1 Understand business risk concepts
1.1 Examine the internal and external risk factors that an organisation faces
1.2 Assess the potential impact of the risk factors that an organisation faces
1.3 Discuss risk management models
1.4 Explain the laws and legislation relating to risk management
2 Understand how to identify risk and risk probability
2.1 Discuss risk and risk interdependencies
2.2 Examine criteria against which risk management can be assessed
2.3 Evaluate the effectiveness of methods used for calculating risk probability
3 Understand business resilience and the management of risk
3.1 Explore the relationship between risk management, disaster recovery and business continuity
3.2 Evaluate a range of scenario planning and crisis management models
3.3 Analyse the benefit of risk governance structures and ownership
3.4 Evaluate techniques used to minimise business risk
3.5 Examine ways in which risk management techniques can be built into routine business processes
1 Understand business risk concepts
Risk factors: internal e.g. capital sufficiency, process breakdown, robustness of systems; external e.g. natural disaster, competitor activities, customer preferences; reputational perception; categories of risk e.g. operational, financial, hazard, strategic; consequences e.g. financial loss, output halted, reputational damage, business cessation
Risk management: identifying risks; quantifying risks; potential impacts of risks; risk rating; risk control; monitoring the risk environment; business risk management models e.g. risk maturity model, Committee of Sponsoring Organizations of the Treadway Commission (COSO), International Risk Governance Council (IRGC) Risk Governance Framework
Legal and regulatory framework: general legislation e.g. Health and Safety at Work Act 1974; Companies Act 2006; industry specific regulation e.g. for banking the Banking Act 2009, for aviation the Civil Aviation Act 2012; business risk management standards e.g. ISO 31000:2009 - Principles and Guidelines on Implementation, ISO/IEC 31010:2009 - Risk Management: Risk Assessment Techniques
2 Understand how to identify risk and risk probability
Risk identification: risk assessment; risk interdependencies e.g. loss of output, customer dissatisfaction, bad will generation, reputational damage; impact of risk occurring
Risk management criteria: criteria e.g. mandate, organisational structure, resources, methodologies, reporting lines, oversight (directorial, managerial)
Calculating risk probability: statistical measures of probability; establishing probability of a risk occurring; cost of a risk = (probability of a risk event happening) x (expected cost/loss when the risk event happens); using risk probabilities to manage risk
3 Understand how to identify risk and risk probability
Business resilience: risk management; business continuity e.g. identifying business critical activities, maintaining business critical activities when risk occurs, recovering business critical activities, integrating business continuity plan with risk management plan; disaster recovery
Scenario planning: isolating risk factors for analysis; scenario assumptions; creating scenarios; simulations; risk mapping; alternative futures; scenario outcomes; implications e.g. strategy, operations, resource requirements, costs, management
Crisis management: diagnosis; containment; business recovery; implementation of change; management responses e.g. Perrier Water benzene contamination, BP Deepwater Horizon oil spill
Risk governance: risk management strategy; risk management policies; risk management structures; purposes e.g. risk management, avoiding risks, mitigating impact of risk
