Add to collection(s) Add to saved
  1. No category
Uploaded by KIRAN RADHAKRISHNAN

2023-2-13 RIMS-CRMP Participant Notebook RIMS FINAL

advertisement 
pg. 1
RIMS-CRMP Participant Notebook
END USER LICENSE AGREEMENT
YOU SHOULD CAREFULLY READ THE FOLLOWING TERMS AND CONDITIONS
BEFORE USING THESE MATERIALS (AS THAT TERMS IS DEFINED BELOW). IF
YOU DOWNLOAD, ACCESS AND/OR USE ANY OF THESE MATERIALS, YOU ARE
AGREEING AND CONSENTING TO BE BOUND BY AND ARE BECOMING A PARTY
TO THIS END USER LICENSE AGREEMENT (“AGREEMENT”).
The Materials provided to you are NOT for sale and are not being sold to you. You may
NOT transfer these materials to any other person or permit any other person to use these
Materials. You may only acquire a license to use these Materials and only upon the terms
and conditions set forth in this Agreement. Read this Agreement carefully before using
these Materials. Do not use these Materials unless you agree with all terms of this
Agreement.
License Grant. Upon your acceptance of the terms of this Agreement in the manner set
forth above, the Risk and Insurance Management Society, Inc (“Licensor” or “RIMS”)
hereby grants to you a non-exclusive, revocable, non-transferable, non-sublicensable, limited
license to use the Materials solely for your participation in the related Course and/or for your
studies related to the subject matter covered by the relevant examination (if applicable). If
applicable, you may download the Materials onto a single device; you may download the
Materials onto a second device so long as the first device and second device are not used
simultaneously.
You are not permitted to lease, rent, distribute or sublicense the Materials or any rights
therein. You agree that you have no right, power or authority to make any modifications to or
unauthorized copies of the Materials. You agree not to transfer or assign the Materials and/or
this Agreement to another party without the prior written consent of Licensor. If such consent
is given and you transfer or assign the Materials and/or this Agreement, then you must at the
same time either transfer any copies of the Materials to the same party or destroy or return to
Licensor any such Materials not transferred. Except as set forth above, you may not transfer
or assign the Materials or rights under this Agreement. You agree not to modify, translate,
reverse engineer, decompile, disassemble, or create derivative works of the Material or assist
someone in performing such prohibited acts.
Materials. As used in this Agreement, the term “Materials” means and includes any
materials provided to you by RIMS, and/or to which you are granted access by RIMS
(directly or indirectly) in connection with your license of the Materials and/or the Course,
and shall include notes taken by you (by hand, electronically, digitally, or otherwise) while
using the Materials; any and all electronically-stored/accessed/delivered, and/or digitallystored/accessed/delivered materials included under this License via download to a computer
or via access to a web application, and/or otherwise provided to you and/or to which you are
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
1
RIMS-CRMP Participant Notebook
otherwise granted access by RIMS (directly or indirectly), including, but not limited to,
applications downloadable from a third party in connection with your license of the
Materials.
Title. You agree that Licensor owns and holds title to the Materials and all subsequent
copies thereof regardless of the form or media. Furthermore, title, ownership rights, and
intellectual property rights in the Materials shall remain with Licensor. The Materials are
protected by copyright and other intellectual property laws and by international treaties.
Term and Termination. This license granted under this Agreement begins on the date
you receive the Materials and ends 24 months after that date. You may terminate this license
at any time by destroying the Materials and any related documentation together with all
copies and merged portions in any form. Your license for the Materials will also terminate
immediately if you fail to comply with any term or condition of this Agreement. Upon such
termination, you agree to destroy the Materials and related documentation, together with all
copies thereof. You agree that you will not be entitled to a refund of any applicable license
fee upon early termination of this Agreement.
Governing Law. The laws of the State of New York shall govern the construction of this
Agreement and you agree to be subject to personal jurisdiction in the State of New York for
the purposes of enforcing the provisions of this Agreement.
