SEARCH
You are in browse mode. You must login to use MEMORY

   Log in to start

level: module 3

Questions and Answers List

level questions: module 3

QuestionAnswer
What is the typical risk analysis process?1. Establish the context. 2. Identify risks. 3. Analyse risks. 4. Evaluate risks. 5. Treat risks.
What is included in "establishing the context"?The internal context; The external context; The risk management context, Develop criteria; Define the structure (Many organisations have a risk management policy, identified priority risk categories and corresponding risk management strategies defined in a corporate framework document; AS ISO 31000:2018)
What is included in "identify risks"?What can happen? When and where? How and why? Best suited to a workshop environment.
What is included in "analyse risks"?Identify existing controls. Determine Consequences; Determine Likelihood; Determine level of risk
What is included in "evaluate risks"?Compare against criteria; Set priorities
What is included in "treat risks"?Identify options; Assess options; Prepare and implement treatment plans; Analyses and evaluate residual risk
What is a hazard?An event, situation or state that may give rise to a risk.
What is a risk?The chance of something happening that will have an impact an organisation or person’s ability to achieve business or personal objectives.
What is a control measure?An action taken to reduce the frequency and/or the severity of a risk.
What is the consequence of a risk occurring quantified by?-commercial terms (loss of $ value, replacement value), -environmental terms(such as contamination of a wetlands), -social terms (loss of amenity). Monetising all consequences is useful for combining a total impact. However, some consequences are difficult to monetise. (such as loss of an ecological species).
How are risks ranked?Using the likelihood and consequence of a risk occurring (each 1-5) Rated from extreme, high, medium to low.
What is the hierarchy of control measures in order of effectiveness?1. Eliminate or avoid the hazard or issue that is creating the risk 2. Control the risk to an acceptable level & manage 3. Transfer the risk to another party who can better manage the risk 4. Accept the risk and manage it closely
What does AS ISO 31000:2018 say about dealing with risk?Risk treatment options are not necessarily mutually exclusive or appropriate in all circumstances. Options for treating risk may involve one or more of the following: – avoiding the risk by deciding not to start or continue with the activity that gives rise to the risk; – taking or increasing the risk in order to pursue an opportunity; – removing the risk source; – changing the likelihood; – changing the consequences; – sharing the risk (e.g. through contracts, buying insurance); – retaining the risk by informed decision
What does ALARP stand for?as low as reasonably practicable
What are the four risk ratings?Active management, Control critical, Periodic monitoring, No major concern
What is "active management"?•Unsatisfactory controls in place. •High likelihood & consequence ratings. •Must have documented action plan.
What is "control critical"?•Good controls in place. •High likelihood & consequence ratings. •Careful management to maintain controls effectiveness. •Must have documented action plan.
What is "periodic monitoring"?•Satisfactory to poor controls in place. •Low likelihood & consequence ratings. •May have documented action plan.
What does "no major concern" involve as a risk rating?•Good controls in place. •Low likelihood & consequence ratings. •Documented action plan if other benefits accrue.
What does a risk register involve?• It can be used to filter risks, track progress, document action plans; • It is useful for risk owners, auditors, managers, directors; • It can be tailored to a reader’s particular need for detail; • Each business group within an organisation can have it’s own risk register, linked upwards to corporate policy level risks.
How are control measures classified?“Proactive” (affect the likelihood of an event occurring), or “Reactive” ( affect the level or duration of consequences)
What resources can you use to undertake the risk analysis process?•People with particular knowledge & previous relevant experience; • Corporate policy, guidelines and manuals (context); •Records of previous events or incidents (such as historical records, insurance reports, legal or governmental enquiries); •Reports about the planning & implementation of similar projects; • Outputs from brain-storming workshops using people with a wide range of expertise & experience.