Rimap Body of Knowledge
Rimap Body of Knowledge
Rimap Body of Knowledge
SEPTEMBER 2015
BY
BODY OF KNOWLEDGE
BY
BODY OF KNOWLEDGE
ABOUT
TABLE 1. STRUCTURE OF
THE BODY OF KNOWLEDGE
BLOCK 00: Business basics for the risk
manager
BLOCK 01: Essentials of risk management
BLOCK 02: Risk assessment
BLOCK 03: Risk treatment I
BLOCK 04: Risk treatment II
BLOCK 05: Risk communication,
monitoring and review
BLOCK 06: Specific risk management topics
DESCRIPTION
OF THE BLOCKS
Block 00
BUSINESS
BASICS FOR THE
RISK MANAGER
COMMENTS
Block 00 prepares
candidates for the
remainder of the programme
by reviewing and defining
fundamental aspects of
business management. The
goal is to equip candidates
with the essential
management tools they will
require as they progress to
more senior roles within
their organisation. Block 00
will also help individuals
identify the computer skills
they will require throughout
their career.
AIM
The aim of this block is to enable applicants to map their existing
knowledge and experience to the learning objectives of the rimap
certification. Block 00 covers the basic knowledge, skills and techniques
that are pre-requisites for developing a career as a risk manager.
INPUT
Much of the input for this block will come from candidates prior
knowledge and experience of risk management.
OUTPUT
This introductory block will enable applicants to put their existing
knowledge and skills in context, and to revise basic principles in readiness
for completing the other blocks.
COVERAGE
1. Essentials of economics
and international business
2. Basic statistics and financial mathematics
3. Basic corporate finance
4. Financial statements
5. Basics of general management
6. Legal and contract management
7. Basic marketing
8. Communication
9. Information technology
10. Change management
Block 01
ESSENTIALS
OF RISK
MANAGEMENT
AIM
This block sets out the fundamental knowledge that applicants will
require for a career in risk management. It sets risk management within
the broader context of the organisation. Its objective is to ensure that
candidates understand the principles and frameworks that underpin an
efficient and coherent risk management process that creates and protects
values.
COMMENTS
The block can be completed
with variations to reflect
national regulations/
standards and local factors.
INPUT
Standards including ISO 31000, COSO ERM, FERMA, ANZ.
OUTPUT
Knowledge of the frameworks, standards and context that underpin risk
management.
COVERAGE
1. Introduction to the rimap certification (4 pillars system)
2. Principles and aims of enterprise-wide risk management
(including ethical principles)
3. Risk management frameworks and standards
4. Risk management in the organisation
5. Organisation strategy, objectives, responsibilities, and programme
6. Risk appetite, risk tolerance, risk attitude, risk capacity, limits
7. Types and impact of risk on organisations
8. Risk management process: identification, assessment, treatment,
control, financing
9. Added value, cost and benefits of risk management
Block 02
RISK
ASSESSMENT
COMMENTS
The main outcome of this
block will be the capability
to identify, compile, analyse,
evaluate and measure
exposure to the following:
- probable risks
- accidental risks
- extraordinary risks
business losses faced
by individuals and
organisations
This will include the
following risk categories:
- emerging (for example
cyber, social media and
climate change risk)
AIM
This block defines the process of risk identification, assessment and
evaluation within an organisation. It also describes the range of analytical
tools and techniques available to assess risk.
INPUT
Risk management frameworks; statistical methods and modelling;
quantitative assessment and forecasting methods; probability analysis;
financial analysis; security analysis.
OUTPUT
Ability to comprehensively identify and assess risks of all types while
employing theoretical valuation and forecasting methods.
COVERAGE
1. Risk and uncertainty and their impact on strategy
2. Risk identification and classification
3. Risk identification techniques
4. Qualitative risk analysis tools and techniques
5. Quantitative risk analysis tools and techniques
6. Risk consequence, likelihood and severity
7. Risk modelling
8. Risk register, risk matrix, risk profile
9. Other
- reputation
- regulatory
- supply chain
- financial
- legal
- property
- personnel
- environmental
- fraud
Block 03
RISK
TREATMENT I
COMMENTS
Applicants must
demonstrate that they can
develop loss prevention
and protection strategies,
as well as engage with
business units. They
should show evidence of
having managed different
types and magnitudes
of loss prevention and
protection, as well as having
monitored risk activity and
results. Candidates must
demonstrate that they
understand a wide range
of risk control techniques,
including prevention,
protection and reduction.
