Rimap Body of Knowledge

Download as pdf or txt
Download as pdf or txt
You are on page 1of 54

BODY OF KNOWLEDGE

SEPTEMBER 2015

BY

BODY OF KNOWLEDGE

BY

BODY OF KNOWLEDGE

The team was coordinated by:

This document sets out the core information


that underpins the rimap certification.
Its purpose is to define the academic and
professional knowledge that candidates,
organisations and individuals must demonstrate
to receive the rimap status. The Body of
knowledge is made up of seven blocks.

Marie Gemma Dequae (BELRIM), FERMA


Scientific Adviser, former Group Risk and
Insurance Manager (Bekaert)

The tables on pages 2 to 8 summarise the


aims and scope of each of the seven blocks.
The learning outcomes for each block are
defined in the tables on pages 8 to 48.

THE KNOWLEDGE TEAM


The Body of knowledge was developed by a
team of seven people, representing different
national associations. Their experience and
expertise enabled a wide variety of opinions
and perspectives to be captured. The goal
has been to ensure that the content is as
representative and relevant as possible.
FERMA would like to thank the members of
the knowledge team for their hard work and
commitment in developing this document, as
well as for their ongoing contribution to the
certification programme.

M Isabel Martnez Torre-Enciso (AGERS),


FERMA vice president and Head of the
Finance and Marketing Department of the
Universidad Autnoma de Madrid (UAM)
Other members of the team were:
Torgny Bogrde (SWERMA), former vice
chairman SWERMA, board member of several
companies, Partner and GRC Consultant at
Allevo AB
Anna Korbut (RusRisk), Executive Risk
Manager, FERMA Board member
Franois Malan (AMRAE), Group Risk
Manager, Nexity
Sawomir Pijanowski (POLRISK),
Corporate Risk Manager at Postal Mutual
Insurance Company
Klemen Potisek (SI.RISK), State Secretary,
Ministry of Infrastructure, Republic of
Slovenia

ABOUT

The purpose of the rimap certification is to


define the knowledge-base that risk managers
need to be familiar with in order to do their
jobs, and to enable them to attain this
knowledge in a structured way.
The certification programme defines the
knowledge that candidates require to obtain
the certification at both rimap and rimap
Advanced levels.

TABLE 1. STRUCTURE OF
THE BODY OF KNOWLEDGE
BLOCK 00: Business basics for the risk
manager
BLOCK 01: Essentials of risk management
BLOCK 02: Risk assessment
BLOCK 03: Risk treatment I
BLOCK 04: Risk treatment II
BLOCK 05: Risk communication,

monitoring and review
BLOCK 06: Specific risk management topics

The Body of knowledge is comprised of


seven blocks. Each of these blocks describes
the knowledge candidates are required to
demonstrate, beginning with the most general
information and progressing to the most
specific level. This progression from general to
specific is broken down into blocks, topics and
chapters. For example:
BLOCK 02: Risk assessment


TOPIC 3. Risk identification techniques


CHAPTER: Methods of identifying risks
and loss exposure (rimap Advanced)

In this document, ISO terminology has been


used, along with information from other
frameworks and professional standards.
The intention has been to bring together as
much relevant knowledge for professional
development as possible in one place,
regardless of whether it is included in existing
standards or not.
The structure of the blocks follows the risk
management process, starting with Block 00,
which covers the business basics for risk
managers.

DESCRIPTION
OF THE BLOCKS

Block 00
BUSINESS
BASICS FOR THE
RISK MANAGER
COMMENTS
Block 00 prepares
candidates for the
remainder of the programme
by reviewing and defining
fundamental aspects of
business management. The
goal is to equip candidates
with the essential
management tools they will
require as they progress to
more senior roles within
their organisation. Block 00
will also help individuals
identify the computer skills
they will require throughout
their career.

AIM
The aim of this block is to enable applicants to map their existing
knowledge and experience to the learning objectives of the rimap
certification. Block 00 covers the basic knowledge, skills and techniques
that are pre-requisites for developing a career as a risk manager.
INPUT
Much of the input for this block will come from candidates prior
knowledge and experience of risk management.
OUTPUT
This introductory block will enable applicants to put their existing
knowledge and skills in context, and to revise basic principles in readiness
for completing the other blocks.
COVERAGE
1. Essentials of economics
and international business
2. Basic statistics and financial mathematics
3. Basic corporate finance
4. Financial statements
5. Basics of general management
6. Legal and contract management
7. Basic marketing
8. Communication
9. Information technology
10. Change management

Block 01
ESSENTIALS
OF RISK
MANAGEMENT

AIM
This block sets out the fundamental knowledge that applicants will
require for a career in risk management. It sets risk management within
the broader context of the organisation. Its objective is to ensure that
candidates understand the principles and frameworks that underpin an
efficient and coherent risk management process that creates and protects
values.

COMMENTS
The block can be completed
with variations to reflect
national regulations/
standards and local factors.

INPUT
Standards including ISO 31000, COSO ERM, FERMA, ANZ.
OUTPUT
Knowledge of the frameworks, standards and context that underpin risk
management.
COVERAGE
1. Introduction to the rimap certification (4 pillars system)
2. Principles and aims of enterprise-wide risk management
(including ethical principles)
3. Risk management frameworks and standards
4. Risk management in the organisation
5. Organisation strategy, objectives, responsibilities, and programme
6. Risk appetite, risk tolerance, risk attitude, risk capacity, limits
7. Types and impact of risk on organisations
8. Risk management process: identification, assessment, treatment,
control, financing
9. Added value, cost and benefits of risk management

DESCRIPTION OF THE BLOCKS

Block 02
RISK
ASSESSMENT

COMMENTS
The main outcome of this
block will be the capability
to identify, compile, analyse,
evaluate and measure
exposure to the following:
- probable risks
- accidental risks
- extraordinary risks
business losses faced
by individuals and
organisations
This will include the
following risk categories:
- emerging (for example
cyber, social media and
climate change risk)

AIM
This block defines the process of risk identification, assessment and
evaluation within an organisation. It also describes the range of analytical
tools and techniques available to assess risk.
INPUT
Risk management frameworks; statistical methods and modelling;
quantitative assessment and forecasting methods; probability analysis;
financial analysis; security analysis.
OUTPUT
Ability to comprehensively identify and assess risks of all types while
employing theoretical valuation and forecasting methods.
COVERAGE
1. Risk and uncertainty and their impact on strategy
2. Risk identification and classification
3. Risk identification techniques
4. Qualitative risk analysis tools and techniques
5. Quantitative risk analysis tools and techniques
6. Risk consequence, likelihood and severity
7. Risk modelling
8. Risk register, risk matrix, risk profile
9. Other

- reputation
- regulatory
- supply chain
- financial
- legal
- property
- personnel
- environmental
- fraud

DESCRIPTION OF THE BLOCKS

Block 03
RISK
TREATMENT I

COMMENTS
Applicants must
demonstrate that they can
develop loss prevention
and protection strategies,
as well as engage with
business units. They
should show evidence of
having managed different
types and magnitudes
of loss prevention and
protection, as well as having
monitored risk activity and
results. Candidates must
demonstrate that they
understand a wide range
of risk control techniques,
including prevention,
protection and reduction.

AIM
This block describes the mechanisms and tools that are required for the
treatment of risks and losses, with particular emphasis on control and
reduction measures. Its aim is to communicate the nature, purpose and
steps involved in risk control.
INPUT
Economic and regulatory capital concepts; environmental and social
awareness; regulatory aspects; capital adequacy; economics and capability
of risk assumption and transfer; operations management; human resource
management (HRM); limit setting; compliance principles; principles of
crisis management; managerial accounting concepts; quality control;
general approaches to business continuity planning (BCP); basic
knowledge of technical equipment and tools to prevent fire, flood and
natural hazards.
OUTPUT
Ability to develop decision-making frameworks encompassing risk
assumption, treatment and/or transfer. Ability to develop response action
planning related to IT risks; business interruption (BI); crisis management;
and investigation by a governing body.
COVERAGE
1. General aspects (organisation risk appetite; inherent and current level
of risk; risk tolerance, treatment, transfer and termination)
2. Types of risk treatment/response
3. Risk control techniques: loss prevention, claims management
and opportunities
4. General/financial risk-related controls
5. Business continuity: emergency and crisis management
6. Other techniques

DESCRIPTION OF THE BLOCKS

Block 04
RISK
TREATMENT II

AIM
This block encompasses basic financing techniques; the principles
underpinning insurance; and the primary benefits insurance contributes to
society. It emphasises that a key part of the risk treatment process is risk
sharing. It describes the risk financing process, with the goal of ensuring
that candidates understand the nature, purpose, and steps involved in risk
financing (retention and transfer).

