Benchmarking
The process of measuring the performance of an organization against external standards of reference that frequently come from similar organizations doing similar things.
Corporate Governance
The system of rules, practices and processes by which a company is directed and controlled.
Enterprise Risk Management
A strategic discipline that supports the achievement of an organization’s objectives by addressing the full spectrum of its risk and managing the combined impact of those risks as an interrelated risk portfolio.
Gap Analysis
Comparison of an existing process or procedure to recognize standards in order to identify deficiencies or excesses in the existing process.
Key performance indicator (KPI)
As activity that signals the achievement of organizational objectives, emphasize opportunities and strategic objectives.
Key risk indicator (KRI)
designed to manage downside risk. A measurement of how risk and volatility relate to achieving organizational objectives,
PESTLE Analysis
PESTLE is an acronym for Political, Economic, Social, Technology, Legal and Environmental and identifies the categories utilized to analyze internal and external environments. Other forms of the acronym include “PEST” and “PESTEL.”
Risk
The effect of uncertainty on objectives.
Risk Appetite
The total exposed amount that an organization wishes to undertake on the basis of risk return trade-offs for one or more desired and expected outcomes
Risk Attitude
An organization’s or individuals’ view/perspective of the perceived qualitative and quantitative value that may be gained in comparison to the related potential loss or losses.
Risk Culture
The beliefs, values, norms and traditions of behavior of individuals and groups within an organization that determine the way in which they identify, understand, discuss and act on the risk(s) the organization confronts and takes.
Risk Champion
Any person in an organization who is a leader and influences peers regarding the value that risk management adds to the organization.
Risk governance
The architecture within which risk management operates in a company
Risk Management
The process of making and implementing decisions that will minimize the adverse effects of accidental losses on an organization.
Risk Owner
An individual accountable for the identification, assessment, treatment and monitoring of risks in a specific environment
Risk Portfolio
A complete collection and range of uncertainties that affect an organization’s future.
Risk Tolerance
The amount of uncertainty an organization is prepared to accept in total or more narrowly within a certain business unit, a particular category or for a specific initiative.
Root Cause
A factor that, if removed from a chain of events, causes a problem to not occur or lessens the impact of a problem.
Root Cause Analysis
A problem-solving methodology used to find the root causes of problem
Strategic risk management (SRM)
A business discipline that drives deliberation and action regarding uncertainties and untapped opportunities that affect an organization’s strategy and strategy execution.
SWOT analysis
SWOT is an acronym for Strengths, Weaknesses, Opportunities, and Threats and is an analytical approach for environmental scanning that combines internal and external context with obstacles and accelerators to success in achieving objectives.
SMART goals
SMART is an acronym for Simple, Measurable, Achievable, Realistic and Timely and refers to characteristics of high quality goals and objectives.
Value Chain
A high-level model developed by Michael Porter used to describe the process by which businesses receive raw materials, add value to the raw materials through various processes to create a finished product, and then sell that end product to customers. Companies conduct value-chain analysis by looking at every production step required to create a product and identifying ways to increase the efficiency of the chain. The overall goal is to deliver maximum value for the least possible total cost and create a competitive advantage.
A business model is a set of assumptions about the
way an organization creates value
What two analytical tools are particularly useful in analytical tools for analyzing the business model?
Value chain analysis and benchmarking
Risk Management professional conduct supply-chain analysis to identify
potential vulnerabilities to the organization
Which activity does the risk management professional perform immediately after obtaining internal and external information about the organization?
Organize the information
The organization’s resources and internal support are__________________ the risk management strategy
inputs in the development of
When defining the success measures for the organization’s risk strategy, the risk management professional will include which of the following steps?
A review of the goals and objectives of the risk strategy
Which of the following is considered a risk analysis technique?
Monte Carlo Simulation
When an operational area develops a treatment for a critical risk, the risk management professional MUST
evaluate the impact upon other areas
A risk management professional advises management on the status of key risks by
providing insights into the changing characteristics of a risk
After validating the training curricula, a risk management professional
schedules and conducts training.
What is the role of risk management in the strategic planning process
identify threats and opportunities.
RIMS – CRMP Complete Study Guide; 1 Analyze the Business Model, 2 Developing Organizational Risk Strategies, 3 RIMS CRMP-Implementing the Risk Process, 4 Developing Organizational Risk Management Competency, 5 Supporting Decision Making, ,
ability to assess and plan
Organizational risk competency capabilities: ___________ for the appropriate number and type of resources necessary to execute a risk strategy and tactical plan
Accountability for risk
this matters when it is measured and can achieve a trickle down effect as the operations and functional managers engage their staff to support in the achieving the objectives
Act
A step in continuous improvement model to implement successful improvement changes on a wider scale and continuously assess your results.
Action plans
_ should be developed to address gaps between the key risks to the strategic plan and the successful delivery of the mission.
actions
Elements of treatment plans: proposed __ and timeline
Active-decision Environment
Decision is in the process of being made; RMP should identify the stakeholders, understand success measures; integration of risk management process; develop monitoring process
Adoption of ERM-based approach
Comptency Drivers: Executive support of ERM; business process definition and risk ownership, far-sighted risk management vision; front line and support process owner participation
Analysis
A systematic examination and evaluation of data or information by breaking it into its component parts to uncover their relationships. An examination of data and facts to uncover and understand cause-effect relationships, thus providing basis for problem solving and decision making.
approving and implementing the plan
Elements of treatment plans: those who are accountable and responsible for __
Area of improvement to encourage continuous learning: Coaching the organization
Develop and track feedback mechanisms to judge success and adjust risk management process accordingly. Is there a consensus on the evaluation of the outcome? What could be learned by including others into the decision-making process? What re the implications for the organization?
Area of improvement to encourage continuous learning: Design of organizational strategies
Are decisions aligned with the risk management goals, objectives and risk culture? Are decisions aligned with acceptable risk tolerance and appetite guidance? Is the decision achievable with resources available? Does it meet or align with the measures of success established?
Area of improvement to encourage continuous learning: Development of organizational risk management competencies
Does the organization realize how risk-based decisions are impacting the organization? What evidence demonstrates that risk-based decisions are leading to continuous improvement?
Area of improvement to encourage continuous learning: Integration of risk management process
Does the risk management process occur at the optimal stage in decision-making during business process? Are organizational risk management capabilities adequate or are these areas that need to be improved?
Articulate specific training objectives
Step to perform before preparing training media and materials.