No Warranties. LICENSOR MAKES NO WARRANTIES, EXPRESS OR IMPLIED,
INCLUDING, BUT NOT LIMITED TO, IMPLIED WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NONINFRINGEMENT OF THIRD PARTIES' RIGHTS. THE MATERIALS ARE PROVIDED
TO YOU ON AN "AS IS" BASIS. TO THE FULL EXTENT PERMITTED BY LAW, THE
DURATION OF STATUTORILY REQUIRED WARRANTIES, IF ANY, SHALL BE
LIMITED TO THE ABOVE LIMITED WARRANTY PERIOD. MOREOVER, IN NO
EVENT WILL WARRANTIES PROVIDED BY LAW, IF ANY, APPLY UNLESS THEY
ARE REQUIRED TO APPLY BY STATUTE NOTWITHSTANDING THEIR
EXCLUSION BY CONTRACT. NO DEALER, AGENT, OR EMPLOYEE OF LICENSOR
IS AUTHORIZED TO MAKE ANY MODIFICATIONS, EXTENSIONS, OR ADDITIONS
TO THIS LIMITED WARRANTY. THE ENTIRE RISK ARISING OUT OF USE OR
PERFORMANCE OF THE SOFTWARE REMAINS WITH YOU.
Limitation of Remedies. UNDER NO CIRCUMSTANCES AND UNDER NO
LEGAL THEORY SHALL LICENSOR OR ITS SUPPLIERS OR RESELLERS, BE
LIABLE TO YOU OR ANY OTHER PERSON FOR ANY INDIRECT, SPECIAL,
INCIDENTAL, OR CONSEQUENTIAL DAMAGES OF ANY CHARACTER
INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF GOODWILL, LOST
PROFITS, BUSINESS INTERRUPTIONS, WORK STOPPAGE, COMPUTER FAILURE
OR MALFUNCTION, OR ANY AND ALL OTHER PERSONAL OR COMMERCIAL
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
2
RIMS-CRMP Participant Notebook
DAMAGES OR LOSSES ARISING FROM THE USE OR INABILITY TO USE THE
MATERIALS (WHETHER OR NOT DUE TO ANY DEFECTS THEREIN). IN NO
EVENT WILL LICENSOR BE LIABLE FOR ANY DAMAGES EVEN IF LICENSOR
SHALL HAVE BEEN INFORMED OF THE POSSIBILITY OF SUCH DAMAGES OR
SUCH DAMAGES WERE REASONABLY FORSEEABLE, OR FOR ANY CLAIM BY
ANY OTHER PARTY. IN NO EVENT SHALL LICENSOR'S LIABILITY EXCEED THE
PURCHASE PRICE PAID BY YOU FOR THE COURSE FOR WHICH THE
MATERIALS ARE PROVIDED.
Indemnification. You agree to defend, indemnify and hold harmless Licensor, its
suppliers and its resellers from and against liabilities, costs, damages and expenses (including
settlement costs and reasonable attorneys' fees) arising from any claims from anybody that
result from or relate to your use, reproduction or distribution of the Materials.
Severability. In the event any provision of this Agreement is found to be invalid, illegal
or unenforceable, the validity, legality and enforceability of any of the remaining provisions
shall not in any way be affected or impaired.
Entire Agreement. You further agree that this Agreement is the complete and
exclusive statement of the agreement between you and Licensor which supersedes all
proposals or prior agreements, oral or written, and all other communications between you
and Licensor relating to the subject matter of this agreement. This Agreement may only be
modified by a written agreement signed by both you and an authorized representative of
Licensor.
Acknowledgement. By downloading, installing or using any part of the Materials, you
indicate that you have read this Agreement, understand it, and agree to be bound by its terms
and conditions.
Force Majeure. Licensor shall not be liable hereunder for any failure or delay in the
performance of its obligations under this Agreement if such failure or delay is on account of
causes beyond its control, including labor disputes, civil commotion, war, fires, floods,
communicable disease, inclement weather, governmental regulations or controls, casualty,
government authority, strikes, or acts of God, in which event Licensor shall be excused from
its obligations for the period of the delay and for a reasonable time thereafter.