COMMENTS
Applicants should be
able to demonstrate an
understanding of techniques
used for financing retention,
transfer, insurance or the
alternative risk transfer.
They should understand
the criteria for making
risk financing decisions,
as well as how to develop
risk financing strategies,
along with the selection,
implementation and
monitoring of risk financing
techniques. They should
be able to demonstrate
knowledge of relevant
legal concepts and the
legal environment in which
insurance operates.
They should understand
the concepts of risk
and its relationship to
insurance, as well as the
relationship between risk
management and the
organisation insurance
policy. They should be
able to develop alternative
financing techniques such
as insurance, self-insurance,
retrospective rating,
reinsurance, or captive
insurance.

INPUT
Actuarial science; insurance economics; procurement principles; the legal,
economic and operations perspectives of captive insurance companies;
the reinsurance market; principles of financial instruments; the
investment banking sector; the use of fundamental and technical analysis
in decision-making process; stress testing; scenario analysis; valuation and
bookkeeping of insurance instruments.
OUTPUT
Ability to develop economics-based decision-making frameworks for
risk transfer. Knowledge of best practice in concluding risk transfer
arrangements and claims management (including set-up of internal rules
and procedures). Knowledge of when and how to obtain insurance, and
also when it is no longer necessary.
COVERAGE
1. Risk financing techniques
2. Insurance sector
3. Insurance
4. Reinsurance
5. Captive (re)insurance companies
6. Alternative risk transfer
7. International insurance market

10

DESCRIPTION OF THE BLOCKS

Block 05
RISK
COMMUNICATION,
MONITORING
AND REVIEW
COMMENTS
Within the organisation
assurance environment and
the context of organisation
policy, candidates should
understand how to get a
specific level of satisfaction
with respect to the reliability
of the risk management
information and
documentation provided.

AIM
This block will enable candidates to gain skills in communicating risk
to stakeholders, and consulting with them about risk. Candidates will
also develop an understanding of the importance of having a sound risk
culture in order to deliver reliable risk management that encompasses
all aspects of an organisations risk profile. In addition. the block deals
with components of monitoring and review, such as coverage, design of
risk reports, their frequency and who should receive them. These are
considered as critical parts of the risk management process.
INPUT
Basic knowledge of organisation culture; relations with stakeholders; risk
information; and value added decision-making processes.
OUTPUT
Knowledge of how to produce a risk report and action plan for an
organisations senior management team.
COVERAGE
1. Risk culture and the human factor
2. Corporate social responsibility
3. Communication, consultation, corporate governance
and the role of the board
4. Risk management information systems
5. Risk monitoring
6. Risk review
7. Risk assurance
8. Risk reporting

11

DESCRIPTION OF THE BLOCKS

Block 06
SPECIFIC RISK
MANAGEMENT
TOPICS
COMMENTS
Candidates should
have a grasp of the
concrete tools available
for the management of
specific risks, such as
operational, supply chain,
incident and claims, as
well as understanding
the relationship of risk
management to business
continuity and crisis
management. They should
also have an understanding
of risks relating to mergers
and acquisitions, and
risk management around
projects.

AIM
The goal of this block is to explore important business areas specifically
related to risk and risk management, such as business continuity, incident
and claims management, and crisis management, along with their link to
strategic management.
INPUT
Basic technical knowledge about IT (hardware/software, cyber risks);
the merger and acquisition process (due diligence and integration);
loss of profit evaluation (gross earning/gross profit); analysis of financial
statements.
OUTPUT
To be able to understand the theories, best practices and trends relating to
the different topics covered in this block.
COVERAGE
1. Operational risk management
2. Supply chain risk management
3. Incident and claims management
4. Portfolio, programmes and project risk management
5. Mergers and acquisitions
6. Business continuity and disaster recovery management
7. Emerging and future risks
8. Other topics

12

LEARNING OUTCOMES
Block 00

BUSINESS BASICS FOR THE RISK MANAGER

TOPIC 1: ESSENTIALS OF ECONOMICS AND INTERNATIONAL BUSINESS


CHAPTER

LEARNING OUTCOME

Macroeconomics

measuring national income and price


equilibrium in the real market: consumption; investment
equilibrium in the money market
equilibrium in the economy and aggregate demand

Macro dynamics

inflation
economic growth
business cycles

International economy and foreign


exchange market

open macroeconomics
foreign exchange rate

Principles of managerial economics

Insights into how market economies function:


what determines the price of goods and the
quantities produced and consumed
how government policies and other external
events affect prices and quantities
in which cases market outcomes are efficient
and in which cases they are not
main market types (perfect competition; monopoly;
monopolistic competition; oligopoly)

13

BLOCK 00: BUSINESS BASICS FOR THE RISK MANAGER

TOPIC 2: BASIC STATISTICS AND FINANCIAL MATHEMATICS


CHAPTER

LEARNING OUTCOME

Basics in statistics

Variables; population; samples; measurement of central tendency

Probability distributions and


descriptive statistics

Regression and correlation; probability; variance and standard


deviation; distributions

Hypothesis testing

Estimations; hypothesis testing; hypothesis test

Time value of money

simple and compound interest


effective interest rates
future value
present value
annuities
amortisation

TOPIC 3: BASIC CORPORATE FINANCE


CHAPTER

LEARNING OUTCOME

Fundamentals of corporate finance

goals of corporate finance


finance function and the firms objectives
corporate governance

Principles of valuation and


discounted cash flow

what is value?
the valuation process
value creation for shareholders
what is cash flow?
basics of cash flow analysis
terminal values

Capital investment decisions, cost of


capital and CAPM

investment decisions: payback rules; discounting payback period


method; internal rate of return (IRR); net present value (NPV)
cost of capital: cost of equity capital; cost of debt
capital; weighted average cost of capital (WACC)
capital asset pricing model (CAPM): measuring beta;
risk free rate; risk adjusted discount rates

Long-term financial policy

investment decisions
project evaluation: method for ranking investment
proposals; capital resource rationing; common
pitfalls (e.g. sunk costs; depreciation)

Short-term financial policy

short-term financing: working capital


short-term financing: cash management and credit management

Capital structure and dividend policy

leverage and the value of the firm


dividend policy

Equity and bond valuation

valuation model of common stock


bond yield measures
term structure of interest rates
bond price analysis
risk measurement
the issue process

14

BLOCK 00: BUSINESS BASICS FOR THE RISK MANAGER

TOPIC 4: FINANCIAL STATEMENTS


CHAPTER

LEARNING OUTCOME

Financial accounting, financial


reporting and statement analysis

basic financial accounting


financial statements: balance sheet; income statement;
statement of cash flows; statement of changes in equity
financial reporting: uses of financial statements;
international differences in accounting

Framework for the preparation and


presentation of financial statements

objective of financial statements


fundamental definitions (asset; liability;
equity; revenue; expense)
the cash flow statement
criteria for revenues recognition
measurement of revenues

Assets, liabilities and shareholders


equity

assets: property; plant and equipment; investment property;


intangible assets; inventories; financial instruments
liabilities: bonds; hybrid securities; leases;
retirement benefits; provisions
shareholders equity

Profitability and risk analysis

profitability analysis: ROA (return on assets);


ROCE (return on capital employed)
risk analysis: short-term liquidity risk; long-term solvency risk

TOPIC 5: BASICS OF GENERAL MANAGEMENT


CHAPTER

LEARNING OUTCOME

Management policy and process

Management of business processes in order to optimise corporate


performance:
business process management (BPM)
total quality management
continuous improvement process

Introduction to business information


systems

ICT strategy
IT architecture and the design and use of ICT systems
Given the growth and importance of large business information
systems that are able to register and process immense data
sets, the use of enterprise resource planning (ERP) systems and
business intelligence is also important.