Assumptions
A method to identify uncertainties which can reveal implicit expectations about organizational performance. Often, implicit expectations do not have metrics built around them that will help ensure success.
assumptions
The risk manager can then identify ____ made by management when developing these goals.
Benchmarking
comparing one’s processes and performance metrics against those of organizations known to be leaders in one or mor easpects of their operations
Benchmarking, document review, assets and process reviews
A strategy for gathering data to identify a risk involving external resources
Benefits of process improvement for organizations
tackle inadequately addressed uncertainties and opportunities; resolve business processes inefficiencies; build a repeatable and scalable process for better decision making.
Benefits of process improvement for risk management professionals
Establish a baseline of maturity levels; build consensus about areas for improvement and establish milestones; communicate clearly to the stakeholders and risk network
Benefits of process improvement for stakeholders
Streamline risk management processes; eliminate dupplication of efforts and connect support functions with process owners; measure risk managemnt value, based on priorities; create a shreed language and vision
Biases
A method to identify uncertainties which can help identify potentially hidden expectations, motivations or even conflicts within the organization. It may sometimes lead to perceptual distortion, inaccurate judgment and illogical analysis of information.
Bow tie analysis
hazard analysis technique (cause and consequence)
Bowtie, business impact analysis, fault tree, cause/consequence analysis
Examples of combined methodology for analyzing data
Brainstorming; Checklists; Interview and self-assessment; Facilitated workshops; Risk questionnaires and risk surveys; Scenario analysis; others such as value chain analysis, system design review, process analysis and benchmarking
Specific techniques for identifying risks include:
Budgeting for risk solutions
Reporting on risk and _____________ becomes naturally integrated, because each areas is required to report within the governance structure and budget resources to accomplish their respective objectives.
Business area managers or risk owners
Participants in the ERM governance model who engages in risk assessment at directed frequency; own risk treatment i.e. avoid, accept, transfer, mitigate, exploit; report on risk exposures/actions
Business impact analysis
consider business impacts at a location or from a specific process
Business resilience and sustainability
Compentency Drivers: Analysis-based planning; resilience and operational planning; understanding consequences
Catalyst
Risk management professional’s role is to provide insights on emerging risks and offer perspectives on leading practices; share knowledge on potential exposures and the implications to the organization.
Check
A step in continuous improvement model to use data to analyze the results of the change and determine whether it made a difference.
Clearly identified responsibility for risk management
A benefit of ERM that fosters an environment where risk-return trade-offs are carefully evaluated; responsibility and accountability for managing risks are explicit part of governance
Coaching
Methods of helping others to improve, develop, learn new skills, find success, achieve aims and manage change and challenges. Providing support and advice to an individual or group in order to help them recognize ways to improve their competencies and effectiveness.
Collaboration in a more formal environment, such as a risk committee can provide what?
give managers an open venue to share concerns and receive feedback from colleagues
Collaborative relationship between risk management professionals, the risk network and other within the organization
A key consideration in successful exchange of benefits
commitment from leadership
Component in implementing enterprise risk plan: Obtain ______ of the organization for the purpose, scope and accountability, responsibility and resources to implement the risk management strategy.
Communication
Risk Management Professional’s role to convey information.
Communication and Consultation
Risk management professional’s role in Implementing Risk Strategies
communication channels
Component of risk communication strategy: Determine _____ to be used for the variety of intended messaging
communication plan; resource support
Value proposition of ERM: A _ exists to keep players informed and provide channels for issue resolution: __ has been or will be secured to enable players to execute expected roles
Compensation for Costs
A form of exchange between departments and enterprise risk management where the latter offers to cover the cost associated with complying with the request; cost of additional staff, etc.
Competitive advantage
The major strengths of the company combine to form the core competencies that provide the basis for the company to achieve what?
Compliance for Mutual benefits
A form of exchange between departments and enterprise risk management where there is increased ability to manage volatility, improved operational efficiency, more efficient process, strengthened supply chain, reduced operating costs
Conduct Risk
Comprises a wide variety of activities and types of behavior that fall outside other main categories of risk ; Risk attached to the way in which a firm, and its staff, behave in a wide range of market-facing and internal situations; How customers are treated, remuneration of staff and how firms deal with conflicts of interest
Consider all risks and exploit risks as part of the strategy
Strategy of Enterprise Risk Management
constraints and contingencies
Elements of treatment plans: resources required including _______
Consultation
Risk Management Professional’s role to anticipate that participants engage in conversation with the expectation that dialogue will contribute to and shape decisions.
Consultative role of risk management professionals in implementing solutions
Strategic advisors
Solutions advocates
Collaboration facilitators
Continuous improvement
Ongoing effort to improve products, services or processes within an organization.
Contractual risk transfer
a legally binding agreement between two parties whereby one agrees to indemnify and hold another party harmless for specified actions, inactions, injuries or damages.
Core competencies
These are fundamental for successfully performing as a risk management professional, irrespective of level of experience or training. These competencies form the foundation for being able to apply
the related knowledge and skill components of the model for the needs of an organization.
Core Competency: Attributes
Qualities, characteristics and behaviors that, when displayed, will assist risk management professionals in
getting things done in areas where they do not hold direct responsibility. These attributes are particularly
important when adapting and integrating a horizontal, portfolio approach to risk management across an
organization.
Core Competency: Attributes
Leader; visionary; negotiator; innovator; facilitator; inquisitive
Core Competency: Business Knowledge
Business model; performance management, economics, functional areas
Core Competency: Business Knowledge
To be competent in this area, risk management professionals need to have a thorough understanding
of general business models and measurements of business performance, as well as the roles and
responsibilities of various functional areas and interactions.
Core Competency: Management Skills
Strategic perspective; planning; organizing; decision making; relationship development
Core Competency: Management Skills
This area covers selected management skills required for successful risk management related to problem
solving and decision making, planning, organizing, and relationship development.
Core Competency: Organizational Knowledge
Risk management professionals of all levels are expected to know unique aspects of their respective
organizations: its industry dynamics, its operating environment, and the activities it undertakes to achieve its
strategy, goals and objectives.
Core Competency: Organizational Knowledge
Strategy/Objectives; operations; value chain; culture; decision-making processes; stakeholder
Core Competency: Risk Management Knowledge
Standards/Frameworks; Concepts; Adaption approaches; process; solution; subspecialties
Core Competency: Risk Management Knowledge
Successful risk management professionals are knowledgeable about the standards, guidelines and concepts
that reflect contemporary risk management thinking and practices. This area includes knowledge related to
how risk management can be incorporated within diverse environments, process approaches, solutions and
more extensive knowledge in respective subspecialty areas.
