A) A trend analysis is a mathematical technique which makes use of historical information to predict future outcomes.

B) Interconnections maps are used by the World Economic Forum to describe interconnections between risks. This provides a means to interpret how one risk impacts another and, as the report states, ‘mapping perceived interconnections between risks helps to understand the potential transmission channels between them’.

C) A fault tree analyses causes of a focus event using Boolean logic to describe combinations of faults – often used to investigate past events.

A) In understanding the term crisis management, we return to the description of a crisis as a situation or episode in which different individuals and groups seek to attribute meaning to a particular set of circumstances which pose extraordinary threats to an individual, institution and/or society. For this reason, crisis management can be viewed as more outwardly focused, notably in dealing with situations which have the potential for a wide social, political, economic or environmental impact.

B) Business continuity can be viewed as being more inwardly focused, namely in handling situations which may cause significant disruption to the continuity of an organisation’s business-critical operations and dependencies in its supply chain.

C) Disaster management as a term generally refers to the efforts of public agencies, communities and not-for-profit organisations to plan for and coordinate the recovery from a disaster, notably natural disasters such as hurricanes, earthquakes and floods and man-made acts of terror and public disorder. As such, it is more outwardly focussed.

A) Key personnel within the organisation will manage their relevant risks, although a CRO might be involved in the management of certain risks.

B) One key role of the CRO or equivalent senior executive is to independently report on risk to the board of directors.

C) Key personnel within a risk management team or external consultants will provide training to the Board, although the CRO would be involved in the development of the training and might deliver it in some organisations.

A) Being persuasive and influential: your ability to change other’s minds, to get them to see things your way, and to negotiate.

B) Although it is useful to be knowledgeable of risk management tools it is not a key skill of a risk manager / practitioner. Information on tools can be sought by internal or external experts.

C) Risk managers / practitioners do not need to know how to manage all risks for an organisation - key personnel within the organisation will manage their relevant risks, although risk managers / practitioners can provide advice and support.

A) Loss of reputation is most often caused by internal risks.

B) Although damaging, media stories can be contained – unless they are linked to internal risks.

C) External risks are not as damaging to an organisation, as it can be viewed that they are not the fault of the organisation – unless the organisation could have been better prepared to manage them.

A) This is a definition of decision-making.

B) This is the definition of problem solving.

C) This is part of the process of problem solving – establishing the need for a solution.

A) This is a definition of Corporate Social Responsibility (CSR).

B) This is a definition of Business Ethics.

C) This is a definition of Risk Culture.

A) Management of risk controls might be outsourced to external agencies – often experts in the particular discipline. Architects are an example of outsourced expertise.

B) A joint venture (JV) is a business arrangement in which two or more parties agree to pool their resources for the purpose of accomplishing a specific task. This task can be a new project or any other business activity

C) A strategic partnership is an arrangement between two companies or organizations to help each other or work together, to make it easier for each of them to achieve the things they want to achieve

A) The five components of the COSO Internal Control – Integrated Framework (2013) are: Control environment; Risk assessment; Control activities; Information and communication; Monitoring activities - not Risk identification (2) or Reporting (4).

B) The five components of the COSO Internal Control – Integrated Framework (2013) are: Control environment; Risk assessment; Control activities; Information and communication; Monitoring activities - not Risk identification (2) or Reporting (4).

C) The five components of the COSO Internal Control – Integrated Framework (2013) are: Control environment; Risk assessment; Control activities; Information and communication; Monitoring activities.

A) This is one of the principles of risk management.

B) This is the key purpose of risk management.

C) This is one of the Principles of risk management.