Principles of organisational
behaviour

How, why and what people think, feel and do in organisations


(individual and group behaviour)

Leadership, values and corporate


responsibility

self-management skills
leadership vs. management
expectations and accountabilities
conflict and change management
cultural differences

Principles of human resource


management

A sound basic knowledge of human resource management (HRM)

15

BLOCK 00: BUSINESS BASICS FOR THE RISK MANAGER

TOPIC 6: LEGAL AND CONTRACT MANAGEMENT


CHAPTER

LEARNING OUTCOME

Principles of law

introduction to legal science


basic structures of legal systems
legal terminology
legal reasoning

Society, enterprise and corporate


social responsibility

Issues and relationships related to risk

Introduction to international and


European law

Evolution of the legal environment where the candidate does


business

Compliance

Establishing management processes which will identify the


necessary requirements (as defined in laws, regulations, contracts,
strategies and policies) to assess the state of compliance

Ethics

Principles of conduct governing an individual or a group, based on


moral duty and obligation, underpinned by what is good and bad

TOPIC 7: BASIC MARKETING


CHAPTER

LEARNING OUTCOME

Understanding the role of marketing

what is marketing and how it fits into the organisation


marketing system exchange map
marketing-oriented companies
models of consumer decision-making

Marketing strategies

strategic approaches to the planning process


mass marketing vs. segmentation marketing
segments and the targeting process
differentiated positioning strategy
components of the marketing mix

TOPIC 8: COMMUNICATION
CHAPTER

LEARNING OUTCOME

Communication skills for managers

communication to influence and inspire


promoting team-building
understanding virtual team communication

Communication tools for managers

Description of different systems and tools:


video conferencing
intranet
internal media
newsletters

16

BLOCK 00: BUSINESS BASICS FOR THE RISK MANAGER

TOPIC 9: INFORMATION TECHNOLOGY


CHAPTER

LEARNING OUTCOME

Basic IT knowledge

use of operating systems for file management, word processing,


spreadsheets, presentation software, and emerging technologies
data analysis and use of internet communication tools

ICT infrastructure

Insight into the structure and characteristics of computer


infrastructure, such as servers and clients, and storage and
networking equipment.

TOPIC 10: CHANGE MANAGEMENT


CHAPTER

LEARNING OUTCOME

Psychology of change

principles for managing change


best practice in change management
fundamentals of managing the people side of change

Change management processes

managing organisational change


connecting change management to business projects
change management strategy
change management team

Managing change

communication plan
coaching plan
overcoming resistance
management plan
training plan
master change plan

17

BLOCK 00: BUSINESS BASICS FOR THE RISK MANAGER

BIBLIOGRAPHY, READING, LEARNING MATERIALS


TOPIC 1: Essentials of Economics and International Business
Blanchard O. (2011). Macroeconomics (5th ed.). London, England: Prentice-Hall International.
Collins, J. (2005). Good to great. Boulder, CO: Jim Collins.
TOPIC 2: Basic Statistics and Financial Mathematics
Brink, D. (2010). Essentials of statistics (eBook).
Retrieved from http://bookboon.com/en/statistics-compendium-ebook.
Brink, D. (2010). Essentials of statistics: Exercises (eBook).
Retrieved from http://bookboon.com/en/statistics-exercise-book-ebook.
Fernandes, M. (2009). Statistics for business and economics (eBook).
Retrieved from http://bookboon.com/en/statistics-for-business-and-economics-ebook.
TOPIC 3: Basic Corporate Finance
Bodie, Z., Kane, A. and Marcus, A.J. (2013). Investments (10th ed.). Boston, MA: McGraw-Hill/Irwin.
Brealey, R. and Myers, S. C. (2013). Principle of corporate finance (11th ed.). London, England: McGraw-Hill.
Hill, R.A. (2014). The capital asset pricing model (eBook).
Retrieved from http://bookboon.com/en/the-capital-asset-pricing-model-ebook.
TOPIC 4: Financial statements
Penman, S.H. (2012). Financial statement analysis and security valuation (5th ed.). New York, NY: McGraw-Hill.
TOPIC 5: Basics of General Management
Quinn, S. (2010). Management basics (eBook).
Retrieved from http://bookboon.com/en/management-basics-ebook.
TOPIC 6: Legal and Contract management
Macbeth, D. K. (2013). Contract lifecycle management (eBook).
Retrieved from http://bookboon.com/en/contract-lifecycle-management-ebook.
TOPIC 7: Basic Marketing
Joshi, M. (2012). Essentials of marketing (eBook).
Retrieved from http://bookboon.com/en/essentials-of-marketing-ebook.
TOPIC 8: Communication
MDT Training. (2010). Effective communication skills (eBook). Warwickshire, England: Author.
Retrieved from http://bookboon.com/en/effective-communication-skills-ebook.
MDT Training. (2012). Advanced communication skills (eBook). Warwickshire, England: Author.
Retrieved from http://bookboon.com/en/advanced-communication-skills-ebook.
TOPIC 9: Information Technology
McKean, D. (2012). IT strategy & technology innovation (eBook).
Retrieved from http://bookboon.com/en/it-strategy-technology-innovation-ebook.
TOPIC 10: Change Management
Cameron, E. and Green, M. (2012). Making sense of change management (3rd ed.). London, England: Kogan Page Ltd.
Passenheim, O. (2010). Change management (eBook).
Retrieved from http://bookboon.com/en/change-management-ebook.

18

Block 01

ESSENTIALS OF RISK MANAGEMENT

TOPIC 1: INTRODUCTION TO THE rimap CERTIFICATION (4 PILLARS SYSTEM)


rimap
LEVEL (X)

rimap
ADVANCED
LEVEL (X)

CHAPTER

LEARNING OUTCOME

Risk management
associations

Description; history; underlying


principles; operation at national and
international levels

FERMA

knowledge of the national association


in the country in which certification
is being granted (the country where
the Risk Manager is located)
knowledge of FERMA
and its objectives

The 4 pillars

Understand the structure of the


programme and the 4 pillars (knowledge,
experience, CPD and ethics)

The two levels of


certification

understand the difference


between these (rimap and
rimap Advanced Certificate)
understand how to obtain
(and maintain) each one

19

BLOCK 01: ESSENTIALS OF RISK MANAGEMENT

TOPIC 2: PRINCIPLES AND AIMS OF ENTERPRISE-WIDE RISK MANAGEMENT


(INCLUDING ETHICAL PRINCIPLES)
CHAPTER

LEARNING OUTCOME

Principles of enterprise risk


management (ERM)

The characteristics of Risk Management


and what it should deliver

Aims of ERM

To understand the different aims of your


organisation:
compliance
assurance
decision-making
efficiency of operations
effectiveness of processes
efficacy of strategy

rimap
LEVEL (X)

rimap
ADVANCED
LEVEL (X)

rimap
LEVEL (X)

rimap
ADVANCED
LEVEL (X)

TOPIC 3: RISK MANAGEMENT FRAMEWORKS AND STANDARDS


CHAPTER

LEARNING OUTCOME

COSO ERM

COSO 1 and COSO 2 (origin; objectives;


contents)

ISO 31000

Description of ISO 31000

Local framework

Knowledge of any frameworks within the


country in which the rimap is granted
(in the case of certification, the country
where the risk manager is located)

Other international
standards

FERMA framework
IRM standards
ISO 31010 and 31004
COSO 3

Internal corporate standards

Knowledge of organisation-specific
standards, if these exist

20

BLOCK 01: ESSENTIALS OF RISK MANAGEMENT

TOPIC 4: RISK MANAGEMENT IN THE ORGANISATION


rimap
LEVEL (X)

rimap
ADVANCED
LEVEL (X)

Historical background

Origin of Risk Management in the US,


Europe, and the country in which the
rimap is being granted (in the case of
certification, the country where the risk
manager is located)

Risk Management in
the organisation

Reporting lines

Definition of three lines of


defence

Operational management
Risk Management internal control
Internal and external audit

CHAPTER

LEARNING OUTCOME

Procedures for operating the


three lines of defence

Interaction with other


departments

Relationship of Risk Management with


legal; quality; safety; and environmental
departments

Developing a risk aware


culture

implementation of a risk culture


within the organisation
understanding human
and cultural factors

TOPIC 5: ORGANISATION STRATEGY, OBJECTIVES, RESPONSIBILITIES,


STRUCTURE AND PROGRAMME
rimap
LEVEL (X)

rimap
ADVANCED
LEVEL (X)

CHAPTER

LEARNING OUTCOME

Risk Management
responsibilities

board mandate and commitment


scope of the risk management
Risk Management responsibilities
within the organisation

Organisation framework for


managing risk

Description of risk architecture; risk


strategy; risk protocols; and Risk
Management policy

Implementation of the
framework

Tools to implement the framework and


Risk Management processes

Monitor, review and improve


the framework

Tools to monitor the framework

21

BLOCK 01: ESSENTIALS OF RISK MANAGEMENT

TOPIC 6: RISK APPETITE, RISK TOLERANCE, RISK ATTITUDE, RISK CAPACITY, LIMITS
rimap
LEVEL (X)

rimap
ADVANCED
LEVEL (X)

Definition of risk strategy

This should take into account:


risk appetite
risk tolerance
risk attitude
risk capacity
limits
CEO involvement
tools that can be used to
define risk strategy

Applicability of risk strategy

This should take into account:


risk appetite
risk tolerance
risk attitude
risk capacity
limits
CEO involvement
understanding why a risk
strategy is important

rimap
LEVEL (X)

rimap
ADVANCED
LEVEL (X)