Core Competency: Technical Skills
Assessment methods & techniques; research; analytics; financial analysis; risk modification; statistics; data interpretation; behavior modification; information systems
Core Competency: Technical Skills
This is the operational layer where the specialized skills of risk professionals come into play. These skills
include the ability to develop a horizontal, portfolio approach to managing risk. Application of specialized
skills by risk management professionals provides guidance for increased clarity in decision making.
corporate rewards strategy
Success measures: Tying risk engagement, accountability and results to the __
corporate score card
Success measures: Gaining lace on the __
corporate success measures
Success measures: aligning risk measures to ____
crisis communication process
Component of risk communication strategy: Determine and define the role of the risk management function in the ___
Cross-functional view and common risk assessment process
An ERM method which can maximize the efficiency of an organization’s risk management resources and activities
Data collection
A strategy for gathering data to identify a risk that should be comprehensive, strategic and timely
Decision Making Environments
Decisions can be categorized related to changes in the organization; scope and impact; level of familiarity
Developing risk governance model, is defining and ensuring the effectiveness of the process steps, methods, tools and techniques for:
Risk identification; Risk assessment; Risk Measurement; Risk Modification; Risk Modification
Risk Reporting; Risk data collection, storage and access protocols and procedures
Developing training goals: Align training to specific organizational performance goals
Training should directly support specific organization performance goals, such as increasing, revenues, decreasing costs, teaching a new process, launching a new product or complying with regulations.
Developing training goals: Determine the learning activities
This step involves identifying the activities that will help team members learn how to successfully achieve the specific perfor mance goals.
Developing training goals: Identify performance goals for learners
Performance goals identify the tasks team members have to perform to reach the goal. This the time to explore the peformance gaps between what the members are doing now and what they need to be able to do to accomplish the goal.
development; improvement options
Continuous improvement model (Do): Collaborate in the assessment and _ of the options; Validate continuous __________ with stakeholders; Select and execute ___
Develop risk treatment plans
A common method of implementing the selected risk solutions
Do
A step in continuous improvement model to implement change on a small scale; collaborating on the process assessment and potential options; validating the continuous improvement options; selecting and executing improvement options.
Efficiency of risk management resources
A benefit of ERM that maximizes the efficiency of an organization’s risk management resources and activities through a cross-functional view and common risk assessment process
Element of decision quality: Acting on the decision
Are these resources available for allocation to the decision? How readily will the decision be accepted and supported by stakeholders?
Element of decision quality: Consider meaningful, reliable information
Is the information accurate, applicable and useful? How will this information inform the decision-making process? What different interpretations of the data are possible and how will each one affect the decision-making process?
Element of decision quality: Develop realistic options available to the decision makers
How feasible, acceptable or desirable is each option and which will be most useful in achieving the objective?
Element of decision quality: Explore doable alternatives
What options are available and how effective or disruptive will each one be in solving the problem or realizing the opportunity? What unintended consequences will each alternative create?
Element of decision quality: Frame the issue; identify the need
Is solving this problem or realizing this opportunity worthwhile? What are the intended outcomes?
Element of decision quality: Understand clearly the values and trade-offs
In pursuing each option, what are the consequences of making the trade-offs that will be needed? How clearly is the expected value understood?
Element of decision quality: Use logical correct reasoning
What biases may be influencing reasoning?
Emerging risks
Completely new or extremely rare negative events
Engage Key Stakeholders
A step in identifying risk whereby considering those most closely associated with achieving the organization’s objectives.
engagement and accountability
Success measures: Making the case for risk management ___
Engaging risk network promotes
greater consistency in approaches and in developing capabilities for risk management activities across the organization.
enterprise culture; business mode; current enterprise strategy
Strategies to obtain support: Assess current risk management competencies and identify gaps with misalignments with ___
Enterprise Risk Management
A strategic business discipline that supports the achievement of an organization’s objectives by addressing the full spectrum of its risks and managing the combined impact of those risks as an interrelated risk portfolio.
An enterprise-wide risk management framework views risk within an organization’s:
Unique strategy; Tolerance; Culture; Decision Making; Governance
Equivalent Payments
A form of exchange between departments and enterprise risk management where the latter offers services in exchange for supporting and implementing enterprise-wide risk management process
ERM integration in organizational strategies: Determine the risk management strategy that will build organizational competencies in support of the organization’s strategy
Common definitions, references, measurements and process; improve risk management competencies throughout the organization, iterative plan tasks aligned with organization’s planning processs
ERM integration in organizational strategies: Establish a purpose and value outcome for developing risk management competencies
What value outcome will risk management competencies provide for strategy development and performance at strategic, operational and tactical levels?
ERM integration in organizational strategies: Establish a risk governance model that fits within the organization’s unique governance arrangements
Oversight, roles and responsibilities, structure unique to the organization
ERM integration in organizational strategies: Establish guiding principles by articulating the organization’s risk philosophy
Risk philosophy aligned with vision, mission and values; create and protect value
ERM process management
Competency Drivers: Repeatable and scalability; ERM program oversight ERM process steps; risk culture, accountability and communication, risk management reporting
Existing capabilities
A strategy for gathering data to identify a risk that includes understanding current risk management processes and approaches, existing controls and their levels of effectiveness to identify known risks
expected value of the of the collective objectives
Monitoring risk process: validating whether the _______ from making risk-informed decisions and implementing risk solutions have been achieved
External Organization Information
External source of information that includes external audit reports, competitive analysis, rating agency, consumer reports, legal matters, media coverage
External; People; Process; Relationships; Systems
Other type of risk categorization
Financial Statements
Internal source of information that includes financial analytics or projections
forward-looking, long-term view
Organizational risk competency capabilities: _______ into emerging risks
Gap Analysis
Technique that can be used to determine what steps might need to be taken to improve the organization’s capacity to move from a current state to a desired future state.
Gap analysis
determine steps to improve the organization’s capacity to move from a current state to a desired, future state. (current available factors, success factors needed to achieve future desired objectives, highlighting the gaps)
governed and guided
Component in implementing enterprise risk plan: Define who and how the plan will be _________
Governing Body/Board of Directors
Participants in the ERM governance model who is the ultimate risk management oversight responsibility
Hold harmless
wording that requires one party to shield the other party from the effects of the legal liability assignable to transferor or obligor.
