Improve your

chances of
assessment
success

Blended Learning
Sign up and join our online interactive
workshops to fully get to grips with
the study materials and develop an
effective study plan.

www.theirm.org | Tel: +44 (0)7469 353441 | Email: [email protected]

CONTENTS

PAGE

About the Institute of Risk Management (IRM) ................................................................1

IRM qualification aims.......................................................................................................1
IRM professional standards ..............................................................................................3
Time constraints ...............................................................................................................4
Collaboration in the design of the qualification .................................................................4
Key dates ..........................................................................................................................4
Language requirements ....................................................................................................4
Support for teaching and learning .....................................................................................5
Qualification structure .......................................................................................................7
Entry requirements ...........................................................................................................8
Equality and diversity ........................................................................................................8
Qualification delivery.........................................................................................................8
Complaints ........................................................................................................................9
Overview of Module 1: Principles of Risk and Risk Management ..................................10
Module Learning Aims ....................................................................................................10
Overview of Module 2: Practice of Risk Management ....................................................23
Module learning aims......................................................................................................23
Assessment ....................................................................................................................37
Appendix 1 Verbs used in the aims and learning outcomes ...........................................40
Appendix 2 Glossary of terms used ................................................................................41
1. About the Institute of Risk Management

The Institute of Risk Management (hereafter known as the IRM), is the leading professional
body for risk management. The IRM is an independent, not-for-profit organisation that
champions excellence in managing risk to improve organisational performance. IRM does
this by providing internationally recognised qualifications and training, publishing research
and guidance, and by setting professional standards across the world. IRM’s members work
in all industries, in all risk disciplines and across the public, private and not-for-profit sectors.

2. IRM Qualification Aims

IRM qualifications are aimed at practising or aspiring managers and leaders who are in
decision making roles or working as risk management practitioners. The qualifications
provide students with a broad knowledge and practical skills in risk management, which can
be immediately applied in the workplace.

IRM qualifications provide a holistic, flexible, and module-based approach which are
assessed comprehensively by using multiple choice questions and written assignments.

The IRM’s International Certificate in Enterprise Risk Management (ERM) is designed to

introduce students to the fundamental theory, management, and application of ERM to
ensure timely organisational success. This in turn enhances an organisation’s ability to
achieve its objectives and ensure sustainability based on transparent and ethical behaviours.

2.1 Aims of the IRM’s International Certificate in Enterprise Risk Management:

• Develop students’ knowledge, understanding and skills needed to recognise and

manage risks in an organisation.

• Develop enquiring minds, to ensure that students have the ability and confidence to
work across different business functions in an organisation to recognise lead,
manage and respond to risks in their departments and across the organisation; and

• Develop transferable skills including: Communication, problem solving, adaptability,

time management, organisational and research skills.

1|Page
2.2 IRM qualifications address these aims by designing learning to impart knowledge
through academic theory and practical application through:

• Module 1 which provides the foundation of risk management through the

examination of core principles and concepts.

• Module 2 which builds on the foundations studied in Module 1, to assess how risk
management can be effectively and practically embedded within an organisation.

• The six units in each module explore various aspects of risk management in detail
and meet the aims as follows:

 Each unit consists of a several lessons which provide knowledge in bite-size

pieces.
 Each unit is accompanied by relevant references to essential and further
reading material in the form of books, articles, case studies, websites, videos,
and blogs that support the lessons being taught.
 Each unit include reference to materials that students are expected to access
and assimilate (essential) and materials that will widen their knowledge of the
subject.
 The Certificate is taught over a 6-9 month period, which requires skill in time
management, which is supported by the planning materials in the Student
Handbook.
 Undertaking the activities and engaging in the discussion forums for both
modules support students in challenging academic materials.
 Enabling students to be better able to be involved in and implement risk
management processes.
 Undertaking the activities allows students to use the theory taught to apply it to
a practical situation and improve their confidence in their risk management
knowledge. It also allows students to align their learning to employers and
higher education needs for skilled workforce.
 Each unit has been designed by qualified risk managers, who are expert
practitioners in the field of risk management and engaged in academic activities
outside of the IRM.
 The outline specification for the Certificate has been shared with previous
students and external risk management professionals to test the validity and
value of the subject matter, in line with students and potential and existing
employer expectations.

2|Page
2.3 Providing activities and summative assessments (sometimes called assessment of
learning is a formal method to evaluate learning by comparing learning to a standard or
benchmark. This is typically at the end of a unit, module or time period. Summative
assessment often takes the form of a unit or module test), to progress students to the
next unit or module:

• Each unit includes several activities that provide students with the opportunity to
practically apply what they have been taught through the lessons. Each activity is
followed by sample answers from the IRM to ensure the student fully understands
what was being asked of them.
• The modules include an introductory and a summary video. Module 1 includes an
additional examination guidance video, followed by access to a specimen multiple-
choice examination paper, that supports students when sitting the examinations as it
provides them with knowledge of the examination format and the expectations of the
examiners. Module 2 includes an additional assignment writing video which provide
students with guidance on academic writing.

3. IRM Professional Standards

The IRM professional standards are designed so that they can be used by anyone involved
in risk management. They are flexible and can be adapted and used in all types of
organisation, sector, and geographical regions.

The IRM Professional Standards has four functional areas broken down into risk functional
area components. They are:

• Insights and context

 risk management principles and practice

 organisational environment
 external operating environment.

• Strategy and performance develop a risk management strategy to meet organisational

needs

 risk management strategy and architecture

 risk management policy and procedures
 risk culture and appetite
 risk performance and reporting.

• Risk management process

 risk assessment
 risk treatment.

3|Page
 • Organisational capability

 communication and consultation

 change management
 people management.

The standards are written as outcomes of competent performance which is the need for
relevant knowledge to achieve the standards. For more in-depth information on the
Professional standards of the IRM, please refer to our website https://www.theirm.org/what-
we-do/about-us/professional-standards/

4. Time Constraints
Once students register it will be valid for two years.

5. Collaboration in the Design of the Qualification

• BHP Global Risk - Previous student

• BHP Mining – Australia Global - Client and previous student
• CEO Satarla UK - CEO
• Client - Ervia Utilities Ireland - Client
• Expert Partners Ireland
• Faithful and Gould Construction – UK - Previous student
• KB Risk Consulting Limited - Director
• Metro Bank - Previous student
• Satarla - Previous student
• UK Police Services - Previous student

6. Key Dates
The assessment dates are May/June and November/December.

7. Language requirements
The qualification is delivered in the English language.

4|Page
8. Support for Teaching and Learning
This course is self-directed distance learning so that students have the flexibility of studying
at their own pace.

