3- Workplace- Knowledge- Risk Management
What is the usefulness of a key risk indicator (KRI)? A KRI provides early warning of risk emergence. A KRI provides a global assessment of an organization's exposure to risk. KRIs help prevent the emergence of identified risks. KRIs provide for greater accountability of risk control measures.
A KRI provides early warning of risk emergence Rationale A KRI is a metric that signals when risk exposure may be increasing. It can be used to identify emerging risks to the organization. KRIs monitor risk but do not prevent risks from occurring. They are not enough in themselves to create transparency and accountability. For more information, refer to Module Workplace, Functional Area 12, Section 2
What is a good example of an upside risk? Union demands for wages, benefits, and work conditions are obviously unrealistic. A team finishes its project two weeks ahead of the schedule. A technician proves highly skilled, invaluable, and irreplaceable. The organization would be the first major customer to install a leading edge information system.
A team finishes its project two weeks ahead of the schedule. Rationale An upside risk is an opportunity that arises out of uncertainty about outcomes. Completion date is uncertain, but early project completion is an opportunity: an uncertainty that has a positive outcome. A highly skilled technician is a benefit, not a risk. Unrealistic union demands could lead to highly contentious negotiations. Being the first to try a system carries more potential for downside risk than upside risk. For more information, refer to Module Workplace, Functional Area 12, Section 1
What is meant by the term "residual risk"? Amount of uncertainty remaining after all management efforts have been made Risk levels that lie above an organization's threshold for risk tolerance Risk that an organization has decided not to attempt to manage Amount of risk that is characteristic of an organization's industry
Amount of uncertainty remaining after all management efforts have been made Rationale Residual risk is the amount of uncertainty that remains after all possible management strategies have been exhausted. For more information, refer to Module Workplace, Functional Area 12, Section 3
What is the best way to evaluate an emergency response plan? Ask for insurance company input. Compare the plan to the previous plan. Have the plan reviewed by an agency in charge of emergency management. Conduct a crisis drill.
Conduct a crisis drill Rationale A simulated crisis in which the plan is tested will alert the company to changes that need to be made and is the best way to see how the plan performs. For more information, refer to Module Workplace, Functional Area 12, Section 4
What is the best method to use when training employees on an emergency response plan? Conduct drills and role plays. Schedule employee participation meetings. Show training films. Provide precise, easy-to-read manuals.
Conduct drills and role plays. Rationale The best way to practice any skill is to actually do the tasks involved. This rule also holds true for training in emergency response plans. If having the entire plant take part in the drill poses a production issue, parts of the plan can be drilled at a time. For more information, refer to Module Workplace, Functional Area 12, Section 3
Because of an increase in terrorism, a global organization establishes evacuation procedures and communication plans for company sites. The organization also creates a website that sits outside the company's firewall for easy access if the organization's network goes down. What activity has the organization completed? Communication analysis Emergency response planning Security risk analysis Vulnerability review
Emergency response planning Rationale An emergency response plan describes the actions to be taken in the event of a natural disaster, emergency evacuation, terrorist attack, or any other incident that disrupts the normal work pattern. Emergency response plans tell employees what to do. The organization's easy access website is an attempt to guide employees during the chaos. For more information, refer to Module Workplace, Functional Area 12, Section 3
What key characteristic of an effective risk management program is identified in ISO 31000? Represents significant investment of organizational resources Is developed by objective third-party experts Fits the organization's risk and control environment Is not subject to ongoing change and revision
Fits the organization's risk and control environment Rationale The only correct principle here is that an effective risk management program fits the organization's own risk and control environment. It cannot be a standard or "boilerplate" program but must manage the organization's unique risks with realistic and appropriate controls. For more information, refer to Module Workplace, Functional Area 12, Section 1
Which HR professional is fulfilling the correct role of HR in managing organizational risk? HR interfaces with the organization's insurer to determine what level of insurance is required throughout the organization. HR conducts regular health and safety reviews and administers documentation required by regulatory agencies. HR conducts a workshop with other functions to identify potential upside and downside risks to the next workforce management plan. HR analyzes past accident reports to detect common patterns and design appropriate supervisor and employee training.