How are learning objectives communicated?
Learning objectives have four parts: Each learning objective should indicate who will perform the action (person), the specific behavior to be performed, the conditions under which the behavior will be performed, and the degree to which the person must perform the behavior.
How can managers make risk informed decisions that enable them to succeed?
Adapt risk management process to meet operational area need; Focus discussions on organization objectives; Develop a test case in a specific area
How can risk management professionals develop the desired risk culture and risk management capabilities?
Training sessions that clearly communicate the corporation’s attitude about risk-taking; Key risk indicators embedded into management performance objectives; On-boarding process; Risk management visualization technique
How can risk management professionals gain credibility and engagement with key stakeholders
validating insights with key stakeholders
How can risk management professionals gain insights into organizational performance related to the effectiveness of the organizational risk management?
evaluating metrics and reports that result from a disciplined and informed risk management process
How can risk management professionals take a collaborative approach with company executives?
Build relationships; Practice empathy and listening; Present yourself as an ally; Focus on organizational objectives
How can you apply technical knowledge using risk management methods to business process?
Identify the source of information; Rank its importance for the achievement of the organization’s objectives; Compare the reliability of this source with other information sources; Determine whether to include the source as an important information source
How do learning objectives function?
Learning objectives are SMART: five characteristics of effective learning objectives are that they are: specific, measurable, achievable, relevant and time bounded.
How to identify training needs?
Identify required performance or desired behavior; identify Gaps/needs; What are the desired actual performance or behavior
How to match training and media for audience?
Message differs depending on the audience; Daily decision-making or general awareness; High-level overview operational instruction or general knowledge
How to obtain the real story aside from reading information?
Talk to those inside the organization; Talk with external stakeholders ; Do site visits
How to validate whether the training programs are delivering what is expected?
Engaging others in feedback reviews; Testing training in small groups
Identify actual decision makers in the decision making environments
Identify those who are accountable for performance
Identify and gather available data
A step in identifying risk whereby the purpose is to identify what might happen or what situations might exist that may affect the achievement of the organization’s strategy, objectives and tactical plans.
identify, assess and treat risk
Organizational risk competency capabilities: Ability to ___ within a clear appetite and tolerance context.
Identify impact in the decision making environment
Which decisions make the greatest impact on a specific strategy? Leverage information by using organized internal and external sources; information gathered from meetings; key inputs and outputs of the value chain and operations
Identifying what training is needed
Logical first step before developing training goals
Identify risk; Analyze risk; Evaluate, select and implement responses; Monitor results and revise
Describe the risk process
immediate superior and his/her superior
Strategies to obtain support: Secure alignment with _____
Implement
Continuous improvement model (Act): _ validated improvement option more widely
implementation plan success
Component in implementing enterprise risk plan: Develop metrics to measure ___
improvement
Continuous improvement model (Plan): Identify continuous _ opportunities; Identify options for _
improvement options
Continuous improvement model (Check): Monitor results on chosen ____; Modify __ as necessary
In benchmarking, you may analyze and compare information and you can look for:
Gaps, strengths and weaknesses, differentiators; risks
Include upside of risk; looking at building, expanding, exploiting and to add value; push and pull performance data; Use RIMS risk maturity model
Measurement of Enterprise Risk Management
Indemnification
contractual obligation placed on the indemnifier to return the indemnified to essentially the same financial condition that existed prior to the loss or claim or to stand in as the source for financing the legal liability.
In developing risk strategy, it should:
Align with the strategic plan; Infuses risk management throughout the structure of the organization
Individuals with specific technical knowledge about the organization and capability and resources to implement solutions
Who can best find, chose and implement effective risk solutions?
In facilitating risk discussions, who should be included?
Decision makers, other influencers, accountable individuals; impacted stakeholders; those responsible for managing related risks
In facilitating risk identification, risk management professional servers as
Data consolidator to aggregate and synthesize data that enable people within an organization to make risk-effective decisions.
Influence analysis/diagrams
identify the strength of influencing factors and help determine potential weighting for consideration during the risk assessment process. Define root causes for major risks, define the chain of events likely in a scenario and become the foundation for further modeling.
Influence diagrams, scenario analysis, site analysis, SWOT
Examples of qualitative methodology for analyzing data
In order to facilitate discussions about risk in decision process, what stages should be identified and influenced?
Timeline the decision is being made; The primary decision maker; If there is an establish risk tolerance and threshold
Insurance
risk transfer mechanism that ensures full or partial financial compensation for the loss, damage and legal obligations of a policy holder or beneficiary.
Integrate risk management process with organizational strategies
consider the organization’s planning processes and calendar
Internal Audit Reports
Internal source of information that focuses on business practices important to the goals and reflection of regulatory environment of the organization
In what areas and activities can risk management professional give advise?
Strategy development and performance; Enterprise-wide or related areas, whether internal or external; Specific operational and functional areas; Development of new initiatives; New and evolving issues; Significant changes
key performance indicators
Each high-level strategy objective should be broken down into more tactical, operational _________ for analysis.
Key performance indicators (KPI)
help a firm see how it is performing in relation to its strategic goals and objectives.
Key risk indicators
metrics used by organizations to provide an early signal of changes in risk exposures in various areas of the enterprise
Key risk indicators (KRI)
are leading indicators of risk to business performance, giving early warning about potential risks.
key risks to each strategic goal
The risk manager can then use in-depth risk analysis to assess the ______ as well as the risks to the successful execution of the strategic plan.
Knowledge
A risk management professional must possess general business acumen to generate conversations that lead to deeper understanding of organizational structure; value chain; market analysis, PESTLE, etc.
knowledge and understanding
Organizational risk competency capabilities: _____ of operations
Leader
Risk management professional’s role is to drive adoption of enterprise-wide approach to enable the organization to achieve its objectives; develop awareness for broad risk management competencies; enable execution of consistent risk assessment methodologies, guiding improvement and monitoring efforts.
Likelihood, Consequences, other criteria such as timing, duration, vulnerability and interdependencies
Risk is typically analyzed on the basis of
management agreement
Component of risk communication strategy: Define and secure ___ for key risk messages
mandate; training plan
Value proposition of ERM: There is a from C-suite and board of directors; A __ exists to enable role performance
matters to the organizational performance
Organizational risk competency capabilities: Clear view into risk materiality and ability to narrow the focus to what really _____.