AIM
This block describes the mechanisms and tools that are required for the
treatment of risks and losses, with particular emphasis on control and
reduction measures. Its aim is to communicate the nature, purpose and
steps involved in risk control.
INPUT
Economic and regulatory capital concepts; environmental and social
awareness; regulatory aspects; capital adequacy; economics and capability
of risk assumption and transfer; operations management; human resource
management (HRM); limit setting; compliance principles; principles of
crisis management; managerial accounting concepts; quality control;
general approaches to business continuity planning (BCP); basic
knowledge of technical equipment and tools to prevent fire, flood and
natural hazards.
OUTPUT
Ability to develop decision-making frameworks encompassing risk
assumption, treatment and/or transfer. Ability to develop response action
planning related to IT risks; business interruption (BI); crisis management;
and investigation by a governing body.
COVERAGE
1. General aspects (organisation risk appetite; inherent and current level
of risk; risk tolerance, treatment, transfer and termination)
2. Types of risk treatment/response
3. Risk control techniques: loss prevention, claims management
and opportunities
4. General/financial risk-related controls
5. Business continuity: emergency and crisis management
6. Other techniques
Block 04
RISK
TREATMENT II
AIM
This block encompasses basic financing techniques; the principles
underpinning insurance; and the primary benefits insurance contributes to
society. It emphasises that a key part of the risk treatment process is risk
sharing. It describes the risk financing process, with the goal of ensuring
that candidates understand the nature, purpose, and steps involved in risk
financing (retention and transfer).
COMMENTS
Applicants should be
able to demonstrate an
understanding of techniques
used for financing retention,
transfer, insurance or the
alternative risk transfer.
They should understand
the criteria for making
risk financing decisions,
as well as how to develop
risk financing strategies,
along with the selection,
implementation and
monitoring of risk financing
techniques. They should
be able to demonstrate
knowledge of relevant
legal concepts and the
legal environment in which
insurance operates.
They should understand
the concepts of risk
and its relationship to
insurance, as well as the
relationship between risk
management and the
organisation insurance
policy. They should be
able to develop alternative
financing techniques such
as insurance, self-insurance,
retrospective rating,
reinsurance, or captive
insurance.
INPUT
Actuarial science; insurance economics; procurement principles; the legal,
economic and operations perspectives of captive insurance companies;
the reinsurance market; principles of financial instruments; the
investment banking sector; the use of fundamental and technical analysis
in decision-making process; stress testing; scenario analysis; valuation and
bookkeeping of insurance instruments.
OUTPUT
Ability to develop economics-based decision-making frameworks for
risk transfer. Knowledge of best practice in concluding risk transfer
arrangements and claims management (including set-up of internal rules
and procedures). Knowledge of when and how to obtain insurance, and
also when it is no longer necessary.
COVERAGE
1. Risk financing techniques
2. Insurance sector
3. Insurance
4. Reinsurance
5. Captive (re)insurance companies
6. Alternative risk transfer
7. International insurance market
10
Block 05
RISK
COMMUNICATION,
MONITORING
AND REVIEW
COMMENTS
Within the organisation
assurance environment and
the context of organisation
policy, candidates should
understand how to get a
specific level of satisfaction
with respect to the reliability
of the risk management
information and
documentation provided.
AIM
This block will enable candidates to gain skills in communicating risk
to stakeholders, and consulting with them about risk. Candidates will
also develop an understanding of the importance of having a sound risk
culture in order to deliver reliable risk management that encompasses
all aspects of an organisations risk profile. In addition. the block deals
with components of monitoring and review, such as coverage, design of
risk reports, their frequency and who should receive them. These are
considered as critical parts of the risk management process.
INPUT
Basic knowledge of organisation culture; relations with stakeholders; risk
information; and value added decision-making processes.
OUTPUT
Knowledge of how to produce a risk report and action plan for an
organisations senior management team.