CHAPTER

LEARNING OUTCOME

TOPIC 7: TYPES AND IMPACT OF RISK ON ORGANISATIONS


CHAPTER

LEARNING OUTCOME

Definition of risk

understand different definitions: risk


as either a threat or an opportunity
understand the origin or the
consequence of risk
understand that the definition needs
to be stated and communicated
by the organisation

Types of risks

internal or external
strategic or operational
HR
legal

Impact of risks

financial impact
non-financial impact

Recording risk assessments

risk register
spreadsheet
computer-based system

22

BLOCK 01: ESSENTIALS OF RISK MANAGEMENT

TOPIC 8: RISK MANAGEMENT PROCESS: IDENTIFICATION, ASSESSMENT, TREATMENT,


CONTROL, FINANCING
rimap
LEVEL (X)

rimap
ADVANCED
LEVEL (X)

Risk management process

Different types of process, including:


COSO ERM
ISO 3100 (7Rs & 4Ts)
FERMA
local standards

Identification and
assessment (definition)

Essentials of risk assessment, including


methodology (top-down vs. bottom-up
approach; risk matrix)

Reduction and control


(definition)

Essentials of risk control or mitigation:


risk avoidance or reduction
(including loss prevention)
risk transfer (contractual)
opportunities

Risk financing (definition)

Essentials of risk financing:


retention
insurance
captives
alternative risk transfer (ART)

Feedback mechanisms

essentials of monitoring and


reviewing performance
essentials of communication
and consultation

CHAPTER

LEARNING OUTCOME

TOPIC 9: ADDED VALUE, COST AND BENEFITS OF RISK MANAGEMENT


rimap
LEVEL (X)

rimap
ADVANCED
LEVEL (X)

CHAPTER

LEARNING OUTCOME

Cost of risk

Total cost of risk (TCOR): calculation and


use

Added value and benefits of


risk management

Calculation of the optimal risk/return


profile

23

BLOCK 01: ESSENTIALS OF RISK MANAGEMENT

BIBLIOGRAPHY, READING, LEARNING MATERIALS


Anderson, R. (2011). Risk appetite and tolerance: Executive summary (eBook).
London, England: Institute of Risk Management (IRM).
Retrieved from https://www.theirm.org/media/464806/IRMRiskAppetiteExecSummaryweb.pdf .
The Association of Insurance and Risk Managers (AIRMIC), Public Risk Management Association (ALARM),
Institute of Risk Management (IRM). (2010). A structured approach to Enterprise Risk Management (ERM)
and the requirements of ISO 31000 (online resource). London, England: Authors.
Retrieved from https://www.theirm.org/media/886062/ISO3100_doc.pdf.
Beasley, M.S., Branson, B.C. and Hancock, B. V. (2009). Strengthening enterprise risk management
for strategic advantage (eBook). Raleigh, NC: Committee of Sponsoring Organizations of the Treadway
Commission (COSO).
Retrieved from http://www.coso.org/documents/COSO_09_board_position_final102309PRINTandWEBFINAL_000.pdf.
Caldwell, J.E. (2012). A framework for board oversight of enterprise risk (online resource). Toronto, Canada:
Chartered Professional Accountants Canada (CPA Canada).
Retrieved from https://www.cpacanada.ca/business-and-accounting-resources/strategy-risk-and-goverance/
enterprise-risk-management/publications/board-oversight-a-new-framework-for-identifying-understanding-andaddressing-risk.
Funston, F. and Wagner, S. (2010). Surviving and thriving in uncertainty: Creating the risk-intelligent
enterprise. Hoboken, NJ: Wiley.
Helbekkmo, H., Kshirsagar, A., Schlosser, A. Selandari, F., Stegemann, U. and Vorholt, J. (2014). Enterprise
risk management shaping the risk revolution (online resource). New York, NY: McKinsey & Company.
Retrieved from http://www.rmahq.org/tools-publications/publications/white-papers/enterprise-riskmanagement%E2%80%93shaping-the-risk-revolution.
Hopkin, P. (2010). Fundamentals of risk management: Understanding, evaluating and implementing
effective risk management (2nd ed.). London, England: Kogan Page.
Institute of Risk Management (IRM). (2012). Risk culture: Under the microscope guidance for boards (online
resource). London, England: Author.
Retrieved from https://www.theirm.org/media/885907/Risk_Culture_A5_WEB15_Oct_2012.pdf.
Institute of Risk Management (IRM). (2014). Extended enterprise: Managing risk in complex 21st century
organisations: Executive Summary (online resource). London, England: Author.
Retrieved from https://www.theirm.org/media/1155369/IRM-Extended-Enterprise_A5_AW.pdf.
International Corporate Governance Network (ICGN). (2010). ICGN corporate risk oversight guidelines (online
resource). London, England: Author.
Retrieved from http://www.accaglobal.com/content/dam/acca/global/PFD-memberscpd/AFF/ICGN-oversightguidelines.pdf.
International Standards Organisation (ISO). (2009). ISO 31000: Risk management principles and
guidelines. Geneva, Switzerland: Author.
Available online at http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=43170.
Passenheim, O. (2013). Enterprise risk management (eBook).
Retrieved from http://bookboon.com/en/enterprise-risk-management-ebook.
PricewaterhouseCoopers (PwC). (2013). Internal control integrated framework: Executive summary,
framework and appendices, and illustrative tools for assessing effectiveness of a system of internal control
(online resource). New York, NY: American Institute of Certified Public Accountants (AICPA).
Protiviti. (2006). Guide to enterprise risk management frequently asked questions (online resource). Author

24

BLOCK 01: ESSENTIALS OF RISK MANAGEMENT

as publisher.
Retrieved from http://www.protiviti.com/en-US/Pages/Guide-to-Enterprise-Risk-Management.aspx.
Rittenberg, L. and Martens, F. (2012). Understanding and communicating risk appetite (eBook). USA:
Committee of Sponsoring Organizations of the Treadway Commission (COSO).
Retrieved from http://www.coso.org/documents/ERM-Understanding%20%20Communicating%20Risk%20
Appetite-WEB_FINAL_r9.pdf .
Passenheim, O. (2013). Enterprise risk management (eBook).
Retrieved from http://bookboon.com/en/enterprise-risk-management-ebook.
PricewaterhouseCoopers (PwC). (2013). Internal control integrated framework: Executive summary,
framework and appendices, and illustrative tools for assessing effectiveness of a system of internal control
(online resource). New York, NY: American Institute of Certified Public Accountants (AICPA).
Protiviti. (2006). Guide to enterprise risk management frequently asked questions (online resource).
Author as publisher.
Retrieved from http://www.protiviti.com/en-US/Pages/Guide-to-Enterprise-Risk-Management.aspx.
World Economic Forum. (2015). Global risks 2015 (online resource). Cologny, Geneva: Author.
Retrieved from http://reports.weforum.org/global-risks-2015/.

25

Block 02

RISK ASSESSMENT

TOPIC 1: RISK AND UNCERTAINTY AND THEIR IMPACT ON STRATEGY


rimap
LEVEL (X)

rimap
ADVANCED
LEVEL (X)

CHAPTER

LEARNING OUTCOME

Definitions of risk and risk


management

understand risks and acquire the


fundamentals of risk identification
develop the ability to gather
the necessary internal/external
data and information for risk
modelling and its validation

Uncertainty and likelihood

Acquire the basis for risk quantification


and understand ways to handle related
issues

Risk influenced strategy

principles of risk-based strategy


setting and adjustment
integration of strategic management
and risk management

Risk policy

ability to formulate risk policy, taking


into account the organisations
strategic goals; risk attitude and
appetite; industry sector; and market
understand why and how the
policy should be reviewed and
adjusted to serve its purpose

26

BLOCK 02: RISK ASSESSMENT

Risk tactics

ability to decide on proper and


timely tactical adjustments to
the adopted risk strategy within
changed circumstances
ability to communicate the necessary
changes (including exit strategy) in
comparison with the base scenario
(both quantitatively and qualitatively)

TOPIC 2: RISK IDENTIFICATION AND CLASSIFICATION


rimap
LEVEL (X)

rimap
ADVANCED
LEVEL (X)

Risk classification(s)

awareness of principles underlying


different risk classification
approaches (origin; impact;
subject; industry sector)
ability to conduct proper risk
identification and classification
within the organisation

Description of principal
risks

Overview of the nature and impact of


risks including:
financial
quality
liability
asset
environmental
personnel
transport
IT
intellectual property
criminal

