ARM 400 Chapter one
Transducer
A device that converts one form of energy into another.
Key risk indicator (KRI)
A tool used by an organization to measure the uncertainty of meeting a strategic business objective.
True or false: The most experienced risk professionals understand how to exploit pure risk for upside.
False. Although risk professionals ultimately try to manage threats and opportunities holistically, not all individual risks have upsides. In fact, the defining feature of pure risk, which constitutes a significant portion of the risks that organizations confront, is that there is no associated chance of gain—only loss or no loss.
True or false: KPIs and CSFs are two different acronyms that describe essentially the same performance measure. In other words, they are interchangeable.
False. KPIs and CSF aren't the same, but they are interrelated. KPIs measure activity tied to a CSF.
Volatility
Frequent fluctuations, such as in the price of an asset.
Describe the types of risk New Company would have in each of the four risk quadrants.
In the hazard risk quadrant, New Company would have property damage risks to its plant and equipment resulting from fire, storms, or other events. It would also have risk of injury to its employees and liability risks associated with its products. In the operational risk quadrant, New Company would have risks from employee turnover or the inability to find skilled employees. It would also have business process risk related to how it manages its supply chain and information technology risk related to its automated manufacturing process. In the financial risk quadrant, New Company would have exchange rate risk related to its European sales. It would also have price risk for raw materials and supplies. Strategic risks include competition, economic factors that could affect consumer demand, and the political risk arising from countries in which the company's component suppliers are located.
Consquences
The effects, positive or negative, of an occurrence.
business process automation (BPA)
automation of complex processes through technology, and it has given way to robotic process automation (RPA).
Speculative risk is highly affected by these factors:
1. Price risk 2. Credit risk
Blockchain
A distributed digital ledger that facilitates secure transactions without the need for a third party.
Risk management framework
A foundation for applying the risk management process throughout the organization.
Likelihood
A qualitative estimate of the certainty with which the outcome of a specific event can be predicted.
Risktech
Risk monitoring and mitigation technology.
Objective risk
The measurable variation in uncertain outcomes based on facts and data.
Liquidity risk
The risk that an asset cannot be sold on short notice without incurring a loss.
Ways that subjective and objective risk can differ:
- Familiarity and control - Consequences over likelihood - Risk awareness
Although no consensus exists about how an organization should categorize its risks, one approach involves using risk quadrants:
- Hazard risks arise from property, liability, or personnel loss exposures and are generally the subject of insurance. - Operational risks fall outside the hazard risk category and arise from people or a failure in processes, systems, or controls, including those involving information technology. - Financial risks arise from the effect of market forces on financial assets or liabilities and include market risk, credit risk, liquidity risk, and price risk. - Strategic risks arise from trends in the economy and society, including changes in the economic, political, and competitive environments, as well as from demographic shifts.
Risk Appetite
.Amount of risk an organization is willing to take on in order to achieve an anticipated result or return.
The resulting reduction in uncertainty offers organizations these benefits:
1. Alleviates or reduces management's fears about potential losses, thereby increasing the feasibility of ventures that once appeared too risky 2. Increases profit potential by greater participation in investment or production activities 3. Makes the organization a safer investment and therefore more attractive to suppliers of investment capital through which the organization can expand
Identify risks relies on the risk professional's ability to perform or facilitate several key tasks involving communication, including these:
1. Asking the right questions of departmental stakeholders to understand their perspectives on the most pressing risks they face 2. Finding external experts who can shed light on emerging risks that the organization may not have anticipated previously and knowing how to speak their language to get the most from interactions with them 3. Collaborating with senior management and the board to ensure that risk associated with the organization's strategy are identified
The cost of risk associated with a particular asset or activity is the total of these costs:
1. Costs of accidental losses not reimbursed by insurance or other outside sources 2. Insurance premiums and expenses incurred for noninsurance indemnity 3. Costs of risk control techniques to prevent or mitigate accidental losses 4. Costs of administering risk management activities
These are the key purposes of monitoring:
1. Determine the effectiveness of controls 2. Obtain information to improve risk assessment 3. Analyze events and their consequences to understand trends, successes, and failures 4. Observe changes in internal and external environments 5. Identify emerging risks
Before speaking with a group or individual, it's important to step back and establish a plan that ensures the most clear and productive communication process. Here are some ways to do this:
1. Set a clear communication objective. 2. Analyze your audience. 3. Decide when and where to talk. 4. Pay attention to your body language. 5. Ask for feedback.
Legal and Regulatory Compliance
1. Standard of care owed to others 2. Contracts entered into by the organization 3. Federal, state, provincial, territorial, and local laws and regulations
Pure Risk
A chance of loss or no loss, but no chance of gain. Pure Risks are always undesirable.
Speculative risk
A chance of loss, no loss, or gain. Can be desirable.
Strategic risks
A company could incorrectly characterize its customers and offer higher-priced merchandise in an area that is in financial decline.
Operational risks
A company's website for customer orders may be out of service for several days.
Hazard risks
A customer may be injured in a retail store, or a kitchen fire may damage a restaurant.