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
3
RIMS-CRMP Participant Notebook
Table of Contents
Introduction ............................................................................................................................................ 5-21
Domain 1: Analyzing the Organizational Model .................................................................................... 22-47
Domain 2: Designing Organizational Risk Strategies ........................................................................... 48-92
Domain 3: Implementing Risk Process ............................................................................................... 93-122
Domain 4: Developing Organizational Risk Competency ................................................................. 123-148
Domain 5: Supporting Decision Making ............................................................................................ 149-178
Exam Preparation .............................................................................................................................. 179-211
Appendix
Self-Assessment
Domain with Detail……………………………………………………………………………..……………….……2
Summary…………………………………………………………………………….……………..…………………3
Case Studies
Abstracts…………………………………………………………………………………………..………………….4
Timberwolf……………………………………………………………………………………….….………………. 5
Liberty City…………………………………………………………………………………….……….……………13
Crestworth Financial…………………………………...……………………………………….…....…………….17
ERM Planning Template …………...…………...……………………………………………………………….21
ERM Self-assessment checklist ………………….….………………………………………………………...32
Practice Questions
Questions …………………………………….………………………………………..…………….……………. 36
Key ………………………………………….………………………….…………………..……………................40
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
4
RIMS-CRMP Participant Notebook
With the 2017 accreditation of the RIMS-CRMP by
the American National Standards Institute (ANSI)
under the rigorous ISO/IEC 17024:2012 certification
of individuals requirements:
• RIMS is the only risk management certification to
currently have earned such status;
• RIMS-CRMP conforms to ISO international standard
requirements;
• RIMS is one of the youngest programs to earn ANSI
accreditation in any industry;
• An independent third-party has evaluated and approved the
RIMS-CRMP certification program, its processes and
procedures;
• RIMS commitment to continuous quality reviews and
improvements is validated.
2
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
ANSI Accreditation
RIMS-CRMP holds official accreditation from the American National Standards Institute (ANSI)
under ISO/IEC 17024:2012, which makes it the only risk management certification in the world
to hold ANSI accredited status.
The ANSI Accreditation of RIMS-CRMP signifies that the Institute recognizes the competence of
RIMS to carry out certification activities in accordance with requirements defined in International
Standards and confirms approval by government and peer review assessments.
With the accreditation of the RIMS-CRMP under ISO/IEC 17024:2012:
▪ RIMS is the only risk management certification to currently have earned such status.
▪ RIMS-CRMP conforms to international standards.
▪ RIMS is one of the youngest programs to earn accreditation in any industry.
▪ An independent third-party has evaluated and approved the certification program, its
processes and procedures.
▪ RIMS commitment to continuous quality reviews and improvements is solidified.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
5
RIMS-CRMP Participant Notebook
Workshop Outline
Introductions, Objectives, and Expectations
Domain 1: Analyzing the Organizational Model
Domain 2: Designing Organizational Risk Strategies
Domain 3: Implementing Risk Process
Domain 4: Developing Organizational Risk Competency
Domain 5: Supporting Decision Making
Exam Preparation
Recap
3
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
6
RIMS-CRMP Participant Notebook
INTRODUCTION
4
Instructor Intro
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
7
RIMS-CRMP Participant Notebook
INTRODUCTION
Participant Guide
Your participant guide contains all the slides used throughout
the course, as well as individual and group exercise
instructions. You will need it to participate in the course.
Directions for virtual seminars
Ø Go to https://rims.csod.com/login
Ø If signing in for the first time, log in with your email address and default password: Pa$$w4rd!
Ø Go to Your Upcoming Sessions on your home page, click on RIMS-CRMP Prep with the
correct dates
Ø A Sessions Details side bar will pop up, click on Show More
Ø Select the document "Click to download_RIMS-CRMP participant guide" listed
under Resource(s)
Ø Enter password RIMS@2022 to print or make comments on the pdf.