8.1 Virtual Learning Environment (VLE)

The IRM provides learning materials for all units on the VLE, (Moodle). Learners also have
access to openly available essential and further reference materials. Module coaches also
have full access to all learning materials to prepare themselves for teaching. Access to the
next unit is provided to students once a unit is completed.

8.2 Webinars/Videos

Students are given free access to a range of webinars and videos. They also have access to
discussion forums to interact with fellow students, coaches and the IRM student support
team.

8.3 Optional Blended Learning

The IRM offers a blended learning option at a cost for students who may prefer a more
interactive customised learning experience. These student-centred workshops reinforce
students understanding of the topics and help them develop the practical skills needed to put
their learning into practice.

8.4 Student Handbook

Students have access to a student handbook which contains a range of background,

guidance and key information that prepares them for successful study and attaining the
qualification. Some sections of the handbook are advisory, helping students to organise and
refine their study and examination skills. Some sections contain essential information that
students must be aware of and careful to follow. The essential information is indicated with
an asterisk (*) in the contents list, and on the title page of each relevant section. Students
should read the handbook in its entirety before they start studying.

5|Page
8.5 Student Membership

Students who have enrolled on the Certificate course automatically become student
members of the IRM. This membership entitles students to several benefits including:

• Access to news and information on the latest developments in the risk profession, in the
form of the Enterprise Risk, IRM’s quarterly magazine.

• Thought leadership by participating in IRM consultation exercises to assist in supporting,

informing, and influencing the regulatory framework in which risk management operates.

• Events and networking to debate and share experiences with peers in the global risk
management community.

• Online discussion forums to enable students to network with other students globally and
discuss studies in virtual student groups.

• Demonstrating to employers student’s commitment to knowledge progression and

supporting the organisation.

The IRM student support team can be contacted by telephone or email to assist with any
administrative issues related to studies. Students completing and passing the examination of
the International Certificate in Enterprise Risk Management can use the letters IRMCert after
their names and automatically become Certificate Members of the IRM.

6|Page
9. Qualification Structure

9.1 Qualification Requirements and Rules of Combination

The qualification structure has been designed to support students to address their own
developmental needs and interests. The qualification is split into two Modules each with
attached units.

Students need to complete all the units in this qualification as follows:

Module Unit Unit Title Approximate

number Learning
hours
1 Principles of Risk Unit 1 Key Concepts in Risk 30
and Risk Management
Management Unit 2 Strategic Planning for Enterprise 30
Risk Management
Unit 3 Context, Objectives, and Risk 30
Assessment
Unit 4 Managing, Monitoring and 30
Reporting Risks
Unit 5 Risk Culture and Appetite 30

Unit 6 Corporate Governance and Risk 30

Assurance
2 Practice of Risk Unit 7 Risk Management and Strategy 30
Management
Unit 8 Sustainability 30

Unit 9 Resilience 30

Unit 10 Approaches to Risk 30

Management
Unit 11 Embedding and Maintaining 30
Risk Management
Unit 12 Risk Management 30
Competencies

7|Page
10. Entry Requirements
Although the IRM does not have any specific formal entry requirements, it ensures that
students have sufficient capability at the right level to undertake the learning and
assessment.

The IRM may consider students prior learning when considering acceptance to IRM
qualifications. See the IRM Recognition of Prior Learning Policy.

Please note, the qualification is offered in English therefore a reasonable knowledge of the
English language is important.

11. Equality and Diversity

The IRM ensures that students/apprentices are provided with equal opportunities to access
all qualifications and assessments, by considering and providing reasonable measures and
special consideration for all.

The IRM endeavours to ensure that all processes, structure, content and arrangements for
content, coaching, assessment, and awarding of certificates:

• Ensure access and equality of opportunity without affecting the integrity of the
qualification.

• Guarantees fair assessment for all students, including those requiring special
considerations.

• Complies with the UK Equality and Diversity legislation by ensuring that there is no
discrimination on grounds age, disability, gender identity or gender reassignment,
marriage or civil partnership, pregnancy or maternity, race or ethnic origin, religion
or belief, sex or sexual orientation.

For further information, please see the IRM’s Equality and Diversity Policy and Reasonable
Adjustments Policy.

12. Qualification Delivery

The IRM ensures that students have access to a full range of information, advice, and
guidance to support them in completing the qualification.

8|Page
13. Complaints
Complaints can be emailed to the relevant individual directly to resolve the issue swiftly.

If dissatisfied with the response, an appeal can be sent to the Chief Operating Officer (COO)
- [email protected] - ensuring that name, address, and telephone number, names,
and details of the complaint itself are included. Complaints are acknowledged to within five
working days of receipt and the matter is investigated and action is decided on and taken. A
further appeal can be made which is escalated to the Chief Executive Officer (CEO) who
acknowledges within seven days and arranges an Appeal Review Panel within fourteen
days.

9|Page
14. Overview of Module 1: Principles of Risk and Risk
Management

This module introduces the principles and concepts of risk and risk management and its
development through to Enterprise Risk Management based on international best practices.
The principles and framework are explored as the foundations for the effective
implementation of risk management. An examination of the risk management process is
provided through the lens of four simple steps:

• Defining context and objectives

• Assessing the risks
• Managing the risks
• and monitoring, reviewing, and reporting on them.

Risk appetite and tolerance is then explored as a means of understanding how much risk
an organisation is willing to accept or take in pursuit of its objectives, which leads to an
assessment of corporate governance and the need to provide assurance to any
organisation that, in the face of the risks it faces, it is able to achieve its objectives.

Module Learning Aims

By the end of Module 1 students will be able to:

Units Learning Aims

Unit 1 Key Concepts in Risk Appraise the nature and requirements

Management of risk and risk management, and the
purpose of managing risk, in-line with
recognised international standards.
Unit 2 Strategic Planning for Enterprise Determine the most appropriate risk
Risk Management management principles, framework, and
process for an organisation.
Unit 3 Context, Objectives, and Risk Determine the most important risks of an
Assessment organisation given its context and
objectives.
Unit 4 Managing, Monitoring and Establish an organisational environment
Reporting Risks where risks are effectively managed,
monitored, and reported on.
Unit 5 Risk Culture and Appetite Determine the appropriate level of risk
that an organisation can take in relation
to its risk culture.
Unit 6 Corporate Governance and Risk Examine the role of risk management
Assurance within corporate governance and risk
assurance.

10 | P a g e
 UNIT 1 | CONCEPTS AND DEFINITIONS OF RISK AND RISK MANAGEMENT

Unit 1 Key Concepts in Risk Management

Learning hours: 30

Assessment Guidance: Multiple choice questions and written

assignment

Unit Learning Aim

After studying this unit, students will be able to:

• Appraise the nature and requirements of risk and risk management, and the
purpose of managing risk, in-line with recognised international standards.