Maturity
refers to an evolution toward full development of the risk management attributes and competency drivers.
Maturity models
recognized measurement concept for demonstrating development progress; linked closely with continuous improvement; represent the degree of formality and effectiveness of risk management activities and processes at different levels; highlighting consistent outcomes across organizations.
milestone/s
Component in implementing enterprise risk plan: Define major ___, accountable stakeholder owners and a timeline for each __
monitoring schedules
Monitoring risk process: Establishing _____ to check progress over time
Monte Carlo analysis
mathematical technique that generates random variables for modelling risk or uncertainty of a certain system (simulation). The random variables or inputs are modelled on the basis of probability distributions
Monte Carlo, stress analysis
Examples of quantitative methodology for analyzing data
Nine-box approach
Approach that facilitates the consideration of the impact of decision within the various stages of decision-making. User knowledge from value chains and series of business processes steps that follow in succession. Tie in to the value creation and the resource of the value chain.
objective; benefits
Value proposition of ERM: It is _ as possible; it defines the __ deliverable to each stakeholder
Objective; Project; Product or Service overtime
Acceptable risk levels will be unique to each organization and its value chain and may vary by the following factors:
Operational risk assessment
may be limitd to uncertainties associated with existing operations and operational plans – the assets, processes, people and systems in place – in order to deliver a particular outcome, such as planned earnings.
organizational risk management competencies
Component in implementing enterprise risk plan: Design the plan so that it supports and aligns with the desired ______
organizational strategy
Risk strategy should be continually revised to align with ________.
Organizational Structure
Internal source of information that reports from different departments (HR, Legal, risk, operations, HS, environment, etc.)
organization’s strategies
Strategies to obtain support: Validate risk management strategies with key stakeholders to confirm alignment with the _____________
Organize
After obtaining information, what should be the next step to be done?
performance evaluation process
Success measures: Integrating risk success measurement into the organization’s ____
Performance management
Compentency drivers: ERM information and planning; communicating goals; ERM process goals and activities
performance measures
Elements of treatment plans: the ____ that validate that the solutions are working as planned
performance objectives
Monitoring risk process: developing risk metrics integrated with ___
Plan
A step in continuous improvement model to identify an opportunity and plan for change.
Plan – Do – Check – Act, Deming Cycle, Shewhart Cycle
Continuous improvement multi-step quality model
political climate
Strategies to obtain support: Asses the __ for change/improve risk management approach
Post-decision Environment
Decision has already been made; RMP should create a learning environment for stakeholders to identify risks to performance through the execution process; Determine when in execution process risk-based discussions still could be used to favorably impact the outcome
Pre-decision environment
Decision has not yet been made; RMP should be able to articulate the value that can be gained by including more formal risk management process into the decision-making process for more significant or complex project, initiatives and strategy setting
Primary responsibility of a great risk leadership
Ensuring that risk stakeholders are enabled to play their roles and are guided down the path of risk competency maturity over time
priorities
Monitoring risk process: setting _ based on desire performance
Prioritize
The step to choose the information that is most relevant, timely, useful and valuable for assessing risks that could affect the organization’s objectives.
Prioritize risks to be monitored
In monitoring risks, what should be done to identify the greatest potential for disrupting or accelerating performance?
Profitability and value
A benefit of ERM that provides improved profitability, increased shareholder value, reduced financial volatility
Progress reports
What should be monitored in terms of significant risks and use of risk process?
Progress report should include these issues in the normal business
Material risk target outcome; Specific activities that have taken place since the last report; Challenges in executing the risk treatment plan; A trend assessment in the risk profile against the targeted outcome
Project risk assessment
typically used to assess uncertainties and potential consequences related to expected outcomes of a particular initiative within the planned time, budget and scope.
Qualitative Scoring Method
Scoring Method when rating organization against peers based on economic, environmental and philanthropic programs that increase brand quality
Quantitative Scoring Methods
Scoring Method when rating organization against peers based on readily available data such as stock price, market capitalization and earnings per share
rationale; benefits
Elements of treatment plans: the _ for the selection of the treatment plans; including the expected to be gained
regulators; insurers; rating agencies
Component of risk communication strategy: Determine the requirements for communicating with external parties including _______
remediate
Strategies to obtain support: Identify gaps and __ them
reporting and monitoring
Elements of treatment plans: the required _______ of risks as part of normal business activity and reporting
Reporting structure and top management views
Determine the risk categorization that most closely aligns with:
Resources;
A method to identify uncertainties allocates resources for managing risk related to organizational objectives.
Reviews of the risk treatment plans
In monitoring risks, what should be scheduled as an ongoing agenda item in the responsible leader’s staff agenda?
Review the existing strategic plan
The first step for the risk manager is to ______________ to identify and understand the organization’s goals.
RIMS Risk Maturity Model (RMM)
A best practice framework for enterprise risk management. Developed as an umbrella framework of the international, cross-industry standards, the RIMS RMM allows organizations to measure how well their risk management efforts align with these best practices.
RIMS risk maturity model scoring
1 – Ad hoc; 2 – Initial; 3 – Repeatable; 4 – Managed; 5 – Leadership
Risk Analysis
The process of characterizing and understanding the nature of risk and of considering the level of risk in the context of the organization’s willingness to accept risk.
Risk analysis results to
determine the risk adjusted probability of achieving strategic objectives; determine the key risks that may negatively or positively affect the achievement of the strategic objectives
Risk appetite
The total exposed amount that an organization wishes to undertake on the basis of risk-return trade-offs for one or more desire and expected outcomes.
Risk appetite
is the total exposed amount that an organization wishes to undertake on the basis of risk-return trade-offs for one or more desire and expected outcomes.
Risk appetite management
Competency Drivers: Risk portfolio review; risk reward tradeoffs
Risk attitude
the organization’s or individual’s view/perspective of the perceived qualitative and quantitative value that may be gained in comparison to the related potential loss or losses.
Risk avoider
Risk attitude that considers “what can go wrong” rather than “what needs to go right” related to the decision
risk awareness
Organizational risk competency capabilities: __ as a core cultural characteristic
Risk Categorization
helps assign accountability, allocate resources, and ensure that the risk reports are more easily understood by top management
Risk Culture
The norms and traditions of behavior of individuals and of groups within an organization that determine the way in which they identify, understand, idsuss and act on the risk organization confronts and takes.
