Task 1
|
Assessment Criteria
|
Indicative content
|
Explain the concept of risk management and its value to an organisation. Effective risk management at senior management level requires a clear corporate structure. Determine the roles and responsibilities for risk management at senior management level.
Select two risk management models and evaluate them in terms of effectiveness and being ‘fit for purpose’. Justify your evaluations.
Guideline word count: 800 - 900 words
|
A.C. 1.1 - Explain the meaning of risk management to an organisation
|
Here you are required to explain risk management within an organisational context and at this level you should be able to provide references to support your explanation. In your narrative you should not only explain the concept of risk but also the roles and responsibilities within risk management. A full answer might also include some of the following:
- Concepts of risk including strategic risk & strategic risk mgt
- The problems of risk in an organisation or operational context
- Risk and uncertainty.
- Strategic integration of risk management
- Unforeseeable risks - e.g. Nassim Taleb
- Predictability versus unpredictability
- Types of strategic risk, e.g. operational, financial , corporate,
environmental and project risk
- Risk and legislation
- Risk and stakeholder perception
|
A.C. 1.2 - Determine the roles and responsibilities for risk management at senior management level
|
Building upon 1.1 you are asked to give the roles and responsibilities at a senior management level. At this level of qualification this should be more than a list. Your answer should include some of the following:
- Senior management responsibilities
- Attitudes to risk - Hurwicz, Wald, Savage and Laplace criteria
- Managing the irrational risk in organisational risk management - Taleb
- Your risk vulnerability - Allan and Beer
- Managing complexity, uncertainty and ambiguity
- Dynamic risk management
- Senge’s ladder of inference
|
A.C. 1.3 - Evaluate risk management models
|
This criterion requires an evaluation of risk models. There should be an evaluation of a minimum of 2 models but could include more.
Your answer could include some of the following as part of your response:
- The ERM approach and components of ERM - COSO ERM framework and the pros and cons
- The MoR (Management of Risk) framework and its pros and cons
- The GRC capability model - Open Compliance & Ethics Group (OCEG) Red Book and its pros and cons
- IS0 31000:2009 standards and the pros and cons
- An organisation’s risk management policy, objectives and plan
- Six steps to managing strategic risks - Slywotzky and Drzik
- Ingredients of a risk management framework
- Strategic objectives, KPIs and risk
|
Task 2
|
Assessment Criteria
|
Indicative content
|
Identify six risk management criteria. Describe possible risks within the organisation and evaluate how the six risk management criteria can be used to assess these identified risks.
Critically analyse two techniques used to identify and quantify risks within the organisation including risk interdependencies.
Guideline word count: 800 - 900 words
|
A.C. 2.1 - Evaluate risk management criteria against which risk can be assessed
|
This assessment criterion again asks for an evaluation and at this level your evaluation should show the strengths and weaknesses of a range of criteria. Your answer might include some of the following:
- Risk management process - ISO 31000:2009
- The rational approach to decision making
- WBGU Risk classes and strategies
- Risk profile and risk appetite
|
A.C. 2.2 - Critique techniques to identify and quantify risk, including risk interdependencies
|
Here you are asked for a critique of the techniques that you might use to both identify and quantify risk including any interdependencies. In your narrative you could make reference to the following:
- Risk identification - Risk interdependency - ISO Guide 73:2009
- Risk analysis techniques
- Risk factors and criteria
- Problem of risk analysis: e.g. scoring methods
- Risk techniques such as: radar charts, the Failure Mode, Effects and Criticality Analysis (FMECA), probabilistic risk analysis and, Monte Carlo analysis.
|
Task 3
|
Assessment Criteria
|
Indicative content
|
Select four organisational risks and develop a strategy to eliminate one, mitigate one, deflect one and accept one of the risks. If risks are accepted include how they may be reduced. Justify your chosen strategy and refer to alternative strategies where appropriate.
Determine how your risk strategy will be communicated to others and what process will be followed to ensure their understanding and compliance.
Determine what resources will be needed for this risk strategy and how it will be managed to ensure it is effective.
Guideline word count: 800 - 900 words
|
A.C. 2.3 - Develop strategies to eliminate, mitigate, deflect or accept risk
|
For this assessment criterion you are required to develop strategies to eliminate, mitigate, deflect or accept risk. You answer would be enhanced by the inclusion of some work place examples. Your response should explore how you have or could develop strategies. In your answer you should cover:
- Risk evaluation
- Types of risk treatment strategies
You might also cover some of the following to support your chosen strategy:
- risk avoidance
- risk reduction
- risk transfer
- risk retention
|
A.C. 2.4 - Determine a process for communicating, resourcing and managing risk management strategies
|
This section looks at the communication, resourcing and management of risk strategies and will build upon your answer in 2.3.
- Communication methods –Shannon and Weaver
- Resourcing, allocating roles and responsibilities
- Corporate financial controls and governance
- Policy cascading and dissemination – a very good answer might reference Stafford Beers VSM and the use of complexity drivers to identify autonomous business units which require specific policy and governance
- Risk treatment plan
- Resourcing risk management strategies and plan
- Cost benefit analysis and securing funding
|
Task 4
|
Assessment Criteria
|
Indicative content
|
For the risk strategy created in Task 3, evaluate the possible outcomes for the organisation if it were to be implemented. Include in your evaluation the effect of this strategy on the organisation’s stakeholders.
Identify any possible actions which may be needed in order to respond to the outcomes generated by the risk strategy.
Guideline word count: 800 - 900 words
|
A.C. 3.1 - Evaluate the outcomes of risk management strategies
|
Here you are asked to evaluate the outcomes of risk management strategies and at this level you should provide a full evaluation of the outcomes of your strategy. In your response you should address most of the following:
- Aspects of strategic risk management evaluation - e.g. Hubbard
- The scope of strategic risk management evaluation
- Issues with control systems - e.g. Hubbard
- An assessment tool for strategic risk management - HM Treasury and EFQM Model
|
A.C. 3.2 - Determine actions to respond to outcomes of risk strategies
|
Having undertaken an evaluation of the outcomes you are now required to give the actions that arise from that evaluation in 3.1. In support of your action plan you could use some of the following:
- Improving strategic risk management - e.g. GRC capability
- Over-optimism in risk management - e.g. Hubbard
- Treasury and Risk’s 2009 Enterprise Risk Management
|
Task 5
|
Assessment Criteria
|
Indicative content
|
For an organisation you are familiar with devise a disaster recovery plan. Consider a range of factors within the plan such as resource implications.
Explain two possible influences that would affect a review of the disaster plan and how this may impact on the organisation.
Guideline word count: 800 - 900 words
|
A.C. 3.3 - Devise a disaster recovery plan
|
This section requires that you devise a disaster recovery plan. This may be in tabular form but could also be supported by a narrative that could covers the following:
- Planning for disaster
- Business impact analysis (BIA) - The Business Continuity Institute
(BCI)
- Ingredients and format of a BIA
- Devising a disaster recovery plan
|
A.C. 3.4 - Examine influences that would affect a review of the disaster plan
|
For this assessment criterion you should provide a review of the various influences that might affect a review of your disaster plan. This will build upon your answer to 3.3 but could include:
- Organisational processes for reviewing the disaster recovery plan
- Best practices for review
- Access to individuals and data
- Size of organisation
- Environmental and legal issues
|