Corporate Governance

Chapter 11: Risk Management

1. What is “Risk Management”?

Risk management is the process of doing certain acts, such as identifying,
analyzing, and controlling areas or events, to mitigate risks that may potentially cause
unwanted change and negatively impact an organization.

2. What is the basic approach in managing risks?

The basic approach in managing risks involves identifying, analyzing and
controlling areas or events with a potential for causing unwanted change.

3. How does ISO 31000 define “Risk Management?”

The ISO 31000 defines risk management as the identification, assessment, and
prioritization of risks followed by coordinated and economical application of resources to
minimize, monitor and control the probability and/or impact of unfortunate events and to
maximize the realization of opportunities.

4. What are the basic principles in risk management?

According to ISO, risk management should:
1. Create value- resources spent to mitigate risk should be less than the consequence of
inaction, i.e., the benefits should exceed the costs
2. Address uncertainty and assumptions
3. Be an integral part of the organizational processes and decision-making
4. Be dynamic, iterative, transparent, tailorable, and responsive to change
5. Create capability of continual improvement and enhancement considering the best
available information and human factors
6. Be systematic, structured and continually or periodically reassessed

5. Enumerate the steps in the ISO 31000 risk management process?

The process of risk management consists of the following steps:
1. ESTABLISHING THE CONTENT. This includes
a. Identification of risk in selected domain of interest
b. Planning the remainder of the process.
c. Mapping out the following:
i. Social scope of risk management
ii. Identity and objectives of stakeholders
iii. Basis upon which risks will be evaluated, constraints
d. Defining a framework for the activity and an agenda for identification.
e. Developing an analysis of risks involved in the process.
 f. Mitigation or Solution or risks using available technological, human and
organizational resources.
2. IDENTIFICATION OF POTENTIAL RISKS
3. RISK ASSESSMENT

6. What are the elements of the risk management process?

The elements of risk management process are:
1. Identification, characterization, and assessment of threats
2. Assessment of the vulnerability of the critical assets to specific threats
3. Determination of the risk
4. Identification of ways to reduce those risks
5. Prioritization of risk reduction measures based on a strategy

7. What are the key elements that the company-wide risk management system should
possess?
The key elements that the company-wide risk management system should
possess are:
1. Goals and objectives
2. Risk language identification
3. Organization structure
4. Risk management process documentation