COVERAGE
1. Risk culture and the human factor
2. Corporate social responsibility
3. Communication, consultation, corporate governance
and the role of the board
4. Risk management information systems
5. Risk monitoring
6. Risk review
7. Risk assurance
8. Risk reporting
11
Block 06
SPECIFIC RISK
MANAGEMENT
TOPICS
COMMENTS
Candidates should
have a grasp of the
concrete tools available
for the management of
specific risks, such as
operational, supply chain,
incident and claims, as
well as understanding
the relationship of risk
management to business
continuity and crisis
management. They should
also have an understanding
of risks relating to mergers
and acquisitions, and
risk management around
projects.
AIM
The goal of this block is to explore important business areas specifically
related to risk and risk management, such as business continuity, incident
and claims management, and crisis management, along with their link to
strategic management.
INPUT
Basic technical knowledge about IT (hardware/software, cyber risks);
the merger and acquisition process (due diligence and integration);
loss of profit evaluation (gross earning/gross profit); analysis of financial
statements.
OUTPUT
To be able to understand the theories, best practices and trends relating to
the different topics covered in this block.
COVERAGE
1. Operational risk management
2. Supply chain risk management
3. Incident and claims management
4. Portfolio, programmes and project risk management
5. Mergers and acquisitions
6. Business continuity and disaster recovery management
7. Emerging and future risks
8. Other topics
12
LEARNING OUTCOMES
Block 00
LEARNING OUTCOME
Macroeconomics
Macro dynamics
inflation
economic growth
business cycles
open macroeconomics
foreign exchange rate
13
LEARNING OUTCOME
Basics in statistics
Hypothesis testing
LEARNING OUTCOME
what is value?
the valuation process
value creation for shareholders
what is cash flow?
basics of cash flow analysis
terminal values
investment decisions
project evaluation: method for ranking investment
proposals; capital resource rationing; common
pitfalls (e.g. sunk costs; depreciation)
14
LEARNING OUTCOME
LEARNING OUTCOME
ICT strategy
IT architecture and the design and use of ICT systems
Given the growth and importance of large business information
systems that are able to register and process immense data
sets, the use of enterprise resource planning (ERP) systems and
business intelligence is also important.
Principles of organisational
behaviour
self-management skills
leadership vs. management
expectations and accountabilities
conflict and change management
cultural differences
15
LEARNING OUTCOME
Principles of law
Compliance
Ethics
LEARNING OUTCOME
Marketing strategies
TOPIC 8: COMMUNICATION
CHAPTER
LEARNING OUTCOME
16
LEARNING OUTCOME
Basic IT knowledge
ICT infrastructure
LEARNING OUTCOME
Psychology of change
Managing change
communication plan
coaching plan
overcoming resistance
management plan
training plan
master change plan
17
18
Block 01
rimap
ADVANCED
LEVEL (X)
CHAPTER
LEARNING OUTCOME
Risk management
associations
FERMA
The 4 pillars
19
LEARNING OUTCOME
Aims of ERM
rimap
LEVEL (X)
rimap
ADVANCED
LEVEL (X)
rimap
LEVEL (X)
rimap
ADVANCED
LEVEL (X)
LEARNING OUTCOME
COSO ERM
ISO 31000
Local framework
Other international
standards
FERMA framework
IRM standards
ISO 31010 and 31004
COSO 3
Knowledge of organisation-specific
standards, if these exist
20
rimap
ADVANCED
LEVEL (X)
Historical background
Risk Management in
the organisation
Reporting lines
Operational management
Risk Management internal control
Internal and external audit
CHAPTER
LEARNING OUTCOME
rimap
ADVANCED
LEVEL (X)
CHAPTER
LEARNING OUTCOME
Risk Management
responsibilities
Implementation of the
framework
21
TOPIC 6: RISK APPETITE, RISK TOLERANCE, RISK ATTITUDE, RISK CAPACITY, LIMITS
rimap
LEVEL (X)
rimap
ADVANCED
LEVEL (X)
rimap
LEVEL (X)
rimap
ADVANCED
LEVEL (X)
CHAPTER
LEARNING OUTCOME
LEARNING OUTCOME
Definition of risk
Types of risks
internal or external
strategic or operational
HR
legal
Impact of risks
financial impact
non-financial impact
risk register
spreadsheet
computer-based system
22
rimap
ADVANCED
LEVEL (X)
Identification and
assessment (definition)
Feedback mechanisms
CHAPTER
LEARNING OUTCOME
rimap
ADVANCED
LEVEL (X)
CHAPTER
LEARNING OUTCOME
Cost of risk
23
24
as publisher.
