ARM 400 - Segment A - Chapters 1, 2, & 3
What risk criteria factors should be considered to align objectives, resources, and risk management policy?
-Causes of risk -Effects of risk -Metrics used to measure effects of risk -Time frame of potential effects -Methods to determine level of risk -Approach to combinations of risk
Arise from people or a failure in processes systems or controls, including those involving information technology; Pure risk
Operational Risk
A technique to quantify financial risk by measuring the likelihood of losing more than a specific dollar amount over a specific period of time
Value at risk (VaR)
Frequent fluctuations, such as in the price of an asset
Volatility
It is necessary to assess the risk appetite of a business supplier prior to doing business because understanding the risk appetite allows the organization to Select one: A. Leverage its payments to the supplier to the organization's advantage B. Ascertain whether the relationship is a good fit. C. Better control its production. D. Negotiate better prices and delivery times.
B. Ascertain whether the relationship is a good fit.
What are the bases of organizational culture?
Beliefs Values Behaviors
A network of objects that transmit data to and from each other without human interaction
Internet of Things (IoT)
Senior management of CAZ Company decides to cut its involvement with the local youth association and no longer allow its employees to work with kids during business hours. Additionally, they will no longer fund the Youth House. Which one of the following best describes how this action may affect its risk management profile? A. Corporation may increase its external social risk by negating any goodwill the community has for the company. B. Corporation may decrease its operations environment as the staff will have more time to devote to the company. C. Corporation may decrease its external political risk by removing itself from any community involvement. D. Corporation may increase its financial exposure by not having tax credits to offset its profits or losses.
A. Corporation may increase its external social risk by negating any goodwill the community has for the company.
Encouraging the expression of feelings as well as facts and following up with employees on the problems they report are two ways that managers and supervisors can Select one: A. Cultivate two-way communication. B. Support diverse groups. C. Facilitate active listening D. Maintain control of the conversation.
A. Cultivate two-way communication.
Parker International tends to communicate only the information that stakeholders need to complete their tasks and achieve goals. The management style at Parker International is Select one: A. Directive. B. Responsive. C. Delegating. D. Supportive.
A. Directive.
Which one of the following provides a measure of the maximum potential damage associated with an occurrence? Select one: A. Exposure B. Duration C. Underwriting risk D. Maximum probable loss
A. Exposure
Which one of the following should be part of an organization's standard operating procedures (SOPs) concerning external stakeholder communications? Select one: A. Instructions regarding what types of information can and cannot be released B. Instructions to avoid the use of social media C. Instructions to always use written communication, rather than verbal or nonverbal communication D. Instructions requiring the use of formal, rather than informal communication
A. Instructions regarding what types of information can and cannot be released
An organization must meet the standard of care that it owes to others in order to ensure that Select one: A. Legal obligations are satisfied. B. Operations are efficient. C. Contracts are not breached. D. Post-loss goals are in place.
A. Legal obligations are satisfied.
William is a risk manager for Green Mountain Trucking. He has always analyzed auto loss frequency and severity rates for the fleet. William would like to collect data on vehicle speeds, braking patterns, and distance traveled and compare that with the loss history. Which one of the following would help William capture and analyze this data? Select one: A. Vehicle telematics B. Text mining C. Catastrophe modeling D. Cloud computing
A. Vehicle telematics
Involves applying the defined risk criteria to determine the source, cause, likelihood, and potential consequences of each of the identified risks Can be quantitative, qualitative, or BOTH
Analyze Risk (Risk Management Process)
A speaker imparts information in verbal communications by Select one: A. Using appropriate facial expressions and gestures while other parties express their opinions and concerns. B. Having good listening skills and expressing facts and emotions through words and sometimes visual displays. C. Listening and verbally responding with anecdotes of prior meetings, leveraging humor as opposed to facts for discussion. D. Expressing facts and emotions quickly, inviting written questions for discussion at a future session.
B. Having good listening skills and expressing facts and emotions through words and sometimes visual displays.
North American Furnishings has been in business for 18 years. The organization's primary objectives are profitability and bottom-line results. It always sets aggressive goals. North American Furnishings values its customer bases. Which one of the following types of corporate culture exists at North American Furnishings? Select one: A. Adhocracy B. Market C. Hierarchy D. Clan
B. Market
A risk management professional is identifying the organization's key stakeholders as part of the enterprise risk management program. Which one of the following would be considered an internal stakeholder? Select one: A. General public B. Stockholders C. Suppliers D. Unions
B. Stockholders
Which one of the following is a tool that can be used by fraud investigators to compare documents and analyze notes? Select one: A. Telematics B. Text mining C. Root cause analysis D. Blockchain
B. Text mining
What are the three management styles?
