Question 1: Be able to understand the concept of risk, roles and responsibilities for risk management and risk management models and tools.
A) Explain the meaning of the risk management to an organization
Concept of risk:
• What is risk?
• Risk and decision making.
• Kinds of strategic risk.
• Six steps to managing strategic risk: Slywotzky and Drzik
• Corporate Financial Risk and kinds.
• Approaches to managing risk strategically.
• Risk Vulnerability.
• Managing complexity, uncertainty and ambiguity.
• Dynamic risk management.
B) Find out the roles and responsibilities for the risk management at senior management level
• The role and contents of the risk management strategy, comprising risk profile, risk appetite and RM strategic objectives and KPIs
• The integration of risk management into the organization.
• The role of the risk management policy and its key ingredients, in particular the policy objectives and senior management duties.
• The role and necessary ingredients of the risk management implementation plan.
C) Evaluate risk management models:
• ERM approach
• ISO31000:2009
• M_O_R Framework
• GRC Capability Model
Question 2: Be able to understand the resourcing and implementation of the risk management strategy.
A) Evaluate the risk management criteria against which risk can be assessed.
Key factors to take into account in the risk identification.
B) Critique techniques to recognize and quantify risk, comprising risk interdependence:
• The concept of risk interdependency.
• The pros and cons of various risk identification methods.
• The concepts of risk factors and risk criteria.
• Risk scoring methods vs. risk probabilistic analysis
• What Monte Carlo simulation includes.
• What risk evaluation comprises.
C) Develop strategies to remove, mitigate, deflect or accept risk:
• Risk treatment strategies: Risk avoidance, reduction, transfer and retention
• The kinds of controls which can be used for operational hazard strategic and financial risks
• Factors to consider when selecting risk treatment policies.
• The elements of a risk treatment plan.
D) Find out a process for communicating, resourcing and managing risk management strategies.
• Establish a communication plan to implement the risk management framework that has been developed – who, what, when and how (what are the components)?
Question 3: Be able to understand the evaluation and management of the risk management strategies.
A) Assess the outcomes of risk management strategies:
• The scope of strategic risk management evaluation.
• The elements of a strategic risk management control system.
• Issues with Control systems such as their quantification.
• Assessment tools.
B) Find out actions to respond to outcomes of risk strategies.
• How to enhance your strategic RM.
C) Devise a disaster recovery plan:
• Business Impact Analysis.
• Treatment Strategies.
D) Examine affects that would affect a review of the disaster plan.