Retrieved from http://www.protiviti.com/en-US/Pages/Guide-to-Enterprise-Risk-Management.aspx.
Rittenberg, L. and Martens, F. (2012). Understanding and communicating risk appetite (eBook). USA:
Committee of Sponsoring Organizations of the Treadway Commission (COSO).
Retrieved from http://www.coso.org/documents/ERM-Understanding%20%20Communicating%20Risk%20
Appetite-WEB_FINAL_r9.pdf .
Passenheim, O. (2013). Enterprise risk management (eBook).
Retrieved from http://bookboon.com/en/enterprise-risk-management-ebook.
PricewaterhouseCoopers (PwC). (2013). Internal control integrated framework: Executive summary,
framework and appendices, and illustrative tools for assessing effectiveness of a system of internal control
(online resource). New York, NY: American Institute of Certified Public Accountants (AICPA).
Protiviti. (2006). Guide to enterprise risk management frequently asked questions (online resource).
Author as publisher.
Retrieved from http://www.protiviti.com/en-US/Pages/Guide-to-Enterprise-Risk-Management.aspx.
World Economic Forum. (2015). Global risks 2015 (online resource). Cologny, Geneva: Author.
Retrieved from http://reports.weforum.org/global-risks-2015/.
25
Block 02
RISK ASSESSMENT
rimap
ADVANCED
LEVEL (X)
CHAPTER
LEARNING OUTCOME
Risk policy
26
Risk tactics
rimap
ADVANCED
LEVEL (X)
Risk classification(s)
Description of principal
risks
Identification of principal
risks
Correlated and
consequential risks
Classification of loss
exposure
CHAPTER
LEARNING OUTCOME
27
rimap
ADVANCED
LEVEL (X)
CHAPTER
LEARNING OUTCOME
Methods of identifying
risks and loss exposure
(introduction)
strategic (objectives-based)
scenario analysis via identification
of risk sources (taxonomy-based)
failure mode and effect
analysis (FMEA)
incident analysis
Other methods
LEARNING OUTCOME
Quantitative methods
rimap
LEVEL (X)
rimap
ADVANCED
LEVEL (X)
X
X
rimap
ADVANCED
LEVEL (X)
CHAPTER
LEARNING OUTCOME
Quantitative methods
Statistical methods
28
rimap
ADVANCED
LEVEL (X)
Qualitative approach
Quantitative approach
rimap
LEVEL (X)
rimap
ADVANCED
LEVEL (X)
CHAPTER
LEARNING OUTCOME
LEARNING OUTCOME
Economic capital
29
rimap
ADVANCED
LEVEL (X)
CHAPTER
LEARNING OUTCOME
Risk register
Risk matrix
Risk profile
Risk map
30
Block 03
RISK TREATMENT I
LEARNING OUTCOME
rimap
LEVEL (X)
rimap
ADVANCED
LEVEL (X)
LEARNING OUTCOME
Risk response
31
rimap
LEVEL (X)
rimap
ADVANCED
LEVEL (X)
rimap
ADVANCED
LEVEL (X)
Risk mitigation/preventive
techniques
Separation, diversification
and duplication techniques
CHAPTER
LEARNING OUTCOME
Risk avoidance
rimap
ADVANCED
LEVEL (X)
CHAPTER
LEARNING OUTCOME
Limit setting
Control set-up
Others
fraud control
historical liabilities (for example
exposure to asbestos; liabilities
related to pension funds)
32
rimap
ADVANCED
LEVEL (X)
CHAPTER
LEARNING OUTCOME
Business continuity
(definition)
policies
pre-disaster protection and
mitigation measures
continuity of operations planning
post-disaster response and recovery
elements of continuity planning
LEARNING OUTCOME
Other techniques
rimap
LEVEL (X)
rimap
ADVANCED
LEVEL (X)
X
33
34
Block 04
RISK TREATMENT II
rimap
ADVANCED
LEVEL (X)
Risk retention
Risk transfer
Securitisation
CHAPTER
LEARNING OUTCOME
35
rimap
ADVANCED
LEVEL (X)
Insurance market
Insurance programmes
International insurance
legislation and regulations
CHAPTER
LEARNING OUTCOME
36
TOPIC 3: INSURANCE
rimap
LEVEL (X)
rimap
ADVANCED
LEVEL (X)
Premium
Deductibles
Material contractual
obligations
rimap
LEVEL (X)
rimap
ADVANCED
LEVEL (X)
CHAPTER