5
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
8
RIMS-CRMP Participant Notebook
INTRODUCTION
RIMS Membership
Join today at
www.rims.org/membership
6
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
9
RIMS-CRMP Participant Notebook
INTRODUCTION
RIMS Workshops
Courses
q Provide risk professionals of all levels
with the skills and knowledge they
need to be successful in an everchanging workplace.
q Range from 4 hours to two days
q Are led by experienced risk
professionals
q To view more or register for a course
go to www.rims.org/education, or
q Contact PD@RIMS.org with any
questions
7
Content Areas
q Applying and Integrating ERM
q (NEW) Captives as an Alternate Risk Financing
Technique
q Claims Management
q Contractual Risk Transfer
q Contractual Risk Transfer (for Canada)
q Fundamentals of Insurance
q Fundamentals of Risk Management
q (NEW) Leveraging Data and Analytics for Continuous
Risk Management
q Managing Cognitive Bias Risk– Recognition & Avoidance
Essentials
q (NEW) Managing Data for ERM
q (NEW) Managing Risk with Artificial Intelligence
q Managing Worker Compensation, Employer’s Liability
and Employment Practices in the US
q Risk Appetite Management
q RIMS-CRMP Prep
q RIMS-CRMP-FED Prep
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
10
RIMS-CRMP Participant Notebook
INTRODUCTION
Housekeeping
Virtual
ü Make sure you have your
participant notebook available.
Virtual and In-Person
ü Start and stop times
ü Breaks
ü Use web cams as much as
possible.
ü Minimize background noise by
muting your audio when not
speaking.
ü Use the chat -or unmute yourselfto ask a question.
ü The best viewing is on a computer.
8
ü Participate: save phone calls and
email checks for breaks.
ü Put your phone on "Do Not
Disturb" to refrain from distractions
during class.
ü Note sheets
§ Vocabulary and acronyms
§ References
§ Epiphanies
§ Parking lot
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
11
RIMS-CRMP Participant Notebook
INTRODUCTION
Workshop Learning Objectives
By the end of this workshop you will be able to:
ü
ü
ü
ü
ü
9
Become a better risk professional
Understand the five competency domains of RIMS-CRMP
Apply the five competency domains of RIMS-CRMP
Understand the components of the RIMS-CRMP certification
Start an action plan to obtain the certification
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
The learning objectives are the RIMS-CRMP core competencies. The RIMS-CRMP certification
exam is based on answering questions on a broad understanding of risk management
principles, process, and framework that are not specific to a particular standard or framework.
The RIMS-CRMP achievement demonstrates risk management professional skills and
expertise.
Our objectives are to prepare you for the exam and enhance your skills as a risk professional.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
12
RIMS-CRMP Participant Notebook
INTRODUCTION
Workshop Outline
Core Competencies of the RIMS-CRMP Certification
INTRODUCTION
ANALYZE
DESIGN
IMPLEMENT
DEVELOP
SUPPORT
EXAM PREP
ADVISE ON RISK AND RESILIENCE
The top left-hand corner will remind you where we are
throughout the seminar.
10
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
The domains are:
▪
▪
▪
▪
ANALYZE the business model so that you can,
DESIGN the organization risk strategies so that you can,
IMPLEMENT risk processes so that you can,
DEVELOP organizational risk competency throughout the organization so you can, o
SUPPORT decision making holistically in the organization.
The decision-making domain provides a feedback loop into the other domains to support
continuous improvement. The domains do not represent a standard nor a risk management
framework. Their primary purpose is to communicate the core competencies associated with
effective risk management.
This graphical representation will appear throughout the presentation to remind us of where we
are in the process.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
13
RIMS-CRMP Participant Notebook
INTRODUCTION
Workshop Outline
Organization of Content
q Each domain is described by various tasks and duties
q Each task or duty is broken down into
§ Specialized knowledge
§ Skills
§ Examples
§ Application, and
§ Self-assessment
o Detailed instructions appear before each self-assessment
11
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
Each domain is organized around systematic identification of certain tasks and duties developed
within the five sections.