Identification of principal
risks

Develop competency in identifying


risks which may significantly impact
on or impair an organisations ability to
perform and/or survive (i.e. continue as
a going concern)

Correlated and
consequential risks

Develop competency in acquiring a basis


for comprehensive assessment of net
risks

Classification of loss
exposure

understand the nature of losses


understand what constitutes
an adequate approach to
risk treatment (avoidance;
reduction; retention; transfer)

CHAPTER

LEARNING OUTCOME

27

BLOCK 02: RISK ASSESSMENT

TOPIC 3: RISK IDENTIFICATION TECHNIQUES


rimap
LEVEL (X)

rimap
ADVANCED
LEVEL (X)

CHAPTER

LEARNING OUTCOME

Methods of identifying
risks and loss exposure
(introduction)

Brainstorming; checklists; surveys; loss


histories; financial statements

Methods of identifying risks


and loss exposure

strategic (objectives-based)
scenario analysis via identification
of risk sources (taxonomy-based)
failure mode and effect
analysis (FMEA)
incident analysis

Other methods

For example ISO 31010; COSO ERM

TOPIC 4: QUALITATIVE RISK ANALYSIS TOOLS AND TECHNIQUES


CHAPTER

LEARNING OUTCOME

Quantitative methods

Brainstorming; checklists; surveys;


external data and information

Qualitative risk analysis


tools and techniques

Probability impact matrices; risk scoring

rimap
LEVEL (X)

rimap
ADVANCED
LEVEL (X)

X
X

TOPIC 5: QUANTITATIVE RISK ANALYSIS TOOLS AND TECHNIQUES


rimap
LEVEL (X)

rimap
ADVANCED
LEVEL (X)

CHAPTER

LEARNING OUTCOME

Quantitative methods

For example probability theory

Statistical methods

ability to calculate volatility


understanding the concept
of the Greeks
regression
trends
understanding actuarial methods

Quantitative risk analysis


tools and techniques

Monte Carlo simulation


decision trees
factor analysis
sensitivity analysis

28

BLOCK 02: RISK ASSESSMENT

TOPIC 6: RISK CONSEQUENCE, LIKELIHOOD AND SEVERITY


rimap
LEVEL (X)

rimap
ADVANCED
LEVEL (X)

Qualitative approach

identifying hazards and


associated risks
option analysis
checklists
audits
use of sources (hazard studies)
fault trees
cause and consequence diagrams

Quantitative approach

choice of adequate historical data


use of statistical methods
forecasting
scenario analysis

rimap
LEVEL (X)

rimap
ADVANCED
LEVEL (X)

CHAPTER

LEARNING OUTCOME

TOPIC 7: RISK MODELLING


CHAPTER

LEARNING OUTCOME

Risk modelling in general

Develop competency in:


identifying risk exposure and
risk factors
implementing and validate risk models
identifying model limitations
interpreting statistical analyses
conducting stress tests
and scenario analyses

Capital asset pricing model


(CAPM)

Understand the relationship between


risk, return and value of assets

Economic capital

Understand the relationship between the


impact of possible risks and the capital
needed to allow for these, along with risk
pricing

Key risks indicators

29

BLOCK 02: RISK ASSESSMENT

TOPIC 8: RISK REGISTER, RISK MATRIX, RISK PROFILE, RISK MAP


rimap
LEVEL (X)

rimap
ADVANCED
LEVEL (X)

CHAPTER

LEARNING OUTCOME

Risk register

Develop competency in organising a


organisations risk register, given its
sector, size and complexity

Risk matrix

Develop competency in defining a risk


matrix and adequate risk response
given a organisations sector, size and
complexity

Risk profile

understand the approach to defining


a organisations risk profile
competence to distinguish between
perceived and actual risk profiles
use of this concept to achieve
a target risk profile

Risk map

BIBLIOGRAPHY, READING, LEARNING MATERIALS


Anderson, D. R. (2012). Quantitative methods for business (12 ed.). Nashville, TN: Southwestern/Cengage Learning.
Bodie, Z., Kane, A. and Marcus, A.J. (2013). Investments (10th ed.). Boston, MA: McGraw-Hill/Irwin.
Brigham, E.F. and Houston, J.F. (2011). Fundamentals of financial management (12th ed.). Mason, OH:
Southwestern/Cengage Learning.
Brigham, E.F. (2012). Intermediate Financial Management (11th ed.). Cincinnati, OH: Southwestern.
Crouhy, M. (2001). Risk Management. New York, NY; London, England: McGraw-Hill.
Gregory, J. (2010). Counterparty credit risk: The new challenge for global financial markets. Chichester,
England: Wiley.
King, J.L. (2001). Operational risk: Measurement and modelling. Chichester, England: Wiley.
Marshall, C. (2000). Measuring and managing operational risks in financial institutions: Tools, techniques
and other resources. Chichester, England: Wiley.
McKinsey & Company. (2011). Working papers on risk number 13: Risk modelling in a new paradigm: Developing
new insight and foresight on structural risk (online resource, 2nd ed.). New York, NY: McKinsey & Company.
Retrieved from http://www.mckinsey.com/~/media/mckinsey/dotcom/client_service/risk/working%20
papers/13_risk%20modeling%20in%20a%20new%20paradigm.ashx.
Servigny, A. (2004). Measuring and managing credit risk. New York, NY; London, England: McGraw-Hill.
White, G.I. (2003). The analysis and use of financial statements (3rd ed.). Chichester, England: Wiley.

30

Block 03

RISK TREATMENT I

TOPIC 1: GENERAL ASPECTS (ORGANISATION RISK APPETITE, INHERENT AND CURRENT


LEVEL OF RISK, RISK TOLERANCE, TREATMENT, TRANSFER AND TERMINATION)
CHAPTER

LEARNING OUTCOME

Organisation risk appetite

competence to define risk appetite


ability to manage risk tolerance
understand the role of the
risk manager/chief risk
officer/risk committee
understand the relationship between
economic capital and regulatory capital

Economics of risk treatment

Knowledge and competence to provide


senior management with basis for
decision-making on risk treatment

rimap
LEVEL (X)

rimap
ADVANCED
LEVEL (X)

TOPIC 2: TYPES OF RISK TREATMENT/RESPONSE


CHAPTER

LEARNING OUTCOME

Risk response

Able to make decisions on whether to


tolerate, treat, transfer or terminate

31

rimap
LEVEL (X)

rimap
ADVANCED
LEVEL (X)

BLOCK 03: RISK TREATMENT I

TOPIC 3: RISK CONTROL TECHNIQUES: LOSS PREVENTION, CLAIMS MANAGEMENT


AND OPPORTUNITIES
rimap
LEVEL (X)

rimap
ADVANCED
LEVEL (X)

Understand techniques for risk


avoidance and evaluation of eventual
opportunity cost/profit

Risk mitigation/preventive
techniques

Understand purpose and contents


of policies; programmes to address
hazards; importance of and approach to
structuring responsibilities

Loss reduction techniques

knowledge of operations management


and competence to assess opportunity
control of infrastructure risks
(health and safety at work;
natural hazards; property fire
protection; IT security; HR risks)
control of reputational risks (brand
protection; environment)
control of marketplace risks
(technology developments;
regulatory risks)

Separation, diversification
and duplication techniques

Understand the tools and the risk


situations in which they can be
successfully applied

CHAPTER

LEARNING OUTCOME

Risk avoidance

TOPIC 4: GENERAL/FINANCIAL RISK-RELATED CONTROLS


rimap
LEVEL (X)

rimap
ADVANCED
LEVEL (X)

CHAPTER

LEARNING OUTCOME

Limit setting

value at risk (VaR); credit limits; Altman


Z Score and other models; concentration
indices

Control set-up

Control framework techniques; necessity


of setting predefined criteria (for
example monitoring frequency)

Others

fraud control
historical liabilities (for example
exposure to asbestos; liabilities
related to pension funds)

32

BLOCK 03: RISK TREATMENT I

TOPIC 5: BUSINESS CONTINUITY: EMERGENCY AND CRISIS MANAGEMENT


rimap
LEVEL (X)

rimap
ADVANCED
LEVEL (X)

CHAPTER

LEARNING OUTCOME

Business continuity
(definition)

Understand emergency and crisis


management concepts

Disaster recovery (definition)

policies
pre-disaster protection and
mitigation measures
continuity of operations planning
post-disaster response and recovery
elements of continuity planning

Business impact analyses,


recovery strategies and
business continuity plans

Competence to outline business


continuity/disaster recovery plan

Testing, training and


awareness programmes

Competence to outline the main


contents of defined programmes that are
appropriate to the size and sector of the
organisation