Unit in Brief

In this unit students are introduced to risk management concepts. They are also introduced
to the importance of risk management across enterprises as well as internationally
accepted standards and frameworks that support the effective implementation of risk
management.

Introduction to Unit

This unit introduces the concept of Enterprise Risk Management (ERM). Once introduced,
the terms risk management and ERM will represent the same concept, unless noted
otherwise.

There are many terms and definitions regarding risk and risk management, which are often
misunderstood and inconsistently used by organisations. It is important to be aware of the
appropriate language and methodology to be implemented, the reasons for their use, and
understand the value that risk management can and should bring to an organisation.

In this unit you will gain an insight into what risk and risk management are, looking at the
positive and negative impacts that risk has on organisations. You will also be introduced
to key features of risk and risk management before moving on to explore the history of risk
management. You will then further examine the importance of risk management and its
value is for different stakeholders and finally distinguish between the different risk
management standards.

11 | P a g e
 UNIT 1 | CONCEPTS AND DEFINITIONS OF RISK AND RISK MANAGEMENT

Section Learning Outcomes

Unit Content
The student can:

1.1 Introducing Enterprise Risk Management

A. Approaches to defining risk. Distinguish between risk and risk
B. Approaches to defining Enterprise Risk management using a range of
Management. different recognised approaches.

1.2 Evolution of Enterprise Risk Management

A. Key developments in the evolution of risk Explain the key developments in
management. the evolution of risk
management.
1.3 Importance of Enterprise Risk Management
for organisations
A. Organisational strategy. Evaluate the importance of
B. Governance. Enterprise Risk Management
C. Resilience. from different perspectives in
organisations.
1.4 Different approaches to Enterprise Risk
Management
A. Consistency in approach and integration Compare the approaches and
B. Risk management specialisms, such as: integrations of different risk
management specialisms.
 Finance
 Health and safety
 Project management.
 Link to different approaches to risk
management in Unit 10.

1.5 Enterprise Risk Management standards and

frameworks
A. General risk management standards and Compare different international
frameworks including: risk management standards
 ISO 31000 including ISO31000, COSO, and
 COSO (2004 and 2017). the Orange Book.
B. Alternative risk management approaches,
including:
 The Orange Book.

12 | P a g e
Unit 2 Strategic Planning for Enterprise Risk
Management
Learning hours: 30

Assessment Guidance: Multiple choice questions and written

assignment

Unit Learning Aim

After studying this unit, students will be able to:

• Determine the most appropriate risk management principles, framework, and

process for an organisation.

Unit in Brief

In this unit students will formulate an appropriate risk management approach for an
organisation by considering risk principles, frameworks, and processes.

Introduction to Unit

The principles of risk management focus on the premise that it delivers value to
organisations by applying practices designed to achieve the best possible outcome
thereby reducing volatility or uncertainty.
In this unit you will learn about strategic planning for the implementation of effective risk
management, including the framework that provides a structure for organisations to work
within. You will investigate and formulate a risk management framework for an
organisation of your choice. The RASP framework (Risk Architecture, Strategy and
Protocols). comprises of Risk Architecture, including roles and responsibilities, Risk
Strategy, including the risk management policy, and Risk Protocols, including the risk
management information system (RMIS)
You will assess the principles of risk management, from a variety of perspectives, and
finally you will learn about different risk management processes and their similarities.

13 | P a g e
Unit content
2.1 Principles and attributes of risk management
A. Principles from international standards.
including ISO, COSO and the Orange Book.
B. Attributes of risk management including:
 Proportionate, Aligned, Comprehensive,
Embedded, Dynamic (PACED).
2.2 Strategic Planning for Enterprise Risk
Management (Risk Architecture, Strategy and
Protocols: RASP) – Risk Architecture
A. Organisational/governance structure.
B. Roles and responsibilities including risk and
risk control and ownership.
C. Planning for risk management.
2.3 RASP - Strategy
A. Tone from the top.
B. Risk Management Policy.
C. Introduction to risk appetite.
2.4 RASP - Protocols
A. Procedures.
B. Tools and techniques.
C. Risk Management Information Systems
(RMIS).
2.5 Risk management processes
A. Processes for ISO, COSO, and the Orange
Book.
B. Comparison using the four simple steps of risk
management.
Section Learning Outcomes
The student can:
Evaluate the effectiveness of risk
management based on
established principles defined by
international standards.
Establish an appropriate risk
management architecture for an
organisation's operational model
and governance structure.
Establish an appropriate risk
management strategy for an
organisation.
Recommend appropriate
protocols for a successful
organisational risk management,
clearly justifying how each
contributes to its success.
Establish an appropriate risk
management process for an
organisation.
14 | P a g e
 UNIT 3 | CONTEXT, OBJECTIVES AND RISK ASSESSMENT

Unit 3 Context, Objectives, and Risk Assessment

Learning hours: 30

Assessment Guidance: Multiple choice questions and written

assignment

Unit Learning Aim

After studying this unit, students will be able to:

• Determine the most important risks of an organisation given its context and
objectives.

Unit in Brief

In this unit students will appraise the context and objectives for the organisation or activities
they are undertaking. This will enable the identification and analysis of real risks related to
the context and objectives and support the decision-making process regarding which risks
require further management.

Introduction to Unit

Understanding the context in which you are working and the objectives that you are trying
to achieve will allow you to identify and analyse uncertainties that matter (risks). This will
provide you with the information needed to decide whether any further action is needed,
or whether risks are within the organisation’s risk appetite and tolerance.

You will be using the current ISO 31000 standard as the basis of your work and will do this
for the remainder of the module. You will be referring to other standards too, especially the
COSO ERM framework and The Orange Book, published by the UK HM Treasury.

In this unit you will learn about the first step in the risk management process, regarding
establishing the internal and external context, the objectives at risk, and the purpose of risk
management relevant to your situation.

You will also look at the second step in the process, risk assessment, which comprises risk
identification, risk analysis and risk evaluation.

15 | P a g e
 UNIT 3 | CONTEXT, OBJECTIVES AND RISK ASSESSMENT

Unit Content Section Learning Outcomes

The student can:

3.1 Establishing the internal and external context

A. Internal context Assess the status of, and
 Business processes and strategy. changes to, an organisation’s
B. External context - trends and drivers. internal and external context
C. Tools and techniques for understanding the using a variety of tools and
internal and external context, including: techniques.
 The Extended Enterprise
 Political, Economic, Social, Technical,
Legal, Environment (PESTLE)
 Stakeholder mapping
 Horizon scanning.