Risk evaluation
uses which risk criteria (risk appetite, risk tolerance, outputs from risk identification and risk analysis process) to determine which risks are acceptable and which require additional modification or treatment
Risk Evaluation Process
At what stage should the proposed risk treatment methods be evaluated to consider the cost-benefit of the measure to modify the risk and whether the risk treatment changes or introduces new to the organization and its value chain?
Risk Governance
The architecture within which risk management operates in the company
Risk Identification Process
Finding, Recognizing and Recording Risks
Risk interdependencies
are situations where risks can have a cascading effect. Understanding this provides an opportunity to facilitate collaboration among various business units by addressing similar or related risks together.
Risk management
strategic business discipline that supports the achievement of an organization’s objectives by addresssing the full spectrum of its risks and managing the combined impact of those risks as an interrelated portfolio.
risk management
______ should be an agenda item at every strategy session.
Risk management coaching process includes
Identifying coaching needs; identifying existing coaching relationships; conducting gap analysis between existing coaching relations and current coaching needs; matching coaches with targeted stakeholders
Risk management culture and governance
Examples include Adhere to systematic and consistent practices, limit future losses, optimal risk/reward structure
Risk management maturity
represents the degree of formality and effectiveness of risk management activities and processes in an organization at different levels, from ad hoc practices, to formal defined steps, to management result metrics to actively making the most effective use of processes and capabilities.
Risk management professionals can encourage continuous learning by
Advising on alignment of the decisions within the organization’s strategy and external information; Suggest improvements when changes may need to be made in other areas; Developing a sustainable communication process and network.
Risk management professionals can focus on the following in order to engage the risk network:
Discovering mutual benefits; Understanding the department’s specific objectives and the risk management process used; Demonstrating the value of an enterprise-wide approach to risk management
Risk management professional should focus on:
Strategic alignment; Success measures; Needed competencies; Securing support for the risk strategy
Risk management professional’s role: Coordinator
arranging logistics of formal risk management planning meetings; set the date, location and agenda; keep team current and engaged; this can include risk updates to support a report, highlight specific risk for comment, detailing successes or adverse events.
Risk management professional’s role: Facilitator
encourages participants to share relevant information; provides the team with updates on the changes in the organization; Query and challenge what is said in order to fully develop a concept or issue and explore risks from a 360-degree perspective
Risk management professional’s role: Spectator
refrains from influencing a risk dialogue; only take meeting notes or for staff development purposes, provide exposure to the risk management process
Risk management professional’s role: Strategic Advisor
provides insights on known and emerging risks; shares specialized knowledge on potential exposures; recommend actions and influence decisions, identify and solicit involvement from key stakeholders
Risk management strategies’ general focus
Meeting or exceeding an organization’s objectives
Adhering to control-based objectives, rules and/or controls
Complying with regulatory requirements
Risk Manager Core Competency Model
Consists of key skills and knowledge that will help a risk manager thrive. This can be used for position definition, professional development, communication and many other purposes
Risk metrics (key risk indicators)
In monitoring risks, what should be integrated into the performance objectives of the organization?
Risk Monitoring
Observe
Check the progress or quality of something over a period of time
Keep under systematic review
Risk network
the integration of risk management activities and resources across the organization
Risk neutral
Risk attitude that is indifferent as to risk-taking in relation to the decision
Risk owner
The individual who is ultimately accountable for ensuring that risk is managed appropriately, including the implementation of selected responses.
Risk ownership
Essential to the successful implementation of an ERM program because it places the responsibility, accountability and authority for volatile situations on those stakeholders directly affected by risk.
risk register
____ is a tool that can be used to provide an overview or the organization’s risk profile aligned to corporate strategy
Risk Register Analysis
compile risk into a risk register to analyze and manage those risks in an organized way, typically by category.
Risks
The effect of uncertainty on objectives
The chance of something happening that will have an impact on objectives
Being prepared for the worst and being poised to exploit opportunities as they are discovered
Risk seeker
Risk attitude that take on risk in order to maximize gain expected from the decision
Risk sharing/transfer
action taken when i) costs of retaining risk exceeds the organization’s risk tolerance; ii) risks or some portion can be transferred at a lower cost, iii) risks should be apportioned based o an agreement and iv) it is required by regulation.
risk strategy and tactics; the enterprise communication process, the desired risk culture
Component of risk communication strategy: Ensure alignment with ___
Risks viewed as an interrelated portfolio
Coordinated and strategic approach of risk management
Risk threshold
Level of uncertainty and potential impact that precipitates an organization to take action
Risk tolerance
The amount of uncertainty an organization is prepared to accept in total or more narrowly within a certain business unit, a particular risk category or for a specific initiative.
Risk tolerance
is the amount of uncertainty an organization is prepared to accept in total – or more narrowly, within a certain business unit, a particular risk category, or for a specific initiative.
Risk Treatments
Avoidance, Transfer, Acceptance, Mitigate
RMM attribute: Adoption of ERM-based process
RMM attribute: This attribute measures the organization’s risk culture, and considers the degree of executive or board-level support for enterprise risk management.
RMM attribute: Business resiliency and sustainability
RMM attribute: This attribute evaluates the extent to which business continuity, operational planning and other sustainability activities are approached with a risk-based methodology.
RMM attribute: ERM process management
RMM attribute: This attribute measures the extent to which the organization has adopted an ERM methodology throughout its culture and business decisions, and how well the risk management program follows best practice steps to identify, assess, evaluate, mitigate, and monitor risks.
RMM attribute: Performance management
RMM attribute: This attribute determines the degree to which an organization executes on its visions and strategy. It evaluates the strength in planning, communicating and measuring core enterprise goals with a risk-based process, and the extent to which progress deviates from expectations.
RMM attribute: Risk appetite management
RMM attribute: This attribute evaluates the level of awareness around risk-reward trade-offs, accountability for risk, defining risk tolerances, and whether the organization is effective in closing the gap between potential and actual risk.
RMM attribute: Root cause discipline
RMM attribute: This attribute assesses the extent to which an organization identifies risk by source, or root cause, versus the symptoms and outcomes they produce. Focusing on the root cause of a risk and classifying them accordingly, will strength response and mitigation efforts.