Accelerometer
A device that measures acceleration, motion, and tilt.
Risk center
A discrete unit within an organization, having a leader and specific objectives, at which level a particular risk (or group of risks) is most appropriately and effectively managed.
Key performance indicator (KPI)
A measurement that defines how successfully an organization is progressing toward its long-term goals.
Actuator
A mechanical device that turns energy into motion or otherwise effectuates a change in position or rotation using a signal and an energy source.
Internet of things (IoT)
A network of objects that transmit data to and from each other without human interaction.
Correlation
A relationship between variables.
nondiversifiable risk
A risk that affects a large segment of society at the same time include inflation, unemployment, and natural disasters such as hurricanes. Nondiversifiable risks are correlated.
Diversifiable risk
A risk that affects only some individuals, businesses, or small groups.
Internal control
A system or process that an organization uses to achieve its operational goals, internal and external financial reporting goals, or legal and regulatory compliance goals.
Business process management (BPM)
A systematic, iterative plan to analyze and improve business processes through life-cycle phases to achieve long-term goals and client satisfaction.
Value at Risk (VaR)
A technique to quantify financial risk by measuring the likelihood of losing more than a specific dollar amount over a specific period of time.
Critical success factor (CSF)
An element, necessary for an organization's success, that is derived from a strategic objective.
Risk owner
An individual accountable for the identification, assessment, treatment, and monitoring of risks in a specific environment.
Smart Products
An innovative item that uses sensors; wireless sensor networks; and data collection, transmission, and analysis to further enable the item to be faster, more useful, or otherwise improved.
Financial risks
An organization is subject to financial risk when it invests in a company's stock because the stock may increase or decrease in value.
Social responsibility
An organization's responsibility to its stakeholders and society to consider the consequences of its actions on all stakeholders and to protect the welfare of society overall.
Exposure
Any condition that presents a possibility of gain or loss, whether or not an actual loss occurs.
Stakeholder
Any individual or organization that is directly or indirectly involved with or affected by organizational decisions or activities.
The major options for risks:
Avoid the risk Modify the likelihood and/or impact of the risk Transfer the risk Retain the risk Exploit the risk
These are the bases of organizational culture:
Beliefs—The practices and concepts that employees accept as true. Assumptions formed from these beliefs ultimately drive behavior. Values—These are exhibited through the organization's goals and how it pursues them. Behaviors—These are determined by organizational values. The organization's employees establish and expect all staff to exhibit a certain norm or standard of behavior based on values and assumptions.
Management styles fall into these categories:
Delegating—Management provides broad, strategic direction, but lets stakeholders create their own methods of attaining goals. Directive—Managers make most decisions and tell others exactly what to do to achieve goals. Management limits the flow of information in the interest of efficiency. Supportive—Management explains the rationale for goals and decisions and encourages stakeholders to pursue related endeavors. Management is open to feedback from others, and stakeholders may establish their own communication networks.
BPM Life Cycle
Design/redesign processes Model scenarios Execute process changes Monitor results optimize processes
Time Horizon
Estimated duration.
True or False: Most organizations' sole risk management objective is to mitigate the effects of accidents.
False. A holistic risk management approach entails the pursuit of a variety of objectives besides mitigating the effects of accidents.
True or false: Risk quadrants isolate risks into single categories, thus allowing each risk to be treated according to its specific quadrant.
False. In fact, many of the risks that pose the most potent threats and greatest opportunities actually fall into more than one risk quadrant. And the manner in which risks from all quadrants intersect to form an organization's holistic risk portfolio is a vital determinant of the strategies that can best mitigate negative outcomes and exploit positive ones.
True or false: Business process management is successfully completed when a process (or process improvement) is deemed to be a total success.
False. Regardless of whether a process is a total success, the five-step BPM life cycle is not complete. In fact, one of the major benefits of the BPM life cycle is that it promotes continual improvement.
True or false: The key to implementing a process for managing risk is to organize all of the risks an organization faces and move sequentially through the steps of the process by applying each one.
False. The risk management process is really more of a set of interconnected activities that are occurring at the same time than a step-by-step process.
Examples of KPIs
Financial indicators: - Operating margin: operating income divided by net sales - Net margin: net income divided by net sales - Return on assets: net income divided by average assets Staffing indicators: - Revenue productivity index: income divided by staffing head count - Employee retention: percentage change in base period head count after employee turnover Operations indicators: - Inventory turnover: cost of goods sold divided by average inventory - Capacity utilization: actual unit output divided by potential unit output
Can you name some characteristics of effective KRIs?
Generally, the most effective KRIs are quantifiable, predictive, supportive of a management decision, capable of being benchmarked, and reviewed on a regular basis. Is your organization developing KRIs with these characteristics in mind?
Quadrants of risk
Hazard, Operational, Financial, Strategic
The Four Types of Corporate Culture
Hierarchy—Decision-making authority is well defined; rules and procedures are standardized. Market—The organization is more concerned with outward relationships; primary objectives are profitability, bottom-line results, strength in market niches, stretch targets, and secure customer bases. Clan—The organization is seen as a family. Teamwork is emphasized, and workers are encouraged to voice suggestions on how to improve processes. Adhocracy—Adaptability is key; authority does not rest with one party, but rather moves from individual to individual or team to team as needed.