3.2 Objectives and purpose

A. Values, mission, objectives, strategy, and Critique the framing of objectives
tactics. and their relevance to an
B. Specific, measurable, achievable, realistic organisation's purpose and
and timebound (SMART) objectives. strategy.
C. Risk criteria and Key Performance Indicators
(KPI’s).
D. Attachment of risk.

3.3 Identification of risks

A. Risk articulation. Determine relevant risks and
B. Known unknowns. objectives, in a particular
C. Risk identification techniques. context, using appropriate risk
D. Emerging risks. identification techniques.
E. Risk classification.
F. Risk networks.

3.4 Analyse and evaluate risks

A. Prioritisation techniques, including: Establish the significance of the
 Impact and likelihood. identified risks, linked to risk
 Impact and action. appetite and tolerance using a
variety of techniques
 Proximity.
 Clock speed.
B. Levels of risk rating, including:
 Inherent.
 Current and target.
C. Risk matrices and heat maps.
D. Risk evaluation.

16 | P a g e
 UNIT 4 | MANAGING, MONITORING AND REPORTING RISKS

Unit 4 Managing, Monitoring and

Reporting Risks
Learning hours: 30

Assessment Guidance: Multiple choice questions and written

assignment

Unit Learning Aim

After studying this unit, students will be able to:

• Establish an organisational environment where risks are effectively managed,

monitored and reported on.

Unit in Brief

In this unit students will evaluate the appropriate controls to take charge of and manage
the risks to an acceptable level. The monitoring and reviewing processes validate that
the controls are operating effectively and that any changes in the context, risks and risk
management process are recognised and actioned accordingly. This facilitates the risk
reporting process, enabling relevant information to be communicated effectively, and
supporting risk-based decision making.

Introduction to Unit

Ensuring real controls are designed and implemented to manage risk in an organisation’s
risk appetite and tolerance is one of the most important stages in the risk management
process. Monitoring, reviewing, and reporting on those risks and real controls provides
assurance that, considering the context the organisation is operating in and the risks that
it is facing, it can achieve its objectives. If this is not the case, decisions can be made
whether to put more effort into managing the risks, or where that is not appropriate or
possible, to change the objectives. This unit completes the risk management process,
started in Unit 2, using the current ISO 31000 standard by evaluating the stages of
managing (treating) the risks, and monitoring, reviewing, and reporting on them. The
formal ISO 31000 step of communication and consultation is embedded in all stages of
the risk management process. These stages close the risk management loop and support
risk-based decision making to ensure that objectives can be met.

17 | P a g e
 UNIT 4 | MANAGING, MONITORING AND REPORTING RISKS

Unit Content Section Learning Outcomes

The student can:

4.1 Management of risks using real controls Establish what constitutes a real
A. Real controls. control.
B. Management strategies for both threats and
opportunities.
C. Role of insurance and business continuity.

4.2 Control effectiveness

A. Control effectiveness techniques, including Assess the effectiveness of
the Swiss Cheese Model and the Hierarchy controls to determine if a risk is
of controls. managed.
B. Verification of real controls.

4.3 Monitoring risks

A. Monitoring the risks, including:
 Key risk indicators (KRIs). Monitor the risk status of an
 Key control indicators (KCIs). organisation using different
 Leading and lagging indicators. datasets and indicators.
 Different datasets.
 Risk status.

4.4 Reviewing risks and risk management

A. Reviewing risks. Distinguish between the risks,
B. Reviewing the risk management process. controls, and processes in need
 Link to assurance. of a review of an organisation.
 Link to the control environment.

4.5 Reporting on risks and risk management

A. Communication versus consultation.
B. Communication plans.
 Link to stakeholder mapping
C. Reporting feedback loops.
D. Internal and external reporting.
Establish the audience, style,
and content for internal and
external risk reporting.

4.6 Risk based decision making and action

A. Decision making styles. Establish where a decision
 Link to risk appetite and tolerance. needs to be made to ensure
 Link to risk culture. action is taken.

18 | P a g e
 UNIT 5 | RISK CULTURE AND APPETITE

Unit 5 Risk culture and appetite

Learning hours: 30

Assessment Guidance: Multiple Choice questions and written

assignment

Unit Learning Aim

After studying this unit, students will be able to:

• Determine the appropriate level of risk that an organisation can take in relation to
its risk culture.

Unit in Brief

In this unit students evaluate risk culture to assess people’s influence on the risk
management process and to determine a successful risk culture for an organisation. They
also examine risk appetite and tolerance and their relevance to the achievement of
objectives, including the requirement for and design of risk appetite statements.

Introduction to Unit

Establishing the appropriate risk culture, as part of the organisational culture, can often
mean the success or failure of the risk management process, and from the many
worldwide examples, can also mean the success or failure of the organisation itself.

Determining risk appetite, tolerance and capacity enable organisations to understand the
amount of risk they can and are willing to take to achieve their objectives. This in turn
contributes to the practical understanding of which risks are relevant and the amount of
effort that is required and should be undertaken to manage those risks.

Ensuring risks are managed to an acceptable level often requires a change in attitude,
behaviour, and risk culture within an organisation.

This unit evaluates both risk culture and risk appetite to ensure the right risks are being
assessed and managed appropriately, to create and protect value for an organisation and
to support it in achieving its objectives.

19 | P a g e
 UNIT 5 | RISK CULTURE AND APPETITE

Unit Content Section Learning Outcomes

The student can:

5.1 Risk Culture Evaluate risk culture and its

A. Risk Culture and its importance. value for organisations.
B. Different risk culture perspectives, such as
banking and construction.
C. Control of risk cultures, such as ERM vs
compliance.

5.2 People and risk culture Assess the influence of people

A. Risk predisposition. in the risk management process.
B. Risk perceptions.
C. Risk biases.

5.3 Models of risk culture Assess the appropriate risk

A. Risk culture models - Leadership,
culture for an organisation using
Involvement, Communication, Accountability,
different risk culture models.
Learning (LILAC).
B. Risk culture models:
 ABC Model
 Double S Model.

5.4 Successful risk culture Evaluate the success of the

A. Successful risk culture. risk culture of an organisation
B. Measuring risk culture, including:
 Culture Aspects model.
 Changing risk culture

Distinguish between risk

5.5 Risk appetite and tolerance
appetite, tolerance, and
A. Risk Universe.
capacity.
B. Risk Capacity.
C. Risk Tolerance.
D. Risk Appetite.

Recommend the most

5.6 Risk appetite statements
appropriate form of risk
A. Designing risk appetite statements.
appetite statement for an
B. Narrative risk appetite statements.
organisation including
C. Tangible risk appetite statements.
qualitative and quantitative
formats.