▪ First, a brief description of specialized knowledge relevant to the task or duty is
discussed.
▪ Second, we highlight certain unique skills that support the task or duty.
▪ Third, we look at practical examples of the task or duty.
We conclude each domain with a self-assessment to help you budget time and resources for
taking the examination.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
14
RIMS-CRMP Participant Notebook
INTRODUCTION
Definitions
Level Setting
q
q
q
q
q
12
What is a certification?
What is risk?
What is risk management?
Who is a risk professional?
What is the RIMS-CRMP curriculum?
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
Before covering the domains, we will focus on five definitions that are critical to the content and
the RIMS-CRMP.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
15
RIMS-CRMP Participant Notebook
INTRODUCTION
Definitions
Designation: A name, description, or title, typically one that is officially bestowed upon an individual or
individuals.
Certification: Professional certification, trade certification, or professional designation, often called simply
certification or qualification, is a designation earned by a person to assure qualification to perform a job or
task.
Certification is a third-party attestation related to - in the case of professional certification - persons who are
qualified and recognized as competent in the field of study, have a specific level of experience, are committed to
continuing education and adhere to a code of professional conduct.
Professional certification usually requires
• Demonstrated body of knowledge, generally by passing exam(s).
• A specific level of experience (practicum) for eligibility.
• Continuing education.
• Adherence to a code of conduct.
13
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
There are important distinctions between certifications and designations. A certification like the
RIMS-CRMP may be more difficult to obtain and maintain, but the value that it creates for the
certificate holder is greater than the value that comes from a designation.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
16
RIMS-CRMP Participant Notebook
INTRODUCTION
Definitions
Risk
q The effect of uncertainty on objectives (ISO 31000 guide 73).
Risk Management
q means the process and discipline of assessing risk in order to make more informed decisions
and to implement measures for balancing an organization’s desired levels of risk and reward.
Based on an organization’s particular mission and objectives, such risk may include strategic,
operational, financial, hazard, or other specific risks and sub-risks (RIMS bylaws).
Enterprise Risk Management
q is a strategic business discipline that supports the achievement of an organization’s objectives
by addressing the full spectrum of its risks and managing the combined impact of those risks
as an interrelated risk portfolio (RIMS).
14
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
17
RIMS-CRMP Participant Notebook
INTRODUCTION
Risk Management Evolution
15
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
18
RIMS-CRMP Participant Notebook
INTRODUCTION
The Role of a Risk Management Professional
A risk management professional is
a partner who supports the
organization to leverage the
opportunities and uncertainties
associated with its goals and
objectives.
Risks related
to goals and
objectives
- From RIMS-CRMP Handbook
Risk management professionals
[across multiple specialties] lead
the development and
implementation of risk
management practices that enable
an organization to make riskeffective decisions that create and
sustain value.
- From RIMS-CRMP Handbook
16
Source: RIMS Strategic Risk Management Implementation Guide 2012. All rights reserved.
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
19
RIMS-CRMP Participant Notebook
The RIMS-CRMP is based on a job task analysis completed by dozens of experienced risk
management experts, and psychometrically validated across a broad contingent of RIMS
members. The duties and tasks fall into five domains.
Consider printing or capturing the core competency model to use as a reference document for
the remainder of the course. It not only serves as a reminder of the five duties and several
tasks but also shows what the chances are that an exam question comes from a particular
domain. The averages will help perform gap analysis when done with self-assessments.
