Corp. Risk MGT Test 2

Holistic Risk Identification

A comprehensive approach where internal and external stakeholders communicate and collaborate to identify all risks facing the organization. Ensures no risk is overlooked and promotes enterprise-wide awareness.

Top-Down Approach

Senior management identifies key risks based on strategic objectives. Provides a high-level perspective but may miss operational risks.

Bottom-Up Approach

Employees identify risks from daily operations. Captures practical details but may miss strategic risks.

Combined Approach

Integrates both top-down and bottom-up views for a realistic and balanced risk profile.

Methods of Risk Identification

Techniques include analyzing financial statements, contracts, surveys, physical inspections, flowcharts, past data, and organizational charts to uncover potential exposures.

Facilitated Workshops

Interactive sessions led by a neutral facilitator where cross-functional teams brainstorm risks. Benefit: diverse perspectives. Limitation: potential groupthink.

Delphi Technique

Experts independently provide input through multiple survey rounds until consensus is reached. Benefit: cost-effective, eliminates bias. Limitation: limited innovation or new thinking.

Scenario Analysis

Team projects consequences of specific risks (“what-if” situations). Best for unique or high-impact risks. Limitation: limited by participants’ experience.

HAZOP Study

Structured, expert-led review of system design to find hazards or operability problems. Ideal for technical or scientific projects requiring precision.

SWOT Analysis

Assesses internal strengths/weaknesses and external opportunities/threats. Best for strategic planning or evaluating new projects.

Risk Map

Visual tool comparing risks by frequency and severity. Helps prioritize which risks to address first.

Prouty Approach

Matrix estimating loss likelihood and impact (severity) to determine risk management strategies.
Severity levels: Slight, Significant, Severe
Frequency levels: Almost Nil, Slight, Moderate, Definite

Limitations of Risk Maps

They don’t show correlations between risks — teams must discuss interdependencies separately.

Benefit of Diverse Groups in Risk ID

Different departments see risks differently, leading to a more complete understanding of the organization’s risk landscape.

Risk Analysis

Process of understanding risk sources, likelihood, and consequences to inform decisions.

Qualitative Risk Analysis

Uses descriptive scales (low, medium, high). Useful when data is limited.

Quantitative Risk Analysis

Uses measurable values (probabilities, dollar losses). Provides more precision.

Three Main Categories of Accident Causes

• Physical causes

• Human causes

• Organizational causes

Domino Theory (Heinrich)

Accidents occur due to a chain of events. Removing one “domino” (unsafe act/condition) prevents the accident. Best for human error cases.

Energy Transfer Theory

Accidents happen when energy is released in harmful ways. Focus: control or reduce energy transfer. Example: fire walls, speed limits.

Technique of Operations Review (TOR)

Accidents stem from management failures — poor procedures, unclear authority, or lack of accountability.

Change Analysis

Evaluates “what-if” scenarios to anticipate consequences of changes in systems or processes.

Job Safety Analysis (JSA)

Breaks down repetitive jobs into steps, identifies hazards, and assigns control responsibilities. Best for stable, repetitive environments.

Root Cause Analysis (RCA)

Identifies fundamental causes of incidents to prevent recurrence.
Characteristics: specific, identifiable, modifiable, preventable.
Causes: physical, human, organizational.

RCA Process Steps

• Collect data

• Chart causal factors

• Identify root cause

• Recommend and implement actions

Five Main RCA Approaches

Safety-based, production-based, process-based, failure-based, systems-based.

5 Why Analysis

Asks “why” repeatedly to drill down to the true cause.

Fishbone (Ishikawa) Diagram

Visual categorization of potential causes to find the root cause.

Fault Tree Analysis (FTA)

Maps event relationships using logic gates (AND/OR). Shows probability of failure events.

Exposure

Condition that could lead to gain/loss; measures potential maximum loss. Risk increases with exposure.

Likelihood

Probability of a specific event occurring.

Consequence

Effect (positive or negative) of an event.

Time Horizon

Duration of exposure; longer periods = higher risk.

Theoretical Probability

Calculated in advance using known data (e.g., coin toss).

Empirical Probability

Estimated using past data or simulations.

Law of Large Numbers (LLN)

As sample size increases, outcomes approach expected probabilities. Requires independent, consistent events.

Expected Value (Mean)

Weighted average outcome. Formula: Σ(p × x). - multiplying each possible value (x) of the variable by its probability (P(x)) and then summing all of these products together

Variance & Standard Deviation

Measure the dispersion of outcomes (volatility).

Coefficient of Variation (CV)

Standard deviation ÷ mean; compares relative risk between entities.

Value at Risk (VaR)

Maximum expected loss at a specific confidence level.

Conditional Value at Risk (CVaR)

Expected loss beyond the VaR threshold; better for “fat-tail” risks.

Earnings at Risk (EaR)

Estimates potential earnings drop due to market changes.

Trend Analysis

Uses past data to forecast future losses or gains.

Regression Analysis

Examines relationships between variables. Assumes linearity (Y = a + bX).

Decision Tree Analysis

Evaluates decision outcomes, costs, and gains; compares strategies to choose optimal paths.

Event Tree Analysis

Starts from an accident and explores consequences under various responses. Focus: system effectiveness.

Risk Treatment

Selecting and implementing actions to mitigate or exploit risks.

Residual Risk

Remaining risk after treatments are applied; must align with organization’s risk tolerance.

Risk Treatment Decisions

Based on risk identification, analysis, and impact on objectives.

Risk Control vs. Risk Financing

Control = reduce frequency/severity.
Financing = provide funds to cover losses (insurance, retention).

Main Risk Control Goals

• Reduce frequency

• Reduce severity

• Increase predictability

Avoidance

Eliminate risk entirely (proactive or reactive).
Use when risk has high frequency & severity.
Limitations: opportunity cost, legacy risks.

Loss Prevention

Reduce frequency of loss (e.g., safety training, inspections).

Loss Reduction

Reduce severity of loss, pre- or post-event (e.g., sprinklers, recovery plans).

Separation of Exposure Units

Spread assets/operations to limit impact of one loss. Tradeoff: increased frequency potential.

Duplication

Keep backup assets in reserve (e.g., spare equipment, data backups). Reduces severity.

Diversification

Spread risks across markets, regions, or products to make losses more predictable.

Technology & Risk Control

IoT, sensors, and analytics enable predictive risk management—shifting focus from reactive to proactive control.