5.7 Risk appetite criteria

A. Using risk appetite to support action, Establish risk appetite
including: criteria and trigger points of
 High Impact – Low Probability (HILP) an organisation.
 Triggered Action Response Plan
(TARP).
B. Monitoring risk appetite and tolerance.

20 | P a g e
 UNIT 6 | CORPORATE GOVERNANCE AND RISK ASSURANCE

Unit 6 Corporate governance and risk assurance

Learning hours: 30

Assessment Guidance: Multiple choice questions and written

assignment

Unit Learning Aim

After studying this unit, students will be able to:

• Examine the role of risk management within corporate governance and risk
assurance.

Unit in Brief

In this unit students will analyse corporate governance, regulatory requirements and the
relevant risk management roles and responsibilities for boards and executive
management. Information that management receives regarding risks and controls being
managed and implemented effectively supports decision making and provides assurance
to the organisation and external stakeholders that an organisation is a going concern and
has a long-term viability.

Introduction to Unit

The requirements of corporate governance, in the UK and worldwide, are to provide

assurance that organisations are directed and controlled in a way that ensures success
and sustainability, not just to protect shareholder interests, but also the interests of the
other internal and external stakeholders.

The board structure and the roles and responsibilities of members also provide guidance
on a relevant risk management framework for an organisation. This in turn provides
structure for assurance on the successful implementation of risk management and internal
control.

This unit examines the role of risk management in corporate governance and risk
assurance in relation to internal controls and the control environment.

21 | P a g e
 UNIT 6 | CORPORATE GOVERNANCE AND RISK ASSURANCE

Unit Content Section learning outcomes

The student can:

6.1 Corporate governance

A. Corporate Governance Explain different corporate
B. Principle based governance. governance models.
C. Prescriptive based governance.
D. International perspectives.

6.2 Board structures

A. Board structures and approaches to risk Assess the impact of different
management, including: board structures on risk
 Unitary. management of organisations.
 Two-tier.
 Board committees

6.3 Regulatory influences

A. Influence of regulatory bodies the risk
management in organisations, including:
 Financial Reporting Council (FRC)
 Sarbanes-Oxley (SOX).
 OECD
Determine the influence of
regulatory bodies on risk
management of organisations.

6.4 Board roles and responsibilities

A. Roles and responsibilities of the board, Determine the roles and
including: responsibilities of the Board for
 Board members. risk management in
 Board as a group. organisations.
 Chief Risk Officer (CRO).

6.5 Assurance
A. Role of internal audit. Evaluate the role and purpose of
B. Assurance models, such as the IIA Three internal control and internal and
Lines of Defence model. external assurance for risk
C. External assurance, including external audit management in organisations.
D. Internal assurance, including the audit
committee
E. Internal control and the control environment
F. Criteria of Control (CoCo).

22 | P a g e
 UNIT 7 | RISK AND STRATEGY

15. Overview of Module 2 – Practice of Risk Management

This module builds on the principles and concepts learnt in Module 1 by exploring the
practical aspects of implementing effective risk management in organisations to ensure it
creates and protects value. Risk management is examined in relation to setting and
delivering on an organisation’s strategy, taking account of its value chain and core
objectives. The ability to achieve these objectives is further assessed through the scrutiny
of organisational sustainability and resilience, recognising that the world is changing at a
fast pace and risk management can help organisations be prepared, proactive and agile
enough to survive and thrive. The module then explores some of the different approaches
to risk management depending on the work being undertaken by an organisation, leading
to an examination of how risk management can be embedded effectively within
organisations, assessing the maturity of the risk management framework and process and
the competency requirements of both individuals and risk management professionals.

Module Learning Aims

Units Learning Aims

Unit 7 Risk Management and Strategy Correlate the risk management

framework with the strategic framework
of an organisation.
Unit 8 Sustainability Evaluate the role of risk management in
achieving the desired aspects of
sustainability most relevant to their
organisation..
Unit 9 Resilience Explain how risk management is a vital
tool in ensuring organisational resilience.
Unit 10 Approaches to Risk Management Explain the purpose and typical approach
to managing risk from a variety of
perspectives.
Unit 11 Embedding and Maintaining Risk Determine the appropriate approach to
Management embedding risk management in an
organisation.
Unit 12 Risk Management Competencies Establish relevant risk management
competencies of an organisation.

23 | P a g e
 UNIT 7 | RISK AND STRATEGY

Unit 7 Risk Management and Strategy

Learning hours: 30

Assessment Guidance: Essay assignment

Unit Learning Aim

After studying this unit, students will be able to:

• Correlate the risk management framework with the strategic framework of an

organisation.

Unit in Brief

In this unit students will examine the importance of an organisation’s strategy and how this
leads to the setting of objectives.

Introduction to Unit

Strategy is an important starting point for ERM. Setting and understanding organisational
objectives follow on from the strategy, and risk management focuses on the uncertainties
associated with the achievement of those organisational objectives.

Strategy is highlighted in the first step of the ISO 31000 process (scope, context, and
criteria) and in the second component of the current COSO ERM framework (strategy and
objective setting), which has been considered in Unit 3. It also forms part of the risk
management (RASP) framework covered in Unit 2.

Understanding the mission, vision and core values of an organisation and the development
of strategy and objectives is key to ensuring that relevant risks are identified, understood,
and managed within the organisation’s risk appetite.

This unit goes into further detail on strategy and objectives, introducing methods for
formulating business strategy and building on that knowledge to assess the
interconnectivity between risk and strategy processes. Finally, the role of risk in a series
of strategy models will be evaluated.

24 | P a g e

Unit content
7.1 Strategy
A. Strategy definitions.
B. How strategy is formulated
C. Where is strategy found
D. Strategy and reputation
7.2 Risk management and strategy
A. Risks arising from the strategy.
B. Risk management’s influence on strategy.
7.3 Risk management and strategy models
A. Strategy models, including:
 Designing the strategy
 Validating the strategy
 Implementing the strategy
 Risk management tools and strategy.
UNIT 7 | RISK AND STRATEGY
Section learning outcomes
The student can:
Examine an organisation’s
strategy.
Assess how risk management is
interconnected to the strategy of
an organisation.
Appraise different strategy
models used by organisations
from a risk management
perspective.
25 | P a g e
 UNIT 8 | ORGANISATIONAL SUSTAINABILITY

Unit 8 Sustainability
Learning hours: 30

Assessment Guidance: Essay assignment

Unit Learning Aim

After studying this unit, students will be able to:

• Explain how risk management is a vital tool in establishing organisational

sustainability.