HR conducts a workshop with other functions to identify potential upside and downside risks to the next workforce management plan. Rationale The best role recognizes the potential for upside (opportunity) and downside (threat) aspects of risk and approaches the task of identifying and planning for threats and opportunities in an enterprise manner, involving internal HR customers. Focusing on past health and safety issues is reactive and narrow in focus. HR cannot speak alone for the best way to manage risk in the organization. For more information, refer to Module Workplace, Functional Area 12, Section Introduction
What is the best example of risk mitigation? Training interviewers about proper questions to ask during hiring interviews Implementing an emergency communication system for assignees Requiring vaccination programs for assignees Requiring criminal background checks for applicants
Implementing an emergency communication system for assignees Rationale A risk mitigation strategy seeks to reduce the impact of an event rather than prevent it. A communication system cannot prevent crises, but it can decrease stress and reduce assignees' exposure to threats. For more information, refer to Module Workplace, Functional Area 12, Section 3
In terms of risk management, what is a control? Contingency plan to be implemented in the event of a crisis System to prevent the occurrence of a risk Mechanism to collect data for reporting to management Measure taken to reduce the probability or severity of a threat
Measure taken to reduce the probability or severity of a threat Rationale In risk management terminology, the most inclusive answer here is that a control is any measure that modifies risk by decreasing the likelihood that a risk event will occur or the impact that the event would have on the organization. For more information, refer to Module Workplace, Functional Area 12, Section 1
What is the primary distinguishing characteristic of an enterprise risk management framework? Emphasis on strategic risks that threaten organizational goals Focus on values and ethical systems that affect governance Proactive, as opposed to reactive, approach to managing risk Perception of risk as an integrated organizational issue
Perception of risk as an integrated organizational issue Rationale An enterprise risk management (ERM) system, such as COSO ERM, sees risk as an integrated issue that must be managed across divisions and functions in an enterprise. For more information, refer to Module Workplace, Functional Area 12, Section 1
What factors does the risk equation use to determine level of risk? Probability of occurrence and magnitude of impact Speed of onset and effectiveness of current controls Source of risk and number of business processes affected Potential for secondary risk and effectiveness of strategies
Probability of occurrence and magnitude of impact Rationale In the risk equation, the level of risk equals the probability of occurrence multiplied by the magnitude of the impact of the risk event. For more information, refer to Module Workplace, Functional Area 12, Section 2
What is the primary purpose of a safety self-audit? To ensure employee compliance with the organization's safety programs To eliminate unsafe acts To assign roles and responsibilities in the event of an accident To lower workers' compensation insurance premiums
To ensure employee compliance with the organization's safety programs Rationale A safety self-audit is conducted by an employer to assure the organization that employees are following safety-related policies and procedures. Workers' compensation premiums are most directly affected by an organization's rate of injuries. Being prepared to handle an emergency is a good practice, but it is more related to procedures and training than to an audit. An audit can only capture evidence of compliance or noncompliance. Compliance alone, especially if policies and training are faulty, will not eliminate unsafe acts. For more information, refer to Module Workplace, Functional Area 12, Section 4
An organization examines the level of probability for all types of losses to which it may be exposed. What aspect of risk is the organization studying? Mitigation planning Vulnerability Impact Risk tolerance
Vulnerability Rationale Vulnerability refers to the degree of probability that a loss will occur. Impact is the possible effect on the organization, and tolerance is the amount of risk the organization can survive if an event occurs. Mitigation planning occurs after analysis of probability, risk, and speed of onset. For more information, refer to Module Workplace, Functional Area 12, Section 2
An HR manager is preparing a risk management plan for a manufacturing floor. The manager has reviewed accident records from the past five years and talked with an insurer. What is the best way to obtain additional useful information? Ask an HR colleague in a different type of manufacturing setting. Distribute a questionnaire to all unit supervisors, asking them to identify and assess workplace risks. Walk through the area and observe conditions during work operations. Consult with representatives of manufacturers providing equipment used in the factory.
Walk through the area and observe conditions during work operations. Rationale The best solution among those offered would be direct observation. It would be more accurate than experience gathered from a dissimilar setting and broader than risks posed by equipment only. Questioning supervisors is a good idea, but even they may be too removed from the work area to know its risks fully. For more information, refer to Module Workplace, Functional Area 12, Section 2
