRMP Exam Study Guide Common Terms, RIMS-CRMP
Vocabulary/Definitions, RIMS CRMP-Implementing the Risk Process, RIMS-
CRMP EXAM STUDY GUIDE, RIMS - CRMP Complete Study Guide;
Risks
The effect of uncertainty on objectives
The chance of something happening that will have an impact on objectives
Being prepared for the worst and being poised to exploit opportunities as they are
discovered
Enterprise Risk Management
A strategic business discipline that supports the achievement of an organization's objectives
by addressing the full spectrum of its risks and managing the combined impact of those risks
as an interrelated risk portfolio.
Support Function: Business continuity and crisis management
Risk identification, assessment and creation of emergency response and recovery plans
related to threats or hazards that might lead to operational disruptions
Analysis
A systematic examination and evaluation of data or information by breaking it into its
component parts to uncover their relationships. An examination of data and facts to uncover
and understand cause-effect relationships, thus providing basis for problem solving and
decision making.
To embed risk management in both routine and strategic decision, what should managers
be able to recognize?
The type of decision being made; Who should be included in the decision making process;
Where in the process decisions are being made
Risk management strategies' general focus
1|Page
,Meeting or exceeding an organization's objectives
Adhering to control-based objectives, rules and/or controls
Complying with regulatory requirements
Support Function: Internal Audit
Risk identification, assessment and treatment through audit plans with focus on fraud,
corruption, regulatory noncompliance and/or misrepresentation related to the
organization's internal control systems, financial operations, financial statements and
reporting as well as enterprise risk and the organization's risk management framework and
process.
What steps can the risk management professional take to embed risk management in
decision making?
Include risk assessment in planning process; Leverage cross-functional risk assessment team
and subject matter experts to identify enterprise risks; Consider cascading and cumulative
effects
Gap Analysis
Technique that can be used to determine what steps might need to be taken to improve the
organization's capacity to move from a current state to a desired future state.
Risk appetite
The total exposed amount that an organization wishes to undertake on the basis of risk-
return trade-offs for one or more desire and expected outcomes.
Communication and Consultation
Risk management professional's role in Implementing Risk Strategies
Support Function: Legal
Risk identification, assessment and treatment of risks related to the obligation an
organization undertakes and transfers through contracting, as well as its compliance with
applicable laws and regulatory obligations.
2|Page
,What are the typical failures in risk management which can be avoided if it is embedded in
the decision making process?
Program not integrated into strategy or its execution; Focused on the wrong risks; Not
executed in a repeatable process; Risk management is practiced in a silo; Activity not viewed
as being value added
Strategic Plan
Determines that actions the organization will take at any stage of the planning period as
circumstances change.
Risk owner
The individual who is ultimately accountable for ensuring that risk is managed appropriately,
including the implementation of selected responses.
Risk Identification Process
Finding, Recognizing and Recording Risks
Support Function: Compliance
Risk identification, assessment and treatment of risk related to regulations that may affect
the organization's ability to operate in its respective jurisdictions, as well as activities that fall
within its compliance and ethics programs.
To successfully integrate risk management into decision making, risk management
professionals will rely on strategies that draw on personal and technical skills in
Building organizational awareness; . Differentiating the different types of decisions used in
varying situations using elements of decision quality; Performing various roles in the taking
risk into account in decision-making process
Strategy
A complete plan of action for whatever situations might arise in achieving an organization's
goals within the established time.
Risk tolerance
3|Page
, The amount of uncertainty an organization is prepared to accept in total or more narrowly
within a certain business unit, a particular risk category or for a specific initiative.
Strategic Risk Management
A business discipline that drives deliberation and action regarding uncertainties and
untapped opportunities that affect an organization's strategy and strategic execution.
Value Chain
The series of functions, processes, materials and activities (inputs) from concept to the
eventual end user that creates and builds value at every step in order to deliver a product or
service.
To build organizational awareness, the risk management professional needs to do the
following:
Be a persuasive communicator and facilitator; Have a clear communication plan; Engage
interested parties, including primary and secondary audiences; Demonstrate that risk
management creates the most value ; Develop feedback loops for continuous learning
Risk Analysis
The process of characterizing and understanding the nature of risk and of considering the
level of risk in the context of the organization's willingness to accept risk.
Support Function: Safety
Risk identification, assessment and treatment of risks focused on preserving the physical
well-being of employees and third parties.
Likelihood, Consequences, other criteria such as timing, duration, vulnerability and
interdependencies
Risk is typically analyzed on the basis of
Support Function: Information Security
Risk Identification, assessment and treatment of risk arising our of or affecting information
and technology infrastructure.
4|Page