Unit in Brief

In this unit, students will evaluate the role of risk management in achieving the desired
aspects of sustainability most relevant to their organisation.

Introduction to Unit

Sustainability, also recognised as being referred to as Environmental, Social and

Governance (ESG), Corporate Social Responsibility (CSR), or Licence To Operate, is a
rapidly evolving area of focus. Including climate change and the requirements to value not
just profit but also people and our planet is core to many people’s values.
Complex and full of uncertainty, sustainability not only needs to be integrated fully into
each organisation but requires a tool that is designed to help navigate these sorts of
conditions. That tool is risk management.

Risk management is cited by an increasing number of the regulations and guidelines in

place to help organisations shape and achieve sustainability targets. The use of
techniques such as materiality assessments and scenario analysis is commonplace within
risk management, however some specifics are introduced in this unit.

All risk managers require a good grasp of the opportunities and threats encapsulated by
sustainability and ESG as it will only increase in importance with time.

26 | P a g e

Unit content
8.1 Sustainability and risk management
A. What is sustainability?.
B. The role of risk management in sustainability
C. Maturity of ESG
8.2 The evolution of sustainability
A. Evolution of sustainability.
B. Sustainability Development Goals.
C. People, planet, profit (3Ps)
D. Corporate Social Responsibility (CSR)
E. Environment, Social, Governance (ESG)
8.3 Risk management enabling sustainability
A. The role of risk management.
B. Positives and negatives
C. Materiality
D. Emerging risks and sustainability
E. Tensions and 'just’ transition
F. ‘Greenwashing’, ESG ratings and
accountability
G. Sustainability and resilience
8.4 Climate change risk management
A. Task force on climate-related financial
disclosures (TCFD).
B. Strategy and risk management, including
scenario analysis
C. Metrics and targets
UNIT 8 | ORGANISATIONAL SUSTAINABILITY
Section Learning Outcomes
The student can:
Explain what sustainability risk
management is.
Explain the history and evolution
of sustainability and ESG.
Evaluate the role of risk
management in enabling
sustainability including the
balancing of opportunities and
threats, materiality, emerging
risks, the just transition,
greenwashing, ESG ratings and
resilience.
Evaluate the status of climate
change risk management in your
own organisation
27 | P a g e
 UNIT 9 | ORGANISATIONAL RESILIENCE

Unit 9 Resilience
Learning hours: 30

Assessment Guidance: Essay assignment

Unit Learning Aim

After studying this unit, students will be able to:

• Explain how risk management is a vital tool in ensuring organisational resilience.

Unit in Brief

In this unit students examine organisational resilience and how it can help organisations
manage future shocks, disruptive events, and major incidents. This unit assesses the
importance of organisational agility and how resilience can be tested to give some
assurance to stakeholders.

Introduction to Unit

As organisations emerge from the COVID-19 pandemic, in common with those that
survived after the financial crisis of 2008/9, the topic of resilience comes centre stage.

This unit begins with evaluating the concept of resilience and builds on it to examine past
and potential future disruptors. Organisational agility is appraised and how risk
management can support both agility and innovation in a dynamic world.

Risk management tools for testing for resilience are examined, and the concept of ‘Long
Term Viability,’ introduced in the UK following the financial crisis of 2008/9, as a reporting
requirement on companies to justify their resilience taking account of their principal risks.

28 | P a g e
 UNIT 9 | ORGANISATIONAL RESILIENCE

Unit content Section Learning Outcomes

The student can:

9.1 Organisational Resilience

A. Definition of resilience. Assess the role of risk
B. Evolution of organisational resilience. management in organisational
resilience.
C. Role of risk management in organisational
resilience.

9.2 Organisation disruptors

A. Past disruptors, including case studies. Assess past and potential
B. Potential disruptors. disruptors of an organisation.

9.3 Agility, risk management and strategy

A. Agility and risk management. Explain how risk management
B. Business Continuity Management (BCM) supports agility and innovation in
C. Risk management and innovation. organisations.

9.4 Tests for resilience

A. Resilience testing tools, including: Determine the most appropriate
 Scenario analysis. risk management tools that can
 Horizon scanning. used to test resilience of an
organisation.
 Stress testing.

9.5 Viability statements

A. Viability and going concern. Appraise an organisation’s
longer term viability statement.
B. Components of longer-term viability,
including integrated / combined reporting.

29 | P a g e
 UNIT 10 | APPROACHES TO RISK MANAGEMENT

Unit 10 Approaches to risk management

Learning hours: 30

Assessment Guidance: Essay assignment

Unit Learning Aim

After studying this unit, students will be able to:

• Explain the purpose and typical approach to managing risk from a variety of
perspectives.

Unit in brief

In this unit students will examine different approaches to risk management relating to
different activities, functions, and perspectives in an organisation.

Introduction to Unit

ERM is defined by COSO as: ‘The culture, capabilities, and practices, integrated with
strategy-setting and its execution, that organizations rely on to manage risk in creating,
preserving, and realizing value.’ Enterprise Risk Management integrates with and cuts
across all sources of risk management in an organisation.

This unit explores some of the different risk management approaches that can be found
in organisations, where risk management exists for different regulatory or operational
purposes. You will examine some of the common approaches relating to: Information
technology, health, safety, security, environment, and social aspects, portfolios and
programs, and projects, insurance, banking; the supply chain and legal.

30 | P a g e
 UNIT 10 | ORGANISATIONAL RESILIENCE

Unit content Section Learning Outcomes

The student can:
10.1 Banking
A. Banking and risk management. Explain the purpose and typical
B. Categorisation of risks in banking. approach to managing risk from
B. Risk capital requirements the perspective of an individual in
C. Use of internal models the banking field.
D. Conduct risks
.
10.2 Insurance
Explain the purpose and typical
A. Insurance and risk management
approach to managing risk from
B. Categorisations of risk in insurance
the perspective of an individual in
C. Risk capital requirements
the insurance field.
D. Risk calculation models used by insurers
E. Insurance types

10.3 Information Technology (IT)

Explain the purpose and typical
A. IT and risk management.
approach to managing risk from
B. Cyber security. the perspective of an individual in
C. Key standards, including: the IT field.
 ISO 27001.
 COBIT

10.4 Health and safety

A. Health and Safety risk management
B. Zero harm and as low as reasonably
practicable.
10.5 Projects, Programmes and Portfolios
A. Projects.
B. Programmes.
C. Portfolios.
D. Key standards, including:
 Association of Project Management.
 Project Management Institute.
Explain the purpose and typical
approach to managing risk from
the perspective of an individual in
the Health and Safety field.
Explain the purpose and typical
approach to managing risk from
the perspective of an individual in
the project management field.