Risk criteria
Information used as a basis for measuring the significance of a risk. Causes of risk Effects of risk Metrics used to measure effects of risk Timeframe of potential effects Methods to determine level of risk Approach to combinations of risk
Cloud Computing
Information, technology, and storage services contractually provided from remote locations, through the internet or another network, without a direct server connection.
The use of risk centers offers these advantages:
It allows for the involvement of operational managers, who have valuable knowledge and perspective to contribute to the risk analysis process. It helps focus the risk analysis on the organization's strategic goals and operational objectives and the threats and opportunities that can directly affect those goals and objectives. It ensures that risks are managed efficiently and at an appropriate level within the organization.
Agency costs fall into three categories:
Monitoring costs: The majority of monitoring costs are borne by shareholders. An example of monitoring costs is the fee paid to an external auditor to verify the corporation's financial statements. Bonding Costs: Managers may incur various costs to demonstrate that they are serving (or will serve) shareholders' interests. An example of bonding costs is a manager's willingness to accept noncash compensation in the form of stock options or restricted stock that links the manager's compensation to the corporation's performance. Incentive Allignment Costs:Because monitoring and bonding activities are not 100 percent effective, corporate decisions will not always benefit shareholders. As a result, corporations generally are worth somewhat less than they would be if corporate decision makers' incentives were perfectly aligned with shareholder interests. As an example of incentive alignment costs in the context of risk management, some managers might be overly cautious (risk averse) because their jobs and investment in the corporation's stock are at risk if unfavorable outcomes occur. Therefore, they may avoid projects perceived as too risky, even if those projects would increase the corporation's economic value. Similarly, managers may devote more corporate resources to risk reduction or risk transfer than necessary to maximize the value of the corporation's stock.
Text Mining
Obtaining information through language recognition
Examples of KRI Metrics
Percentage change from prior period (day/month/quarter/year) Budget variance percentage—current result divided by expected result Aged accounts receivable—unpaid customer invoice amounts greater than a given number of days, which may affect bad debt reserves Aged accounts payable—unpaid vendor invoice amounts greater than a given number of days, which may result in legal action
In what ways do you think risk management can support an organization's resolution of ethical issues?
Risk management can create a framework for correcting ethics-related situations by establishing a strong communication process to support resolution of ethical issues. When an organization has a sound risk management framework in place, feedback can be solicited to improve management controls, reduce risk, and find solutions to ethical problems that may affect profits, create liabilities, and damage the organization's reputation if left unaddressed.
Big data
Sets of data that are too large to be gathered and analyzed by traditional methods.
Preventive analytics
Statistical and analytical techniques used to influence or prevent future events or behaviors.
Economic capital
The amount of capital required by an organization to ensure solvency at a given probability level, such as 99 percent, based on the fair value of its assets minus the fair value of its liabilities.
Risk tolerance
The amount of uncertainty an organization is prepared to accept in total or more narrowly within a certain business unit, a particular risk category or for a specific initiative. (Used with permission of RIMS.)
Code of ethics
The minimum standards of expected behavior for those to whom the code applies.
Subjective risk
The perceived amount of risk based on an individual's or organization's opinion.
Systemic risk
The potential for a major disruption in the function of an entire market or financial system.
Credit risk
The risk that customers or other creditors will fail to make promised payments as they come due.
cost of Risk
The total cost incurred by an organization because of the possibility of accidental loss.
Insurtech
The use of emerging technologies in the insurance industry.
Telematics
The use of technological devices in vehicles with wireless communication and GPS tracking that transmit data to businesses or government agencies; some return information for the driver.
How many basic risk measures can you name?
There are numerous basic risk measures, but six commonly used ones are exposure, volatility, likelihood, consequences, time horizon, and correlation. These all attempt to quantify the risks an organization faces, which is essential to developing strategies to treat them.
Market risk
Uncertainty about an investment's future value because of potential changes in the market for that type of investment.
Lidar
Uses infrared light to detect nearby objects.
When disagreeing or identifying difficulties with a co-worker, subordinate, or person outside the organization, is it better to use an "I" message or a "you" message?
When disagreeing or identifying difficulties with someone, it's best to send "I" messages. However, people tend to do the opposite in such situations, instead stating their dissatisfaction through "you" messages. For example, when talking with a subordinate who is underperforming, a manager may want to say something like, "Rebecca, you're not doing a good job managing your clients." While this may be accurate, the more constructive and less-deflating way to deliver the same criticism is by sending an "I" message, such as, "Rebecca, I think there is room for improvement in the way you manage your clients."
An organization's corporate governance is about acting in the best interests of all its stakeholders, including shareholders. But is it beneficial to separate the ownership of an organization from control of the organization?
Yes. Separating ownership and control provides many benefits that risk professionals should be aware of, and this section will explore many of them.
Senors
a device that detects and measures stimuli in its environment.