Communication and crisis


management programmes

Competence to outline the main


contents of defined programmes that are
appropriate to the size and sector of the
organisation

TOPIC 6: OTHER TECHNIQUES


CHAPTER

LEARNING OUTCOME

National associations tools

Other techniques

rimap
LEVEL (X)

rimap
ADVANCED
LEVEL (X)
X

33

BLOCK 03: RISK TREATMENT I

BIBLIOGRAPHY, READING, LEARNING MATERIALS


Brigham, E.F. and Houston, J.F. (2011). Fundamentals of financial management (12th ed.). Mason, OH:
Southwestern/Cengage Learning.
Brigham, E.F. (2012). Intermediate Financial Management (11th ed.). Cincinnati, OH: Southwestern.
Crouhy, M. (2001). Risk Management. New York, NY; London, England: McGraw-Hill.
Gregory, J. (2010). Counterparty credit risk: The new challenge for global financial markets. Chichester,
England: Wiley.
Servigny, A. (2004). Measuring and managing credit risk. New York, NY; London, England: McGraw-Hill.
White, G.I. (2003). The analysis and use of financial statements (3rd ed.). Chichester, England: Wiley.
Heizer, J. (2013). Operations management (11th ed.). London, England: Prentice-Hall International.
Rittenberg, L. and Martens, F. (2012). Understanding and communicating risk appetite (online resource).
USA: Committee of Sponsoring Organizations of the Treadway Commission (COSO).
Retrieved from http://www.coso.org/documents/ERM-Understanding%20%20Communicating%20Risk%20
Appetite-WEB_FINAL_r9.pdf.
Anderson, R. (2011). Risk appetite and tolerance: Executive summary (online resource). London, England:
Institute of Risk Management (IRM).
Retrieved from https://www.theirm.org/knowledge-and-resources/thought-leadership/risk-appetite-andtolerance/.
Hopkin, P. (2014). Fundamentals of risk management: Understanding, evaluating and implementingeffective
risk management (3rd ed.). London, England: Kogan Page.
Berthouex, P.M. and Brown, L.C. (2013). Pollution prevention and control: Part I: Human health and
environmental quality (eBook).
Retrieved from http://bookboon.com/en/pollution-prevention-and-control-ebook.

34

Block 04

RISK TREATMENT II

BLOCK 04: RISK TREATMENT II


TOPIC 1: RISK FINANCING TECHNIQUES
rimap
LEVEL (X)

rimap
ADVANCED
LEVEL (X)

Risk retention

Understand the following:


risk absorption provisions
economic and regulatory capital
captive insurance concepts
and their economics

Risk transfer

Understand the use of financial


derivatives and markets; (re)insurance
covers; natural hedges

Other risk financing


techniques

Securitisation

CHAPTER

LEARNING OUTCOME

35

BLOCK 04: RISK TREATMENT II

TOPIC 2: INSURANCE SECTOR


rimap
LEVEL (X)

rimap
ADVANCED
LEVEL (X)

Insurance market

understand the mechanics and


organisation of the insurance sector
understand insurance sector
risk transfer products
know who the main actors are (brokers;
insurers; insurance industry network)

Insurance programmes

local vs. international insurance


programmes and regulatory
perspective/influence
master insurance policies
vs. local policies
choice of right insurance mix, for
example optimal (international)
coverage; claims management

International insurance
legislation and regulations

particular features of different


insurance policies, for instance
coverage and claims management
under general legislative approaches
(e.g. Anglo-Saxon vs. continental law)
particular features of international
liability insurance policies
compliance with international
insurance programmes

National legislation and


regulations

Knowledge of national insurance


sectors, markets and solutions, and their
particular features

CHAPTER

LEARNING OUTCOME

36

BLOCK 04: RISK TREATMENT II

TOPIC 3: INSURANCE
rimap
LEVEL (X)

rimap
ADVANCED
LEVEL (X)

Broad knowledge of types of insurance,


e.g. property; liability; marine

Premium

Knowledge of how premiums are


calculated, revised and taxed

Deductibles

understand the rationale


for deductibles for the
insurer and the insured
understand the economics and
scenario analysis of deductibles based
on mathematical probability (market/
organisation), including analysis of
historical data/time series of cases

Material contractual
obligations

Knowledge of key legal principles and


obligations with which the insured
should be familiar

rimap
LEVEL (X)

rimap
ADVANCED
LEVEL (X)

CHAPTER

LEARNING OUTCOME

Types of insurance cover

TOPIC 4: REINSURANCE
CHAPTER

LEARNING OUTCOME

Definition of reinsurance
Reinsurance market

Understand the structure and operations


of the reinsurance market, including the
parties involved and the functioning of
captive (re)insurance companies

Classifications

Proportional and non-proportional (perrisk, per-event and stop-loss cover)

New reinsurance techniques

37

BLOCK 04: RISK TREATMENT II

TOPIC 5: CAPTIVE (RE)INSURANCE COMPANIES


CHAPTER

LEARNING OUTCOME

Definition of captive

rimap
LEVEL (X)

rimap
ADVANCED
LEVEL (X)

Classification

Knowledge of captive insurance


principles and possibilities (e.g. single
parent; association; industry; rent-acaptive; cell captives)

Organisations and
applications

Knowledge of legal/regulatory and tax


aspects of captives

Captives as a risk retention


and risk transfer tool

Understand the rationale, economics


and mechanics of captive insurance
companies

TOPIC 6: ALTERNATIVE RISK TRANSFER


CHAPTER

LEARNING OUTCOME

Standard methods

understand the mechanics and


organisation of the financial sector
understand financial sector
risk transfer products, e.g.
options and bonds

Alternative risk transfer


(ART) methods

Knowledge of products such as:


catastrophe bonds
reinsurance sidecars
industry loss warranties
financial derivatives

rimap
LEVEL (X)

rimap
ADVANCED
LEVEL (X)

TOPIC 7: INTERNATIONAL INSURANCE MARKET


CHAPTER

LEARNING OUTCOME

Structure and organisation


of international insurance
market

Knowledge of: parties involved;


importance; governance; regulation

International insurance
programmes

For example: products; insurance


policies; claims management

38

rimap
LEVEL (X)

rimap
ADVANCED
LEVEL (X)

X
X

BLOCK 04: RISK TREATMENT II

BIBLIOGRAPHY, READING, LEARNING MATERIALS


Bawcutt, P. (1997). Captive insurance companies: Establishment, operation and management (4th ed.).
Livingston, Scotland: Witherby & Co Ltd.
Brigham, E.F. and Houston, J.F. (2011). Fundamentals of financial management (12th ed.). Mason, OH:
Southwestern/Cengage Learning.
Brigham, E.F. (2012). Intermediate financial management (11th ed.). Cincinnati, OH: Southwestern.
Carter, R.L., Ralph, N. and Lucas, L. (1990). Types of market: Principles and practice of reinsurance. In
Carter on reinsurance (2nd ed.). London, England: Chartered Insurance Institute Tuition Service.

39

Block 05

RISK COMMUNICATION,
MONITORING AND REVIEW

TOPIC 1: RISK CULTURE AND THE HUMAN FACTOR


rimap
LEVEL (X)

rimap
ADVANCED
LEVEL (X)

CHAPTER

LEARNING OUTCOME

Risk communication and


review

Definitions

Definition of risk culture

know and understand the


importance of risk culture for
effective risk management
understand that soft factors are even
more important than hard ones
understand that walking the talk
is critical for building a legitimate
and trusting risk culture
understand that risk culture is the
effect of long-term work. It is built up
slowly but can be quickly destroyed

Risk culture criteria

be able to define risk culture criteria


understand that soft factors like risk
culture can be audited and verified
be able to give examples of
synonyms for risk culture

40

BLOCK 05: RISK COMMUNICATION, MONITORING AND REVIEW

TOPIC 2: CORPORATE SOCIAL RESPONSIBILITY


rimap
LEVEL (X)

rimap
ADVANCED
LEVEL (X)

CHAPTER

LEARNING OUTCOME

Definition of corporate
social responsibility (CSR)

corporate self-regulation
within the business model
ensuring that all stakeholders embrace
responsibility for corporate actions

COSO: demystifying
sustainability risks

Know and understand the connection


between internal and external risks, and
the growing emphasis stakeholders put
on sustainability risks

Standards

three lines of defence


corporate social responsibility
vs. corporate governance

TOPIC 3: COMMUNICATION, CONSULTATION, CORPORATE GOVERNANCE AND THE ROLE OF


THE BOARD
CHAPTER

LEARNING OUTCOME

Definitions

Communication

understand that communication


and consultation with external
and internal stakeholders should
take place during all stages of
the risk management process
understand the importance of
developing (i.e. educating) board
members, including providing
continuous learning for Risk
Management stakeholders
and key users to develop an
increase in Risk Management
professionalism within the board
understand that the board is the
key client and is expected to be
an educated client, ready and
able to discuss Risk Management
system development, rather than
just being a passive consumer
understand communication for
business lines and organisation
employees, for example,
tools such as eLearning
understand that the board should
be able to work with risk managers
to define, develop and set tasks,
requirements and challenges for Risk
Management function, such as the
format and size of the system, and
the tools and instruments relevant
for a particular organisation

41

rimap
LEVEL (X)

rimap
ADVANCED
LEVEL (X)

BLOCK 05: RISK COMMUNICATION, MONITORING AND REVIEW

Consultation

Understand what responsibilities board


directors have, and which questions they
should ask re:
risk oversight
objectives of enterprise
risk management
effectiveness of managements
Risk Management process
capacity and appetite for risk
consolidation of risks
risk reporting (adequacy and timeliness)

Communication plans

Understand the importance of


communicating and consulting with the
board at an early stage

Stakeholder definition

Who are the stakeholders?