31 | P a g e
 UNIT 10 | ORGANISATIONAL RESILIENCE

Unit content Section Learning Outcomes

10.6 Supply chain
A. Value chain, including the extended
enterprise.
B. Procurement and contractual approaches.
C. Key standards, including:
 ISO 28000.
The student can:
Explain the purpose and typical
approach to managing risk from
the perspective of an individual in
the supply chain field.

10.7 Legal
A. Legal requirements and compliance in Explain the purpose and typical
general. approach to managing risk from
B. Key standards, including: the perspective of an individual in
 ISO 31022. the legal field.

32 | P a g e
 UNIT 11 | EMBEDDING AND MAINTAINING RISK MANAGEMENT

Unit 11 Embedding and maintaining risk

management
Learning hours: 30

Assessment Guidance: Essay assignment

Unit Learning Aim

After studying this unit, students will be able to:

• Determine the appropriate approach to embedding risk management in an

organisation.

Unit in Brief

In this unit students will examine the maturity of risk management within an organisation
and the need for continuous improvement.

Introduction to Unit

Risk management processes are rarely reviewed for appropriateness and effectiveness
by many organisations. This leads to lack of engagement, disinterest, reduction in value
and sometimes the failure of risk management.

This unit assesses the maturity of risk management in organisations. You will explore
the interconnectedness of risks and integration of risk management with other
operational activities. Finally, you will examine road maps to risk management maturity
to ensure continuous improvement in increasingly changing internal and external
contexts.

33 | P a g e
 UNIT 11 | EMBEDDING AND MAINTAINING RISK MANAGEMENT

Unit content Section Learning Outcomes

The student can:
11.1 Risk management maturity
A. Measuring risk management maturity Analyse the maturity of risk
B. Gap analysis. management of an organisation.
C. Levels of sophistication.
D. Critical success factors.

11.2 Interconnectedness of risks and integration

of risk management Evaluate the links between risk
A. Network and causal analysis. management and established
B. Activity touch points, including budget, systems, processes, activities,
strategy, and systems. and functions of an organisation.

11.3 Road maps to risk management maturity

A. Quick wins. Recommend an appropriate road
B. Medium-and-long-term maturity. map to achieve desired risk
C. Role of software. management maturity for an
organisation.
11.4 Continuous improvement
A. Continuous improvement Assess the continuous
B. Management of change. improvement of risk management
. using different methodologies.

34 | P a g e
 UNIT 12 | RISK MANAGEMENT COMPETENCIES

Unit 12 Risk management competencies

Learning hours: 30

Assessment Guidance: Essay assignment

Unit Learning Aim

After studying this unit, students will be able to:

• Establish relevant risk management competencies of an organisation.

Unit in Brief

In this unit students will examine the risk management competencies required to
implement effective risk management within an organisation, recognising the value of
risk management professionals.

Introduction to Unit

Risk management is a value adding process for all organisations, provided it is

supported by competent risk management professionals, relevant to the size, nature,
and structure of each organisation.

This unit assesses the competencies of risk management professionals and those
capabilities needed by individuals in organisations. You will examine risk management
gap analysis and road maps to achieve desired competency levels. You will also explore
specific skills commonly required of risk management professionals, such as facilitation,
data analysis and influencing. Finally, you will assess the value that risk management
professionals bring to organisations.

35 | P a g e

Unit content
12.1 Risk management professional/
management competencies
A. Professional competencies, including:
 IRM Professional Standards
B. Technical and behavioural skills.
C. Gap analyses
12.2 Road maps to risk management
competency
A. Upskilling.
B. Training.
C. Coaching and mentoring.
12.3 Specific skills - facilitation
A. The role of the facilitator.
B. Running effective risk workshops.
12.4 Specific skills – data analysis
A. Analytical skills.
B. Data analysis and how it is changing.
12.5 Specific skills – influencing
A. Communication, reporting and
presentations.
B. Complacency vs crisis.
C. Informing and supporting decision-makers.
12.6 Value of the risk management professional
A. Making an impact.
B. Making a difference.
C. Engagement and commitment.
UNIT 12 | RISK MANAGEMENT COMPETENCIES
Section Learning Outcomes
The student can:
Determine the gaps in the
professional competencies and
behavioural and technical skills of
risk managers and those involved
in the risk management process
of an organisation.
Critique a competency framework
roadmap of an organisation for
optimal risk management.
Recommend an approach to
facilitating an effective risk
workshop for an organisation.
Determine the need for risk
management professionals to
analyse data effectively.
Evaluate the need for risk
management professionals to
influence decisions and actions
effectively and appropriately in
organisations.
Establish your personal value to
the organisation as a risk
management professional.
36 | P a g e
16. Assessment
Formative assessments are available to students at the end of each unit to encourage
learning. It provides generic feedback to students on their level of attainment. Students are
encouraged to engage with the formative self-assessments in the Moodle lessons and use
these tools to determine their level of attainment to move on to the next unit.

Formative assessments are where students can engage in self-assessment and feedback to
assess the progression of learning and understanding.

Part of the IRM’s Enterprise Risk Management International Certificate Module 1 summative
assessment or assessment of learning is conducted through an online third party’s software
using multiple choice questions (MCQs) which are selected from a bank of questions at
various degrees of difficulty. Questions may be standalone or used in conjunction with case
study scenarios. The other part of Module 1 as well as Module 2 are assessed by
assignment-based essay questions in order to assess the student’s ability to apply the
theory learnt in Module 1.

IRM assessments are designed to ensure that learning outcomes of modules/qualifications

are achieved. As such, learning outcomes are embedded in the marking criteria against which
judgements are made about a student’s performance. Students and examiners/assessors
have a clear understanding of these criteria, which are published in the lessons on the
VLE/Moodle and the Examiners Handbook.

Assessments are designed to promote effective learning. They provide opportunities for all
intended learning outcomes that have been defined for the module and syllabus, to be
assessed. The range and types of assessment measure students’ achievement of module
learning outcomes. Tasks are designed to assess one or more learning outcomes of modules.
There is a clear development of, and information about, progression through the modules, in
terms of both attainment and demonstration of skills and attributes.

16.1 Principles of External Summative Assessments

16.1.1 Validity of IRM summative assessments is assured by ensuring that the content,
skills, applications, and qualities which are defined throughout the qualification,
are evident in the assessment using appropriate assessment methodologies.
16.1.2 Reliability of IRM assessments is achieved by ensuring that assessments can be
used with the same results over a specified period for all students in different
geographies. Comparability of IRM assessments is understood by users in terms
of benchmarks and historic standards as applied to the assessment, with
assessment outcomes that are comparable to the standards of the qualification
and the assessment itself and between similar qualifications and assessments of
other awarding bodies every two years. The IRM also amends qualifications
when new knowledge in the risk management field necessitates, for the
qualifications to stay current and fit for purpose.

