1. Be able to understand the concept of risk, roles and responsibilities for risk management and risk management tools and models
1.1 Explain the meaning of risk management to an organisation
Concept of risk:
• What is risk?
• Risk and decision making
• Types of strategic risk
• Six steps to managing strategic risk - Slywotzky and Drzik
• Corporate Financial Risk and types
• Approaches to managing risk strategically
• Risk Vulnerability
• Managing complexity, uncertainty and ambiguity
• Dynamic risk management
1.2 Determine the roles and responsibilities for risk management at senior management level
• The role and contents of the risk management strategy, including risk profile, risk appetite and RM strategic objectives and KPIs
• The integration of risk management into the organisation
• The role of the risk management policy and its key ingredients, in particular the policy objectives and senior management responsibilities
• The role and essential ingredients of the risk management implementation plan
1.3 Evaluate risk management models
• ERM approach
• ISO31000:2009
• M_O_R Framework
• GRC Capability Model
2. Be able to understand the resourcing and implementation of risk management strategy
2.1 Evaluate risk management criteria against which risk can be assessed
• Key factors to take into account in risk identification
2.2 Critique techniques to identify and quantify risk, including risk interdependence
• The concept of risk interdependency
• The pros and cons of various risk identification techniques
• The concepts of risk factors and risk criteria
• Risk scoring methods v risk probabilistic analysis
• What Monte Carlo simulation involves
• What risk evaluation involves
2.3 Develop strategies to eliminate, mitigate, deflect or accept risk
• Risk treatment strategies: Risk avoidance, reduction, transfer and retention
• The types of controls that can be used for operational hazard strategic and financial risks
• Factors to consider when choosing risk treatment strategies
• The elements of a risk treatment plan
2.4 Determine a process for communicating, resourcing and managing risk management strategies
• Establish a communication plan to implement the risk management framework that has been developed - who, what, when and how (what are the components)
3. Be able to understand the evaluation and management of risk management strategies
3.1 Evaluate the outcomes of risk management strategies
• The scope of strategic risk management evaluation
• The elements of a strategic risk management control system
• Issues wit Control systems such as their quantification
• Assessment tools:
o KPIs
o EFQM excellence model (Source HM Treasury)
3.2 Determine actions to respond to outcomes of risk strategies
• How to improve your strategic RM
• Hubbard , D.W (2009) - Risk management can only be fixed by making the following three key improvements:
o Adopt the language and philosophy of modelling uncertain systems
o Be a scientist
o Build a community as well as an organisation
3.3 Devise a disaster recovery plan
• Business Impact Analysis
• Treatment Strategies:
o Risk Avoidance
o Risk Reduction
o Risk Transfer
o Risk Retention
• Ingredients of a disaster recovery plan
3.4 Examine influences that would affect a review of the disaster plan