Delegating Directive Supportive
any condition that presents a possibility of gain or loss, whether or not an actual loss occurs
Exposure
What are the four types of corporate culture?
Hierarchy Market Clan Adhocracy
Text Mining
Obtaining information through language recognition
The use of technological devices in vehicles with wireless communication and GPS tracking that transmit data to businesses or government agencies; some return information for the driver
Telematics
Estimated duration
Time Horizon
Arise from property liability, or personnel loss; Pure risk
Hazard Risk
Uncertainty about an investment's future value because of potential changes in the market for that type of investment
Market Risk
List External Environments
Physical Social Legal Economic
Sets of data that are too large to be gathered and analyzed by traditional methods
Big Data
A new computer chip that could position a company for explosive growth is an example of Select one: A. Strategic planning. B. Operational risk. C. Strategic risk. D. Tactical risk.
C. Strategic risk.
A risk that affects only some individuals, businesses or small groups Not highly correlated - gains and losses tend to occur randomly
Diversifiable Risk
Examples: Inflation, unemployment, natural disasters, system risks Correlated
Non-diversifiable risk
Amount of risk an organization is willing to take on in order to achieve an anticipated result or return
Risk Appetite
An organization's responsibility to its stakeholders and society to consider the consequences of its actions on all stakeholders and to protect the welfare of society overall
Social Responsibility
a chance of loss or no loss, but no chance of gain
pure risk
Effective risk management processes include ongoing monitoring with periodic review of results. What are they key purposes of monitoring?
-Determine the effectiveness of controls -Obtain information to improve risk assessment -Analyze events and their consequences to understand trends, successes, and failures -Observe changes in internal and external environments -Identify emerging risks
What are the five essential activities of the risk management process?
1. Scan the environment 2. Identify risks 3. Analyze risks 4. Treat risks 5. Monitor and Review
Adaptability is key; authority does not rest with one party, but rather moves from individual to individual or team to team as needed
Adhocracy (Corporate Culture)
The minimum standards of expected behavior for those to whom the code applies
Code of ethics
Examples of External Stakeholders
Customers/Consumers Suppliers Competition Governments Unions Trade Associations Nongovernmental Organizations Wholesalers Retailers/Brokers Society/General Public
Managers make most decisions and tell other exactly what to do to achieve goals. Management limits the flow of info in the interest of efficiency
Directive (Management style)
What makes up the Quadrant of Risk?
Hazard Risk Operational Risk Financial Risk Strategic Risk
Decision-making authority is well defined; rules and procedures are standardized
Hierarchy (Corporate Culture)
A qualitative estimate of the certainty with which the outcome of a specific event can be predicted
Likelihood
The organization is more concerned with outward relationships; primary objectives are profitability, bottom-line results, strength in market niches, stretch targets, and secure customer bases
Market (Corporate Culture)
the measurable variation in uncertain outcomes base on facts and data
Objective risk
List Internal Environments
Product Operations Cognitive Tech and Info Systems
Name the classifications of risk
Pure vs. Speculative Subjective vs. Objective Diversifiable vs. Nondiversifiable Quadrants of risk (hazard, operational, financial, and strategic)
A discrete unit within an organization, having a leader and specific objectives, at which level a particular risk (or group of risks) is most appropriately and effectively managed
Risk Center
Information used as a basis for measuring the significance of a risk
Risk Criteria
A foundation for applying the risk management process through the organization
Risk Management framework
An individual accountable for the identification, assessment, treatment, and monitoring of risks in a specific environment
Risk Owner
Examples of Internal Stakeholders
Shareholders/Owners Board of Directors Executives/Officers Managers Employees
Management explains the rationale for goals and decisions and encourages stakeholders to pursue related endeavors. Management is open to feedback from others, and stakeholders may establish their own communication networks
Supportive (management style)
Name three ways to communicate formally
Verbal Communication (clear expression of facts, emotions, and suggestions or instructions) Nonverbal Communication (Gestures, facial expressions, body language) Written Communication (Reports, memos, and emails)
the effects, positive or negative, of an occurrence
consequences
A relationship between variables
correlation
the total cost incurred by an organization because of the possibility of accidental loss
cost of risk
Advantages of Risk Centers
1. It allows for the involvement of operational managers, who have valuable knowledge and perspective to contribute to the risk analysis process 2. It helps focus the analysis on the organization's strategic goals and operational objectives and the threats and opportunities that can directly affect those goals and objectives 3. It ensures that risks are managed efficiently at an appropriate level within the organization
What are the basic risk measures?