Relations with stakeholders

understand the importance of


effective communication and
consultation with stakeholders as
they will make judgements about risk
based on their perceptions of risk
ensure that communication
and consultation facilitates
truthful, relevant and accurate
exchanges of information
understand cognitive biases and
how to overcome them. Studies
suggest that these play a significant
role in human ability to correctly
identify, assess and mitigate risks

Communication with
stakeholders

know how to differentiate risk


communication for different
stakeholders, depending
on the types of risks
understand different approaches
to risk perception and the
importance of timing of risk
communication to reflect this

Conditions

understand that the risk managers role


is to facilitate, advise and coordinate
the Risk Management process
be aware that effective governance
and controls depend on clear lines
of responsibility and defence.
Other factors include separation
of duties and dualities

understand that the board has


ultimate responsibility for risk
oversight, but all risk owners are
responsible for their risk management

42

BLOCK 05: RISK COMMUNICATION, MONITORING AND REVIEW

TOPIC 4: RISK MANAGEMENT INFORMATION SYSTEMS


CHAPTER

LEARNING OUTCOME

Risk management
information systems

be aware of the key risk management


information systems on the market
and their main features (if necessary,
commission your own RMIS)
understand the role of Forrester
and Gartner surveys

rimap
LEVEL (X)

rimap
ADVANCED
LEVEL (X)

TOPIC 5: RISK MONITORING


CHAPTER

LEARNING OUTCOME

Risk monitoring

Understand that risk monitoring should


be applied in sequence:
basic qualitative risk analysis
techniques (likelihood x
consequences) are applicable
to all organisations
intermediate tools like bowtie analysis and other semiquantitative techniques should be
applied to high risks assessed
rimap Advanced steps like
risk modelling and quantitative
techniques should be applied
only to significant risks
Understand KPI/limit indicators

Internal control selfassessment (ICSA)

rimap
LEVEL (X)

rimap
ADVANCED
LEVEL (X)

43

BLOCK 05: RISK COMMUNICATION, MONITORING AND REVIEW

TOPIC 6: RISK REVIEW


rimap
LEVEL (X)

rimap
ADVANCED
LEVEL (X)

CHAPTER

LEARNING OUTCOME

General principles

priorities should include:


strategic planning; business
planning; budgeting
risk assessments must be
incorporated into strategy setting
and business planning
budgets should only be agreed and
signed off after a risk assessment
has been undertaken and the
results taken into account

Guidance for board


members

risk assessment should be integral


to any significant management
or investment decision
risk assessment should not be a
stand-alone process, but integrated
into all material decisions
these decisions should be
considered only after proper risk
analyses have been undertaken
the level and complexity of risk
analysis should be proportionate
to the risk appetite and the
value of the decision

Risk indicators

management reporting should include


key strategic goals and KPIs for risk
risk reporting should be linked
to performance management
and employee remuneration
these indicators should be built
into existing business processes
and should not exist in isolation

TOPIC 7: RISK ASSURANCE


CHAPTER

LEARNING OUTCOME

Internal audit, IT and


project assurance

Process assurance

rimap
LEVEL (X)

rimap
ADVANCED
LEVEL (X)
X

44

BLOCK 05: RISK COMMUNICATION, MONITORING AND REVIEW

TOPIC 8: RISK REPORTING


rimap
LEVEL (X)

rimap
ADVANCED
LEVEL (X)

CHAPTER

LEARNING OUTCOME

Definition of internal
reporting

internal risk reporting is crucial


in developing risk culture
across an organisation
communicating risks in a way that
is practical, analytical yet easy to
understand is key to developing
an effective risk culture
communication must be tailored to the
needs of the audience, for example
by striking a balance between being
sufficiently detailed to be useful,
without including complex detail
that might not be understood

Internal reporting tools

understand that the more senior the


level of the person assessing the
corporate risk, the more aggregated
and analytical the risk report should be
understand that risk reporting for
internal users must satisfy certain
criteria, for instance: providing a
clear basis for decision-making;
taking different users perception
of risk into account; understanding
users objectives and interests

External reporting

understand that not all risks should


be communicated externally, but that
organisations need to provide evidence
that they have comprehensive risk
management systems in place
be aware of agency theory, which
relates to so-called agency conflicts
(conflicts of interest) between agents
and principals in agency relationships.
These can arise between shareholders
and managers and between debtholders and shareholders

45

BLOCK 05: RISK COMMUNICATION, MONITORING AND REVIEW

Communication,
coordination and reportwriting

Understand that risk reporting should


meet the following criteria:
feature a logical flow of information
and use a consistent format
include clear description of the
results and outcomes of activities that
have been carried out to influence
risk probability or risk impact
pitch information at the right level
for the target audience and take their
decision-making powers into account
include an appropriate balance
between quantitative and
qualitative risk information
contain all the relevant
information users require
link with other departments within
the organisation, including taking
steps to coordinate with them and
ensure they act on the report

46

BLOCK 05: RISK COMMUNICATION, MONITORING AND REVIEW

BIBLIOGRAPHY, READING, LEARNING MATERIALS


DeLoach, J. and Thomson, J. (2014). Improving organizational performance and governance: How the COSO
frameworks can help (online resource). London, England: Committee of Sponsoring Organizations of the
Treadway Commission (COSO).
European Commission. (2011). COM 681: A renewed EU strategy 2011-14 for Corporate Social
Responsibility (online resource). Brussels, Belgium: Author.
Retrieved from http://ec.europa.eu/enterprise/newsroom/cf/_getdocument.cfm?doc_id=7010.
Global Reporting Initiative (GRI). (2013). G4 sustainability reporting guidelines: Reporting principles and
standard disclosures (online resource). Amsterdam, The Netherlands: Author.
Retrieved from https://www.globalreporting.org/resourcelibrary/GRIG4-Part1-Reporting-Principles-andStandard-Disclosures.pdf
Institute of Risk Management (IRM). (2012). Risk culture: Under the microscope guidance for boards (online
resource). London, England: Author.
Retrieved from https://www.theirm.org/media/885907/Risk_Culture_A5_WEB15_Oct_2012.pdf.
International Standards Organisation (ISO). (2009). ISO 31000: Risk management principles and
guidelines. Geneva, Switzerland: Author.
Available online at http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=43170.
International Standards Organisation (ISO). (2010). ISO 26000: Social responsibility. Geneva, Switzerland:
Author.
Available online at https://www.iso.org/obp/ui/#iso:std:iso:26000:ed-1:v1:en
McClean, C., Balaouras, S. and Hayes, N. (2011). The Forrester Wave: Enterprise governance, risk, and
compliance platforms. Cambridge, MA: Forrester Research.
OECD. (2011). OECD Guidelines for Multinational Enterprises. Paris, France: OECD Publishing.
Retrieved from http://dx.doi.org/10.1787/9789264115415-en.
PricewaterhouseCoopers (PwC). (2013). Internal control integrated framework: Executive summary,
framework and appendices, and illustrative tools for assessing effectiveness of a system of internal control.
New York, NY: American Institute of Certified Public Accountants (AICPA).
Rittenberg, L. and Martens, F. (2012). Understanding and communicating risk appetite (online resource).
USA: Committee of Sponsoring Organizations of the Treadway Commission (COSO).
Retrieved from http://www.coso.org/documents/ERM-Understanding%20%20Communicating%20Risk%20
Appetite-WEB_FINAL_r9.pdf.
White, G.I. (2002). The analysis and use of financial statements (3rd ed.). New York, NY; London, England:
Wiley & Sons, Inc.