RMM attribute: Uncovering risks
RMM attribute: This attribute measures the quality and coverage of your risk assessments. It examines the method of collecting risk information, the risk assessment process and whether enterprise-wide trends and correlations can be uncovered from the risk information.
role
Component of risk communication strategy: Determine and define the _ of the risk management function in communicating with the media
Root Cause Analysis
multiple techniques designed to identify the underlying or initiating risk sources or drivers. (fault tree analysis, event tree analysis, failure mode and effect analysis and cause-and-effect analysis – fish bone diagram)
Root cause discipline
Competency Drivers: Dependencies and consequences; Indicator classifications; risk (uncertainties) and opportunity information collection; root cause consideration
Scenario analysis
process of analyzing possible and plausible future events by considering alternative settings, circumstances and outcomes. It provides a basis for making decisions in the context of different conditions.
secure support
Strategies to obtain support: Define, communicate and _______ from key leaders for the risk roles needed from stakeholders and employees in general, that would enable the desired risk competencies in the enterprise
Sentiments
A risk management professional may offer gratitude, appreciation or praise in exchange for implementing enterprise-wide colaboration
Significant importance or complex
A type of decision that require more deliberate effort. These decisions generally have some period of planning and a longer decision timeline.
Simple and frequent
A type of decision that are automatic, taken in the moment. These decisions generally rely on the knowledge and capability of the decision maker using the back-of-the-napkin technique.
Site analysis
leaders at each site perform an assessment by analyzing and evaluating the potential risks based on what is being produced at the site and its environmental factors. This may include threat, vulnerability and criticality analyses.
Skills
A risk management professional must possess communication, technical and interpersonal skills to obtain organizational information.
Strategic importance and complex
A type of decision that call for formal planning process over a longer timeline in which multiple risk management techniques can be applied. Decision quality elements should be embedded in the process. Due to the importance of the decision, biases should be formally considered by the entire planning team.
Strategic; Operational; Financial; Hazard; Regulatory
Common risk categorization
Strategic Plan
Determines that actions the organization will take at any stage of the planning period as circumstances change.
strategic planning team
The risk manager should be a part of the ___________ to provide the structure discipline for consideration of risks in a strategic portfolio.
Strategic risk assessment
focuses on broader deliberation and actions regarding uncertainties that affect an organization’s planned strategy and strategy execution such as growth or contraction objectives.
Strategic Risk Management
A business discipline that drives deliberation and action regarding uncertainties and untapped opportunities that affect an organization’s strategy and strategic execution.
Strategy
A complete plan of action for whatever situations might arise in achieving an organization’s goals within the established time.
strategy and measurement
Enterprise Risk Management, in contrast to traditional risk management, takes into account __________ where it considers all risks as part of strategy and includes the upside of risk, concept of build, expand and exploit to add value, push and pull of risk performance data and uses RIMS risk maturity model
Stress analysis
a form of simulation used to determine reactions to different situations. Also used to gauge how certain stressors will affect a company or industry.
strong relationship
Organizational risk competency capabilities: ____ with key stakeholders
Successful outcomes are more likely when risk management
Is integrated into day-to-day activities; Fosters collaboration cross-functionally; Builds competency through training and coaching; Strives for continuous improvement
success measurement; return on investment
Value proposition of ERM: There is a __ methodology; there some form of __ message that can ultimately be validated.
sufficient support for the strategy
Strategies to obtain support: Determine if there is _______ from your immediate chain of command
Support Function: Business continuity and crisis management
Risk identification, assessment and creation of emergency response and recovery plans related to threats or hazards that might lead to operational disruptions
Support Function: Compliance
Risk identification, assessment and treatment of risk related to regulations that may affect the organization’s ability to operate in its respective jurisdictions, as well as activities that fall within its compliance and ethics programs.
Support Function: Facilities
Risk identification, assessment and treatment of the organization’s properties, equipment and physical infrastructure systems.
Support Function: Information Security
Risk Identification, assessment and treatment of risk arising our of or affecting information and technology infrastructure.
Support Function: Internal Audit
Risk identification, assessment and treatment through audit plans with focus on fraud, corruption, regulatory noncompliance and/or misrepresentation related to the organization’s internal control systems, financial operations, financial statements and reporting as well as enterprise risk and the organization’s risk management framework and process.
Support Function: Legal
Risk identification, assessment and treatment of risks related to the obligation an organization undertakes and transfers through contracting, as well as its compliance with applicable laws and regulatory obligations.
Support Function: Project Management
Assess and identify project risks, mitigate threats and capitalize on opportunities that my affect the success of a specific project.
Support Function: Safety
Risk identification, assessment and treatment of risks focused on preserving the physical well-being of employees and third parties.
Support Functions: Quality
Risk identification, assessment and treatment of risks related to products and services.
Surveys, interviews and focus groups
Methodologies used for gathering data to identify a risk
SWOT Analysis
A method to identify uncertainties regarding obstacles and accelerators.
SWOT analysis
strengths and weaknesses (internal), opportunities and threats (external)
Synthesize
A process of combining information in ways that are coherent, logical and meaningful.
Tangible goods
A risk management professional may offer budget dollars, equipment or personnel time in exchange for implementing enterprise-wdse collaboration
Tangible services
A risk management professional may offer faster response, useful or sensitive information or public support in exchange for implementing enterprise-wide collaboration
To benchmark the organization against its peers and competitors, which information must be obtained?
Industry and trade publications; Stock analyst reports for publicly traded companies; Do your own research: Publicly available information such as google trends and prepare and competitive analysis
To build organizational awareness, risk management creates the most value when
Risk management Aligns with strategic goals; Takes corporate culture into account; Involves key enterprise functions
To build organizational awareness, the risk management professional needs to do the following:
Be a persuasive communicator and facilitator; Have a clear communication plan; Engage interested parties, including primary and secondary audiences; Demonstrate that risk management creates the most value ; Develop feedback loops for continuous learning
To embed risk management in both routine and strategic decision, what should managers be able to recognize?
The type of decision being made; Who should be included in the decision making process; Where in the process decisions are being made
Top Management
Participants in the ERM governance model who establishes risk management policies/tolerances; review and reports significant risk issues; controls risk governance and infrastructure
To successfully integrate risk management into decision making, risk management professionals will rely on strategies that draw on personal and technical skills in
Building organizational awareness; . Differentiating the different types of decisions used in varying situations using elements of decision quality; Performing various roles in the taking risk into account in decision-making process
Total cost of risk
Measurement of traditional risk management
Training needs assessment: How can the performance deficiency be fixed?
Can training fix the performance deficiency or suggest other remediation if training is not appropriate? Conduct a performance analysis to identify what skill deficiency is to be fixed by a training remedy.
Training needs assessment: What is the best way to perform?
