Professional Documents
Culture Documents
RM Lesson #1 (Jan 28 2022)
RM Lesson #1 (Jan 28 2022)
RM Lesson #1 (Jan 28 2022)
LEARNING OUTCOMES
• Provide a range of definitions of risk and risk management and describe the usefulness of the various definitions;
• List the range of characteristics of a risk that need to be identified in order to provide a full risk description and justify the inclusion of each item;
• Summarize the options for the attachment of risks to various attributes of an organization and describe the advantages of each approach;
• Identify the features of the four types of risk that enable them to be identified as compliance, hazard, control and opportunity risks;
• Summarize the origins and development of the discipline of risk management, including the various specialist areas and approaches;
• Explain the characteristics of enterprise risk management (ERM) and the benefits of the ERM approach over traditional risk management;
• Summarize the principles (PACED) and aims of risk management and its importance to strategy, tactics, operations and compliance (STOC);
• Describe the key outputs of risk management in terms of mandatory obligations, assurance, decision making and effective and efficient core
processes (MADE2).
DEFINITIONS OF RISK
OXFORD ENGLISH DICTIONARY
A chance or possibility of danger, loss, injury or other adverse consequences’, and the definition of at risk is
‘exposed to danger’.
INSTITUTE OF RISK MANAGEMENT (IRM)
The combination of the probability of an event and its consequence. Consequences can range from positive to
negative.
ISO Guide 73
The ‘effect of uncertainty on objectives’.
An effect may be positive, negative, or a deviation from the expected.
The term likelihood is used rather than frequency, because the word frequency implies that events will definitely occur and the risk matrix is
registering how often these events take place. Likelihood is a broader word that includes frequency, but also refers to the chances of an
unlikely event happening. However, in risk management literature, the word ‘probability’ will often be used to describe the likelihood of a
risk materializing.
The word magnitude is used rather than severity, so that the same style of risk matrix can be used to illustrate compliance, hazard, control
and opportunity risks. Severity implies that the event is undesirable and is, therefore, related to compliance and hazard risks. The
magnitude of the risk may be considered to be its gross or inherent level before controls are applied.
• Strategy, because the risks associated with different strategic options will be fully analyzed and better strategic decisions will be
reached.
• Tactics, because consideration will have been given to selection of the tactics and the risks involved in the alternatives that may
be available.
• Operations, because events that can cause disruption will be identified in advance and actions taken to reduce the likelihood of
these events occurring, limit the damage caused by these events and contain the cost of the events.
• Compliance will be enhanced because the risks associated with failure to achieve compliance with statutory and customer
obligations will be recognized.
Risks cannot be considered outside the context that gave rise to them. It may appear that an organization is being risk aggressive,
when in fact, the board has decided that there is an opportunity that should not be missed. However, the fact that the opportunity
entails high risk may not have been fully considered.
Improvement in the robustness of decision-making activities is one of the key benefits of risk management. Attitude to risk is a
complex subject and is closely related to the risk appetite of the organization, but they are not the same. Risk attitude indicates the
long-term view of the organization to risk and risk appetite indicates the short-term willingness to take risk. This is similar to the
difference between the long-term or established attitude of an individual towards the food they eat and their appetite for food at a
particular moment in time.