LEARNING OUTCOME
TOPIC 4: REINSURANCE
CHAPTER
LEARNING OUTCOME
Definition of reinsurance
Reinsurance market
Classifications
37
LEARNING OUTCOME
Definition of captive
rimap
LEVEL (X)
rimap
ADVANCED
LEVEL (X)
Classification
Organisations and
applications
LEARNING OUTCOME
Standard methods
rimap
LEVEL (X)
rimap
ADVANCED
LEVEL (X)
LEARNING OUTCOME
International insurance
programmes
38
rimap
LEVEL (X)
rimap
ADVANCED
LEVEL (X)
X
X
39
Block 05
RISK COMMUNICATION,
MONITORING AND REVIEW
rimap
ADVANCED
LEVEL (X)
CHAPTER
LEARNING OUTCOME
Definitions
40
rimap
ADVANCED
LEVEL (X)
CHAPTER
LEARNING OUTCOME
Definition of corporate
social responsibility (CSR)
corporate self-regulation
within the business model
ensuring that all stakeholders embrace
responsibility for corporate actions
COSO: demystifying
sustainability risks
Standards
LEARNING OUTCOME
Definitions
Communication
41
rimap
LEVEL (X)
rimap
ADVANCED
LEVEL (X)
Consultation
Communication plans
Stakeholder definition
Communication with
stakeholders
Conditions
42
LEARNING OUTCOME
Risk management
information systems
rimap
LEVEL (X)
rimap
ADVANCED
LEVEL (X)
LEARNING OUTCOME
Risk monitoring
rimap
LEVEL (X)
rimap
ADVANCED
LEVEL (X)
43
rimap
ADVANCED
LEVEL (X)
CHAPTER
LEARNING OUTCOME
General principles
Risk indicators
LEARNING OUTCOME
Process assurance
rimap
LEVEL (X)
rimap
ADVANCED
LEVEL (X)
X
44
rimap
ADVANCED
LEVEL (X)
CHAPTER
LEARNING OUTCOME
Definition of internal
reporting
External reporting
45
Communication,
coordination and reportwriting
46
47
Block 06
LEARNING OUTCOME
rimap
LEVEL (X)
rimap
ADVANCED
LEVEL (X)
Operational risk
management definition
Operational risk
management in industry
Analysing risks:
loss protection and prevention
loss mitigation solutions in different
kinds of risks (for example, propertyliability; transport; credit)
Definition and classification of
operational risks provided by the Global
Association of Risk Professionals (GARP)
Relationship between the three
operational risk components:
technology development
business processes and
organisational development
(including internal control)
human resources development
(soft factors such as moral
hazard; cognitive biases; and
institutional theory must be
strongly taken into consideration
Concepts of layers of cheese and
organisational (corporate) pathogens, as
described by J. Reason
Operational risk
management in finance
48
rimap
ADVANCED
LEVEL (X)
CHAPTER
LEARNING OUTCOME
Logistics management
49
rimap
ADVANCED
LEVEL (X)
CHAPTER
LEARNING OUTCOME
Database management
Claims management
LEARNING OUTCOME
50
rimap
LEVEL (X)
rimap
ADVANCED
LEVEL (X)
LEARNING OUTCOME
rimap
LEVEL (X)
rimap
ADVANCED
LEVEL (X)
rimap
ADVANCED
LEVEL (X)
CHAPTER
LEARNING OUTCOME
Business continuity
management
Disaster recovery
management
51
LEARNING OUTCOME
rimap
LEVEL (X)
rimap
ADVANCED
LEVEL (X)
X
LEARNING OUTCOME
rimap
LEVEL (X)
rimap
ADVANCED
LEVEL (X)
X
52
WEBSITES:
The Bank for International Settlements (BIS) website offers important information about voluntary regulatory
frameworks, like the BIS Basel I, II and III standards. (http://www.bis.org/index.htm ).
The Economist website contains articles and archive material from The Economist including country surveys.
(www.economist.com ).
The Global Association of Risk Professionals website can offer essential resources like the Foundations of
Banking Risk. (http://www.garp.org ).
The Institute of Internal Finance website publishes country and regional reports on various emerging market
countries. (www.iif.com).
53
BY