37 | P a g e
 16.1.3 Relevance of IRM assessments is achieved by evaluating both knowledge and
skills of students/candidates in the field of risk management. The design of
assessments reflects the skills that students are required to develop, as well as
measuring the students’ understanding of the learning aims and outcomes.
16.1.4 The IRM endeavours to provide sufficient balance between learning and
assessment. Minimising bias of IRM assessments which is achieved by:
• Ensuring that all students have access to assessments which are highlighted
in, The IRM Equality and Diversity Policy, which is considered when designing
the assessment.
• Ensuring that the design of assessments reflects the needs of a wide range
of students, recognising and respecting equality and diversity so that
individuals or groups are not disadvantaged.

16.2 Security of summative assessments

The summative MCQ assessments for part of Module 1 are conducted on-line either at
the third parties’ examinations centres (currently Pearson VUE test centres) or on-line,
using Pearson VUE’s remote proctoring services in both cases, security is in place to
prevent malpractice including Pearson VUE Candidate Rules Agreement, Securing
Exams against Test Fraud and Pearson Professional Examination Rules, to prevent:

• Impersonation of students – ID and passwords are required.

• Use of mobile phones.
• Use of notes (in any format).
• Use of the internet (especially with remote proctoring).
• Use of visual aids or multiple screens in the case of remote proctoring.

During the assessment students cannot print screen or take photographs. This is to
prevent ‘sharing’ of assessments and maintain the integrity of the assessments.

The assignment essay type assessments for part of Module 1 and all of Module 2 are
secured by being released only during the time period allocated for the assignment until
submission.

16.3 Structure of summative assessments

MCQ summative assessments for Module 1 are constructed from questions in a question
bank. The question bank includes questions on all areas of Module 1 syllabus hence
ensuring that the learning outcomes can be assessed.

The IRM uses several question types, in designing the MCQ questions, from simple
MCQs to reasoning and assertion style questions. Questions may be standalone or used
in conjunction with case studies scenarios.

The assignment-based essay type questions for part of Module 1 and all of Module 2 are
give students the opportunity to show their knowledge and understanding of the various
topics and be able to apply this to organisations of their choice.

38 | P a g e
16.4 Valid assessment decisions

MCQ assessments are marked on-line by the third-party’s software. A meeting is held
where a statistician from the third-party provider as well as the Principal and Chief
examiners and members of the examination and qualification development staff review
each item performance and set the pass marks for the assessment.

Assignment based essay questions for part of Module 1 and all of Module 2 are marked
by assessors through the Moodle portal.

16.5 Issuing Results and Certificates

The IRM aims to issue results within six weeks after the last examination sitting. The
results are issued via email to students. All certificates are sent by post to students within
three weeks of the notification of results.

16.6 Withholding results or certificates

Results or certificates may be withheld due to allegations of malpractice either by a

student or a centre until a resolution is found but will not withhold results of certificates
because of student financial difficulties.

16.5 Resits and resubmissions

If a student fails the MCQ examination, they can re-sit at the next available session.
Students are permitted a maximum of three attempts.

Re-sit application forms must be submitted with the appropriate fees no later than
two months before the examination.

If a student fails the essay-type assignment, they can re-submit it at the next
available submission window. Students are permitted a maximum of three
submissions.

Re-submission forms must be submitted with the appropriate fees no later than
two months before the submission deadline.

39 | P a g e
Appendix 1 Verbs used in aims and learning outcomes

Term Definition

Analyse Critically examine methodically breaking it

down, to explain and interpret it.
Appraise Assess the value or quality of something.
Assess Make an informed judgement about the
value, strengths, or weaknesses of an
argument, claim or topic by weighing all the
views on it.
Compare Identify similarities between two or more
subjects of discussion.
Correlate Find a mutual relationship or connection in
which one thing affects or depends on the
other.
Critique Provide an opinion or verdict on whether an
argument or set of research findings is
accurate.
Determine Ascertain or establish the facts.
Distinguish Identify similarities between two or more
subjects of discussion.
Establish Determining the facts.
Evaluate Provide one’s own opinion concerning the
extent to which an argument or set of
research findings is accurate.
Examine Establish the key facts and important issues
of a topic or argument by looking at them in
close detail to analyse them.
Explain Clarify a topic by providing as much detail
as possible and giving definitions for any
key terms used, showing clear
understanding in a logical coherent
response.
Justify Explain the basis of an argument by
presenting evidence that informed the view
explaining why other arguments are
unsatisfactory.
Monitor To keep track of or check for a special
purpose.
Recommend Put forward something/an idea as suitable
for a particular purpose or role.

40 | P a g e
Appendix 2 Glossary of terms used

Abbreviation Meaning

Cert Certificate
COBIT Control Objectives for Information Technology
CoCo Criteria of Control
COO Chief Operating Officer
CRO Chief Risk Officer
CSR Corporate Social Responsibility
ERM Enterprise Risk Management
ESG Environmental, Social and Governance
FRC Financial Reporting Council
HILP High Impact – Low Probability
HM Her Majesty’s
ICAAP Internal Capital Adequacy Assessment Process
IOSH Institute of Occupational Safety and Health
IRM Institute of Risk Management
IRMCert Institute of Risk Management Certificate
ISO International Standards Organisation
KCI’s Key Control Indicators
KPI’s Key Performance Indicators
KRI’s Key Risk Indicators
LILAC Leadership, Involvement, communication, Accountability and Learning
NEBOSH National Examination Board in Occupational Safety and Health
ORSA Own Risk and Solvency Assessment
PESTLE Political, Economic, Social, Technology, Legal, Environment
RASP Risk Architecture, Strategy and Protocols
RIDDOR Reporting of Injuries, Diseases and Dangerous Occurrences
Regulations
RMIS Risk Management Information Systems
SMART Specific, Measurable, Achievable, Realistic, Timebound
SOX Sarbanes-Oxley
TARP Triggered Response Plan
TCFC Task Force on Climate-related Financial Disclosures
UK United Kingdom
VLE Virtual Learning Environment
VMOST Vision, mission, objectives, strategy, and tactics

41 | P a g e
Build your
career as a risk
professional

Training with the IRM

With training courses covering a wide range of
enterprise risk management topics, our courses are
delivered by industry experts so you can immediately
apply the latest in best practice techniques. As well as
being practical and interactive, the courses allow you
to log CPD hours and some offer accreditation.

www.theirm.org | Tel: +44 (0)20 7709 9808 | Email: [email protected]