47

Block 06

SPECIFIC RISK MANAGEMENT TOPICS

TOPIC 1: OPERATIONAL RISK MANAGEMENT


CHAPTER

LEARNING OUTCOME

rimap
LEVEL (X)

rimap
ADVANCED
LEVEL (X)

Operational risk
management definition

Operational risk
management in industry

Analysing risks:
loss protection and prevention
loss mitigation solutions in different
kinds of risks (for example, propertyliability; transport; credit)
Definition and classification of
operational risks provided by the Global
Association of Risk Professionals (GARP)
Relationship between the three
operational risk components:
technology development
business processes and
organisational development
(including internal control)
human resources development
(soft factors such as moral
hazard; cognitive biases; and
institutional theory must be
strongly taken into consideration
Concepts of layers of cheese and
organisational (corporate) pathogens, as
described by J. Reason

Operational risk
management in finance

regulatory treatment of operational


risk under Basel II and III
operational risk in various
financial institutions

48

BLOCK 06: SPECIFIC RISK MANAGEMENT TOPICS

TOPIC 2: SUPPLY CHAIN RISK MANAGEMENT


rimap
LEVEL (X)

rimap
ADVANCED
LEVEL (X)

CHAPTER

LEARNING OUTCOME

Logistics management

demonstrate an integrated and


comprehensive approach to logistics
and supply chain management
understand how firms must link
with their supply chain partners
to gain a competitive advantage
understand major economic
trends which have fundamentally
influenced the supply chain
processes (for example: ongoing
advances in IT management;
increasing cost pressures)
underline the role of quality
management and customer satisfaction
understand that an increasing
focus on core activities can lead
to the development of large (often
worldwide) networks for supply,
production and distribution

Supply chain risk


management

understand that global supply


chains face a multitude of risks
develop structured and systematic
approaches for assessing
risks in supply chains
take into account areas including:
logistics; supply chain management;
operations management; strategy;
and international business. Use this
information to develop a model of
global supply chain risk management
understand the interconnection
and interdependence between
different operational sites
appreciate the difficulty of calculating
the consolidated margin to declare
be able to evaluate the required
insurance response

49

BLOCK 06: SPECIFIC RISK MANAGEMENT TOPICS

TOPIC 3: INCIDENT AND CLAIMS MANAGEMENT


rimap
LEVEL (X)

rimap
ADVANCED
LEVEL (X)

CHAPTER

LEARNING OUTCOME

Database management

recognise that databases underpin


many business applications
gain an insight into the design
and the use of databases
understand the model underpinning
relational databases

Claims management

demonstrate a working knowledge


of handling claims, including
claims practices and fraud issues
be able to describe the main
actors involved (brokers;
experts; lawyers; insurers)
understand the key legal points:
deductible; limits; value

TOPIC 4: PORTFOLIO, PROGRAMMES AND PROJECT RISK MANAGEMENT


CHAPTER

LEARNING OUTCOME

Project management with


focus on risk

understand that project management


can be applied to all kinds of projects
understand fundamental concepts
of project management: time;
resources; cash; quality
demonstrate knowledge of project
management techniques
understand the importance of
compliance risk management when
working on international projects,
as the regulatory landscape in
other countries/locations can differ
substantially from the ones from where
the project (and the team) is based

50

rimap
LEVEL (X)

rimap
ADVANCED
LEVEL (X)

BLOCK 06: SPECIFIC RISK MANAGEMENT TOPICS

TOPIC 5: MERGERS AND ACQUISITIONS


CHAPTER

LEARNING OUTCOME

M&As and corporate


strategy

know how to map a path to


optimise your portfolio
know how to cooperate in the
due diligence process
be able to define an optimal
portfolio of businesses, as well
as the right mix of internal and
external business growth
be able to design a post-M&A
integration approach that fits strategic
and risk objectives, while also taking
into account human constraints
understand differences in
corporate risk cultures
understand the implications of
M&As from an insurance point of
view (for example: cancellation
of existing policies; D&O)
be able to describe insurance
products used to solve problems in
M&A deals (for example legal issues;
pollution; liability guarantee)

rimap
LEVEL (X)

rimap
ADVANCED
LEVEL (X)

TOPIC 6: BUSINESS CONTINUITY AND DISASTER RECOVERY MANAGEMENT


rimap
LEVEL (X)

rimap
ADVANCED
LEVEL (X)

CHAPTER

LEARNING OUTCOME

Business continuity
management

Learn to embed business continuity


plans in the organisational culture:
identify a crisis situation
decide how and when to respond
communicate both internally
and externally
lead and direct the recovery process
know the contents of the ISO
22301 standard for business
continuity management systems

Disaster recovery
management

understand key concepts of


developing business continuity
and disaster recovery strategies
know how to design and implement
Disaster Recovery plans
be able to prepare and conduct
awareness and training programmes

51

BLOCK 06: SPECIFIC RISK MANAGEMENT TOPICS

TOPIC 7: EMERGING AND FUTURE RISKS


CHAPTER

LEARNING OUTCOME

Emerging and future risks

Show awareness of emerging and


future risks, such as: climate change;
nanotechnologies; robotics; wearable
devices

rimap
LEVEL (X)

rimap
ADVANCED
LEVEL (X)
X

TOPIC 8: OTHER TOPICS


CHAPTER

LEARNING OUTCOME

Regional specific topics

rimap
LEVEL (X)

rimap
ADVANCED
LEVEL (X)
X

52

BLOCK 06: SPECIFIC RISK MANAGEMENT TOPICS

BIBLIOGRAPHY, READING, LEARNING MATERIALS


Beasley, M., Branson, B., Pagach, D., Scott, P., Beaumier, C., DeLoach, J. and Donahue, K. (2015).
Executive perspectives on top risks for 2015: Key issues being discussed in the boardroom and c-suite
(online resource). Author as publisher.
Retrieved from http://www.protiviti.com/en-US/Documents/Surveys/NC-State-Protiviti-Survey-Top-Risks-2015.
pdf.
Institute of Risk Management (IRM). (2014). Extended enterprise: Managing risk in complex 21st century
organisations: Executive Summary (online resource). London, England: Author.
Retrieved from https://www.theirm.org/media/1155369/IRM-Extended-Enterprise_A5_AW.pdf.
ISACA. (2007). COBIT 4.1: Framework for IT Governance and Control (online resource). Rolling Meadows,
IL: Author.
Retrieved from http://www.isaca.org/Knowledge-Center/cobit/Pages/Overview.aspx.
ISACA. (2009). Risk IT: Framework for management of it related business risks. Rolling Meadows, IL:
Author.
ISACA. (2009). Val IT: Framework for business technology management. Rolling Meadows, IL: Author.
Retrieved from http://www.isaca.org/knowledge-center/val-it-it-value-delivery-/pages/val-it1.aspx?utm_
source=multiple&utm_medium=multiple&utm_content=friendly&utm_campaign=valit.
ISACA. (2012). COBIT 5: A business framework for the governance and management of enterprise IT.
Rolling Meadows, IL: Author.
ISACA. (2014). ITAF 3rd edition: A professional practices framework for IS audit/assurance (online resource).
Rolling Meadows, IL: Author.
Retrieved from http://www.isaca.org/Knowledge-Center/Research/Documents/ITAF-3rd-Edition_fmk_
Eng_1014.pdf.
Kvint, V. (2009). The global emerging market: Strategic management and economics. London, England:
Routledge.
Norrman, A. and Jansson, U. (2004). Ericssons proactive supply chain risk management approach after a
serious sub-supplier accident. International Journal of Physical Distribution & Logistics Management, 34 (5),
434456.
Olsson, C. (2002). Risk management in emerging markets: How to survive and prosper. London, England:
Pearson Education Limited.
Project Management Institute (PMI). (2015). A guide to the project management body of knowledge
(PMBOK guide) (5th ed.). Newtown Square, PA: Author.
Reason, J. (1990). Human error. Cambridge, England: Cambridge University Press.
World Economic Forum. (2015). Global Risks 2015: 10th edition. Cologny/Geneva, Switzerland: Author.
Retrieved from http://www3.weforum.org/docs/WEF_Global_Risks_2015_Report15.pdf.

WEBSITES:
The Bank for International Settlements (BIS) website offers important information about voluntary regulatory
frameworks, like the BIS Basel I, II and III standards. (http://www.bis.org/index.htm ).
The Economist website contains articles and archive material from The Economist including country surveys.
(www.economist.com ).
The Global Association of Risk Professionals website can offer essential resources like the Foundations of
Banking Risk. (http://www.garp.org ).
The Institute of Internal Finance website publishes country and regional reports on various emerging market
countries. (www.iif.com).

53

BY

You might also like