The pie chart shows the percentages in graphical format and shows that while the main
emphasis is on implementing risk process, there are important domains that have been added.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
20
RIMS-CRMP Participant Notebook
INTRODUCTION
RIMS-CRMP Core Competency Model
Key Skills Percentages - RIMS CRMP
ev aluation
negotiation
collaboration
research
change management
adaptability
marketing
consensus building
facilitation
assessment
critical thinking
management
leadershi p
communication
analysis
0%
18
5%
10%
15%
20%
25%
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
The exam does not have questions about knowledge and skills. The purpose of this histogram
is to remind us that although we discuss technical process and risk management specifics,
execution is often based on so-called soft-skills instead of hard-skills. Therefore, as we explore
ways to become better risk professionals, we should explore how to improve skills like
communication, persuasion, and facilitation as much as technical skills.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
21
RIMS-CRMP Participant Notebook
Workshop Outline
þ Introductions, Objectives, and Expectations
Domain 1: Analyzing the Organizational Model
Domain 2: Designing Organizational Risk Strategies
Domain 3: Implementing Risk Process
Domain 4: Developing Organizational Risk Competency
Domain 5: Supporting Decision Making
Exam Preparation
Recap
19
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
We will revisit this slide at the transition between each major section of the workshop. It will
offer an opportunity to consistently check for comprehension and ask for additional clarification.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
22
RIMS-CRMP Participant Notebook
ANALYZE
Analyzing the Organizational Model
Domain 1
q
q
q
q
Obtain internal organization Information
Obtain external organization information
Conduct internal analyses on the organization
Assess organizational resilience
ANALYZE
DESIGN
IMPLEMENT
DEVELOP
SUPPORT
ADVISE ON RISK AND RESILIENCE
20
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
The first domain in the RIMS-CRMP certification addresses analysis of the organizational
model. By focusing on an organization’s value proposition, structure, and process, we set the
stage for how risk management helps achieve organizational objectives. Risk management
contributions will come in the form of minimizing downside risk, maximizing upside gains, and
maximizing resilience.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
23
RIMS-CRMP Participant Notebook
ANALYZE
Obtain Organization Information
Describe internal and external sources of information that help explain the purpose of the
organization and the environment within which it operates.
Obtain Organization Information
Internal
External
Business acumen
Knowledge
Ability to understand organizational structure
Market analysis
key drivers
Interpretation of technical documents
Communication and lateral thinking
Skills
Research
Interviewing and relationship development
Planning and analysis
21
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
There will not be exam questions about knowledge and skills. The reason we highlight them at
the beginning of each task is to remind ourselves of the importance of how to execute technical
process.
The core competency model on slide 9 shows a distinct category for obtaining internal and
external organizational information. However, because the knowledge and skills are
substantially similar except for one item in the internal information category and two in the
external category, they are combined in this table.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
24
RIMS-CRMP Participant Notebook
ANALYZE
Obtain Organization Information
Task
Internal
Document identification Explains the organization
Collect and analyze documents Vision, mission, values
Explains the environment of the
organization
PESTLE
Stakeholder identification Internal
External
Meeting with stakeholders Internal
External
Visits Site
Benchmarking
22
External
Third party
Obtain information
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
Sometimes the acronym PESTLE is rearranged as STEEPL. Each letter refers to political,
economic, social, technological, legal and environmental factors associated with environmental
scanning and data collection related to the organizational model.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
25
RIMS-CRMP Participant Notebook
ANALYZE
Obtain Organization Information
Stakeholder Analysis
Dr. James Kallman, Kallman Consulting Services, 2008
23
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
26
RIMS-CRMP Participant Notebook
ANALYZE
External Environment
Internal Environment
•
•
•
•
•
•
•
•
•
•
•
•
Cultural/Social
Political/Legal/Regulatory
Financial
Technological
Economic/Competitive
Natural
External
24
Governance
Policies, objectives, strategies
Capabilities/Resources
Processes
Information systems
Organizational culture
STAKEHOLDERS
O PE RATI O NAL
STRATE G I C
Obtain Organization Information
Internal
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
Environmental scanning techniques assist in understanding organizational purpose by analyzing
connections between internal stakeholders who drive operations and external stakeholders who
influence the strategic direction of the organization. Gathering data from various sources that
are important to the success of the organization’s strategy planning and performance improves
the risk professional’s understanding of the environment in which the organization operates.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
27
RIMS-CRMP Participant Notebook
ANALYZE
Conduct Internal Analyses on the Organization
Describe methods to analyze operations of an organization in order to validate and
compare operations to culture and strategy.