1. exposure 2. volatility 3. Likelihood 4. Consequences 5. Time Horizon 6. Correlation
According to the law of large numbers, as the number of exposure units insured increases, Select one: A. The relative accuracy of predictions about future losses increases. B. The probability of an underwriting loss increases. C. The size of the average loss declines. D. Fewer losses are expected to occur.
A. The relative accuracy of predictions about future losses increases.
An organization evaluates key stakeholders' attitude toward risk in order to Select one: A. Understand what risks are acceptable and to develop an effective enterprise-wide risk management program. B. Understand the risk appetite in order to determine what information is disseminated. C. Understand acceptable risks and gauge its ability to attract new shareholders. D. Understand acceptable risks and gauge its ability to raise capital.
A. Understand what risks are acceptable and to develop an effective enterprise-wide risk management program.
Carol has worked as a payroll clerk for a small organization for 20 years. Over the years she received only two small salary increases and began to embezzle funds from the company since she felt she was not adequately compensated for her job efforts. In terms of the quadrants of risk, Carol's theft risk can be classified as Select one: A. A financial risk. B. Both a hazard risk and an operational risk. C. Both a hazard risk and a financial risk. D. A strategic risk.
B. Both a hazard risk and an operational risk.
Which one of the following is an internal source that can often provide information regarding risks that aren't obvious? Select one: A. Human resources B. Internal auditing C. Production manager D. Board of directors
B. Internal auditing
A distributed digital ledger that facilitates secure transactions without the need for a third party
Blockchain
One advantage that a national organization would derive from creating risk centers is that it Select one: A. Allows more independence for the risk centers so that they are not burdened with procedures. B. May allow risks to be managed on a small scale thereby relieving the organization from focusing attention on it. C. Allows for participation by operational managers who may contribute to the risk analysis. D. May segregate risks to protect the larger organization if the risk center fails.
C. Allows for participation by operational managers who may contribute to the risk analysis.
Carla, the risk manager, was asked by senior management to deliver a presentation on cyber risk at an all employees meeting. Even though she was only allotted 30 minutes for her presentation, Carla felt that cyber risk was a very real risk for the corporation and she wanted employees to leave with some fear of it. She wanted to provide employees with as much technical information as possible, and familiarize them with all of the important jargon. Less than 20 minutes into her presentation, Carla could tell that many of the employees were not paying any attention to her presentation. Which one of the following steps in the communication process had Carla failed to consider? Select one: A. Set a clear communication objective B. Pay attention to your body language C. Analyze your audience D. Ask for feedback
C. Analyze your audience
Which one of the following statements is correct regarding risk owners? Select one: A. The risk owner should be given full authority to make decisions without management involvement. B. Generally, external stakeholders should not be considered to be risk owners. C. Generally, the stakeholder who is most affected by or creates a risk should be its risk owner. D. The risk owner is usually a member of the senior management team.
C. Generally, the stakeholder who is most affected by or creates a risk should be its risk owner.
A vehicle manufacturer found that the exhaust system in certain models was not working properly. Some exhaust gases were releasing into the vehicle body. Rather than recalling the vehicles, they were shipped to South American markets. The manufacturer Select one: A. Is socially responsible because it does not force any individual to buy the vehicle. B. Is socially responsible because it shipped the vehicles out of the country thereby avoiding any US casualties. C. Has ignored its social responsibility as well as the risks involved with these actions. D. Has decided to transfer the risk to South American markets avoiding financial penalties.
C. Has ignored its social responsibility as well as the risks involved with these actions.
The fundamental purpose of a risk management framework is to Select one: A. Reduce the cost of risk. B. Maximize profits for all stakeholders. C. Integrate risk management throughout the organization. D. Define and eliminate potential losses.