Is there a better or preferred way to do a task to get the best results? Are job performance standards set by the organization? Are thre governmental regulations to consider when completing the task in a required manner? Conduct a task analysis to identify the best way to perform.
Training needs assessment: When will training take place?
What is the best timing to delivery training? Attendance at training can be impacted by work cycles, holidays and so forth. Conduct a contextual analysis to answer logistic questions.
Training needs assessment: Who is involved in the training?
involve appropriate parties to solve the deficiency. Conduct a target population analysis to learn as much as possible about those involved in the deficiency and how to customize a training program to capture their interest.
Training needs assessment: Why conduct the training?
to tie the performance deficiency to a working need and be sure the benefits of conducting the traiing are greater than the problems being cuased by the performance deficiency. Conduct two types of analysis to answer this question: 1) needs versus wants analysis and 2) feasibility analysis
Transfer risk using insurance
Strategy of traditional risk management
Treatment plans should be integrated to the:
management plans and processes of the organization
trusted adivsor
Organizational risk competency capabilities: Reputation for being technically risk-savvy and effective at influencing key decisions. Has earned the trust of leadership and decision-makers and is seen as a _.
type and frequency
Component of risk communication strategy: Define the _____ of internal messaging delivered to risk stakeholder leaders; risk owners; key functional leaders; business unit heads; top management; governing body
Ultimate risk oversight responsibilities
Belong at the board level
Uncovering risk
Competency Drivers: Formalized risk indicators and measures; adverse (potential) outcomes as opportunities; follow-up reporting; risk ownership by business areas
Unmanaged risk
greatest source of waste in business and economy and can have a damaging effect on companies, employees and communities where the business operates.
Validate and improve training programs
final step once the training is determined and materials are developed.
Value Chain
The series of functions, processes, materials and activities (inputs) from concept to the eventual end user that creates and builds value at every step in order to deliver a product or service.
Ways to benchmark
Industry groups; conferences, sumits and workshops; participation in surveys; association, academic, government and other research; networking
What actions could result to informed decisions that increase the likelihood of long-term organizational success?
Building organizational risk competency; Aligning risk strategy to corporate strategy; Embedding risk awareness and competency throughout organizational functions and processes
What are attributes of a learning organization?
Supports constructive criticism; Supports healthy debates; Open to understand attitudes about uncertainties, risk taking and tolerance
What are characteristics of decisions that may increase the odds of successful outcomes through risk-informed decisions?
Be transparent; Resolve potential conflicts; Follow escalation guidelines
What are the components of enterprise risk profile that must be communicated to key stakeholders?
Risk assessment; Risk appetite; Risk tolerance; Control process
What are the factors that are linked to value chain identification process?
Value chains; Resources within the value chain; Key inputs and outputs ; Differentiators within an organization with its peers; Influential macro-economic factors
What are the important ATTRIBUTES that are needed over the course of risk management professional career?
Assertiveness; Inquisitiveness; Judgment; Curiosity; Courage; Persuasiveness
What are the important SKILLS that are needed over the course of risk management professional career?
Investigation skills; Strategic thinking; Inductive reasoning; Behavior modification; Relationship development; Decision making
What are the methods of analyzing operations
Identify the methods; Compare operations with intended culture and strategy; Validate
What are the primary risk management skills?
Organize and synthesize; Differentiate and prioritize; Employ computer and math skills
What are the RMP’s core competencies?
Business insight; integrity/ethics; communication; collaboration; consultation
What are the specific knowledge risk professionals need during benchmarking?
Market analysis and environmental scanning; Business acumen-market analysis and value assessment; Due diligence and analytics
What are the steps in benchmarking?
Compare organization with peers and competitors; Differentiate and prioritize to identify peers
What are the steps to validate organizational information and behavior against an organization’s intended culture?
Scrutinize organizational functions; Compare the organization’s business model and strategy with its operations to identify connections and points of dissonance
What are the typical failures in risk management which can be avoided if it is embedded in the decision making process?
Program not integrated into strategy or its execution; Focused on the wrong risks; Not executed in a repeatable process; Risk management is practiced in a silo; Activity not viewed as being value added
What are two ways that companies achieve risk transfer?
Contractual risk transfer and insurance
What concepts do risk professionals need to be familiar during the value chain analysis?
Economic concepts; Business Process; Value Chains; Interdependencies between external factors and internal performance; Analysis of value chains, peer groups and statistical analysis
What could successful discussions reveal
Potential untapped opportunities; Uncertainties that may benefit from scenario planning; Cognitive Biases, anchoring and loss aversion; Potential outcomes
What does strategic risk management seeks to?
Drive deliberate and action regarding uncertainties and untapped opportunities that affect an organization’s strategy and strategy execution
What do learning objectives address?
Knowledge, skills or attitudes, what learners will know, such as the elements of risk management process, skills learners can hold, such as those relating to risk appetite and tolerance.
What is important in risk committees?
Purpose and process must be established (committee use and structure); Relationship between risk performance and the reward system
What is the process of giving advice?
Evaluate metrics and reports; Gain insights into organizational performance; Validate insights with key stakeholders; Develop recommendations; Communicate recommendations
What must be done when risks breach the organization’s risk tolerance levels?
Escalate the matter
What must risk leaders understand?
Organizational strategy and operations; Key strategic goals to define success; Operational tactics that will be used to achieve strategic goals; Ways in which risk will make or break mission accomplishment.
What occurs during the “pull” flow of information
Risk management professionals can pull information about new developments and promote action plans that manage significant risks
What occurs during the “push” flow of information?
Risk management professionals have an outlet to push out information to department leaders that might prompt them to reassess their business processes or even identify new exposures
What opportunity does risk management provide?
An opportunity to identify risks that can be exploited to benefit the organization’s mission and goals
What should be considered when selecting a risk governance framework to fit the risk maturity of the organization?
Does a standard or framework for risk management already exist? How effective is the current paradigm? What are the gaps between the current and ideal state? Which standard or framework do key stakeholders prefer?
What should be evaluated that may dramatically impact the organization’s strategic goals?
effect of significant acquisitions, organizational and process changes, other changes
What steps can the risk management professional take to embed risk management in decision making?
Include risk assessment in planning process; Leverage cross-functional risk assessment team and subject matter experts to identify enterprise risks; Consider cascading and cumulative effects
When creating reports and presentations, the following must be considered
Understand the audience; Understand the purpose; Type and detail of information; Insights and recommendations