C. Integrate risk management throughout the organization.
Jean is the Risk Manager for a Fortune 1000 company. Her CFO has tasked her to analyze vulnerabilities in the firm's supply chain. The adequacy of suppliers to meet an organization's needs would be an example of which one of the following types of risk? Select one: A. Financial risk B. Operating risk C. Operational risk D. Strategic risk
C. Operational risk
Shelton Manufacturing recently signed a contract with a new customer which will require them to increase production by 20 percent. The organization has decided to form a risk center to identify and assess the risks involved with this new contract, and manage them efficiently. Which one of the following individuals should be the risk owner? Select one: A. Sales manager B. New customer C. Production manager D. Senior manager
C. Production manager
Asking a question such as "How do you think this will work out?" can help a speaker do which one of the following? Select one: A. Build trust among a diverse group of individuals B. Gain the support of executives and decision makers C. Request feedback and determine if the message has been understood D. Deliver a message that recipients don't want to hear
C. Request feedback and determine if the message has been understood
Lucy is a chef at a restaurant. She is growing tired of working such long hours and not reaping the financial benefits. Lucy has been saving money with the goal of opening her own restaurant. She recently talked to a financial advisor about the options market as a way to grow her savings quickly. The financial advisor explained that it is a risky choice, but could potentially allow her to reach her goal of owning a restaurant in the near future. Lucy has decided to invest her savings in the options market. Which one of the following types of risk attitude does Lucy exhibit? Select one: A. Risk obsessed B. Risk optimizing C. Risk seeking D. Risk managed
C. Risk seeking
Which one of the following is one of the five steps of the risk management process? Select one: A. Allocate resources B. Establish accountability C. Scan environment D. Align and integrate
C. Scan environment
Twice a year, Medford Factory gives employees a day off to work in the community where the factory is located. The employees prepare and serve a holiday meal for members of the community, and they clean the neighborhood park in the spring. This practice is based on Medford Factory's Select one: A. Code of ethics. B. External governance. C. Social responsibility. D. Internal governance.
C. Social responsibility.
Aligning risks with the organization's risk appetite defines Select one: A. Value at risk. B. Compliance. C. Tolerable uncertainty. D. Social responsibility.
C. Tolerable uncertainty.
The organization is seen as family. Teamwork is emphasized, and workers are encouraged to voice suggestions on how to improve processes
Clan (Corporate Culture)
Information, technology, and storage services contractually provided from remote locations, through the internet or another network, without a direct server connection.
Cloud Computing
The risk that customers or other creditors will fail to make promised payments as they come due
Credit Risk
Which one of the following statements is true regarding the basic measures that apply to risk management? Select one: A. Hedging is a risk management strategy that can reduce the risk of correlation. B. Longer time horizons are generally less risky that shorter ones. C. Risk increases as volatility decreases. D. Consequences measure the degree to which an occurrence could positively or negatively affect an organization.
D. Consequences measure the degree to which an occurrence could positively or negatively affect an organization.
Which of the following risk management program goals is an essential goal for all public entities? Select one: A. Survival B. Growth C. Earning stability D. Continuity of operations
D. Continuity of operations
Samuel was recently hired as a risk management professional for Parker Property Management. He has been asked by senior management to review the organization's current insurance policies to make sure that the organization is adequately protected, and also see if there are any opportunities to save on the premiums. Samuel must do which one of the following through internal communication before he will be able to complete this task? Select one: A. Earn the confidence of the organization's board of directors B. Identify all of the risks that the organization faces C. Become familiar with industry regulations D. Determine the organization's risk appetite
D. Determine the organization's risk appetite
The main advantage of a formal internal communication system is that Select one: A. Employees do not have direct access to each other. B. It is easily accessed. C. Formal internal communications takes time which may resolve issues. D. Individuals know to whom to report.
D. Individuals know to whom to report.
Which one of the following best explains how a risk-managed organization views a proposed new product line? Select one: A. It attempts to join with another organization for a joint venture taking little of the actual risk on itself. B. It seeks methods of transferring the potential risks or avoids the risk totally. C. It determines the rewards of a new alternative and may underemphasize the impacts, variances and negative effects. D. It weighs the risk-reward relationship while realistically evaluating potential outcomes and consequences.
D. It weighs the risk-reward relationship while realistically evaluating potential outcomes and consequences.
After opening its third store, Shoehorn Shoes decided to purchase new inventory tracking software for all of its stores. Which one of the following external or internal environments does this decision relate to? Select one: A. Product environment B. Physical environment C. Economic environment D. Operations environment
D. Operations environment
Green Corporation suffered severe losses due to tornados at its northern facility. The Board of Directors issued a statement that the current costs outweighed any sustainable profits in the near term. The risk manager can best assist the Board in its long term decision making by Select one: A. Following the directives of the board of directors preserving his/her position with the company. B. Offering a white paper on the merits of shutting down the facility, laying off the staff and shifting the work to other locations. C. Playing no role since the risk manger's focus is on preventing loss rather than reviewing senior management decisions. D. Providing data on the frequency of wind storms, and work with the risk center and risk owner at that location to find alternatives to protect the facility.
D. Providing data on the frequency of wind storms, and work with the risk center and risk owner at that location to find alternatives to protect the facility.
BD Company has made widgets for over 79 years using the same production techniques for fear of the huge costs from potential consumer lawsuits if production is changed and product quality suffers. With respect to its risk attitude, this organization would be classified as Select one: A. Risk seeking. B. Risk optimizing. C. Risk naïve. D. Risk avoiding.
D. Risk avoiding.
Catastrophes such as recent earthquakes and the 2011 tsunami in Japan pointed out a need for many organizations to evaluate and manage their Select one: A. Derivative risk. B. Political risk. C. Compliance risk. D. Supply-chain risk.
D. Supply-Chain Risk
Which one of the following statements is correct regarding an organization's code of ethics? Select one: A. The code of ethics should provide a list of dos and don'ts that employees can use as a framework in making day-to-day decisions. B. The code of ethics should provide an organization with a set of parameters within which it should operate, with little room for interpretation. C. The code of ethics should primarily consider the social and ethical needs of its external stakeholders. D. The code of ethics should include principles and concepts that are dynamic enough to remain relevant in a rapidly changing business environment.
D. The code of ethics should include principles and concepts that are dynamic enough to remain relevant in a rapidly changing business environment.
Management provides broad, strategic direction, but lets stakeholders create their own methods of attaining goals
Delegating (Management style)
True or false: The key to implementing a process for managing risk is to organize all of the risks an organization faces and move sequentially through the steps of the process by applying each one.
False. The risk management process is really more of a set of interconnected activities that are occurring at the same time rather than a step-by-step process.
Arise from the effect of market forces on financial assets or liabilities and include market risk, credit, liquidity risk and price risk; Speculative risk
Financial Risk
A system or process that an organization uses to achieve its operational goals, internal and external financial reporting goals, or legal and regulatory compliance goals.
Internal Control
The risk that an asset cannot be sold on short notice without incurring a loss
Liquidity Risk
Uncertainty about cash flows resulting from possible changes in the cost of raw materials and other inputs (such as lumber, gas or electricity), as well as cost-related changes in the market for completed products and other outputs
Price risk
What two factors highly affect speculative risk?
Price risk & credit risk
Individuals with this risk attitude may believe that the result of their risk decision, which is based on a short term horizon, will allow the organization to reap significant rewards worth the risk (both upside and downside)
Risk Seeking (risk naive)
Individuals with this risk attitude focus on the negative side of potential risks. They seek methods of transferring risk to another entity to avoid it altogether, and they prefer to continue traditional methods of business operations rather than to innovate
Risk avoiding (risk obsessed)
Aggressive and conservative tendencies are balanced in this risk attitude. Individuals assess risk based on an organization's vision, mission, goals, values, and beliefs, and realistically evaluate potential outcomes and consequences
Risk optimizing (risk managed)
An innovative item that uses sensors; wireless sensor networks; and data collection, transmission, and analysis to further enable the item to be faster, more useful, or otherwise improved
Smart Product
a chance of loss, no loss, or gain
Speculative risk
Any individual or organization that is directly or indirectly involved with or affected by organizational decisions or activities
Stakeholder
Arise from trends in the economy and society, including changes in the economic, political, and competitive environments, as well as from demographic shifts; Speculative risk
Strategic Risk
the perceived amount of risk based on an individual's or organization's opinion
Subjective risk
The potential for a major disruption in the function of an entire market or financial system
Systemic Risk
Identifying risks relies on the risk professional's ability to performa or facilitate what key tasks involving communication?
This process relies on the risk professional's ability to perform or facilitate several key tasks involving communication, including these: 1. Asking the right questions of departmental stakeholders to understand their perspectives on the most pressing risks they face 2. Finding external experts who can shed light on emerging risks that the organization may not have anticipated previously and knowing how to speak their language to get the most from interactions with them 3. Collaborating with senior management and the board to ensure that risk associated with the organization's strategy are identified