q Knowledge
§ Risk acumen
§ Strategy fluency and analysis
§ Organizational behavior
§ Value chain
q Skills
§ Communication
§ Active listening
§ Interviewing skills
§ Analysis and statistics
§ Due diligence
25
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
28
RIMS-CRMP Participant Notebook
ANALYZE
Conduct Internal Analyses on the Organization
Conduct
benchmarking
Describe value
chain
Conduct
analysis
Consolidate
information
26
Compare
organizational
model with
strategy
Analyze
organization's
attitude towards
uncertainties
Validate
information and
behavior
against
organizational
culture
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
These are the seven skills associated with the task of conducting internal analysis of
organizational information. We will go over each in the slides that follow. Engaging in the
preliminary work of analysis of organizational information lays a strong foundation for the
remaining duties.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
29
RIMS-CRMP Participant Notebook
rganizational information
related to risk can be
1
2
Categorized
6
ure or speculative
Simple or comple
1
5
11
13
7
12
4
27
2 22
isk and nsurance
anagement Society nc . All rights reserved. Confidential and roprietary . Do not disclose without
written permission from
3
S eneral Counsel.
Quadrants converted to overlapping circles show 13 combinations:
1 – Hazard risks
2 – Operational risks
3 – Strategic opportunities
4 – Financial opportunities
5 – Financial opportunities with corresponding hazard risks
6 – Risks that are both hazard and operational
7 – Strategic opportunities with operational risks
8 – Strategic and financial opportunities
9 - Strategic and financial opportunities with hazard risks
10 – Financial opportunities with hazard and operational risks
11 – Strategic initiatives with hazard and operational risks
12 - Strategic and financial opportunities with operational risks
13 – Strategic and financial opportunities with hazard and operational risks
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
30
RIMS-CRMP Participant Notebook
ANALYZE
Validate Information Against Culture
+
+
Beliefs
Values
Behavior
Goals
-
28
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
Validating information against culture is an internal due diligence process. In this stage, the risk
professional utilizes active listening, interviewing, and communication skills to validate the
business model. Information and behavior are compared to organizational culture, and
alignment or disconnects are documented.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
31
RIMS-CRMP Participant Notebook
ANALYZE
Validate Information Against Culture
Management Wants
Management Rewards
Long-term growth
Teamwork
High Quality
Creativity
Sharing bad news early
Source: On The Folly of Rewarding A, While Hoping for B. Kerr, Steven. The Academy of Management Executive; Feb 1995; 9, 1.
29
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
At times, disconnects between beliefs, values and behavior occur. Identifying these disconnects
requires courage and persistence, because it requires you to call attention to uncomfortable
disconnects between formally stated values and actual behavior in the organization.
Steven Kerr brought attention to the challenges of these types of dissonance in 1995. In an
article, he identified five common situations where management says it desires a certain
outcome but has a reward structure in place that contradicts the stated desire.
The research completed by Kerr and reported in his article “ n the folly of rewarding A while
hoping for B” highlights situational disconnects between beliefs, values, and norms and reward
systems that do not deliver intended goals. Four common factors lead to disconnects between
behavior and goals:
1. Objective criteria are likely to cause goal displacement when applied to areas that are
not highly predictable.
2. Rewarding highly visible behaviors such as scoring baskets and hitting home runs
and not rewarding behaviors that are hard to observe such as teamwork and creativity.
3. Hypocrisy by actually desiring the rewarded behavior while claiming that the opposite
behavior was desired.
4. Emphasis on “a higher purpose” at the e pense of efficiency.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
32
RIMS-CRMP Participant Notebook
ANALYZE
Conduct Internal Analysis on the Organization
Conducting analysis and comparing the organizational model with strategy helps identify
attitudes toward uncertainty.
Goals
Create sustainable
value and profit by
growing revenue
Achieve market
leadership
Establish organization
as the premier provider
of its products,
services, and
technologies
30
Objectives
§ Revenue growth >=
10% annually
§ Alter U.S./Rest of the
World sales ratio from
95:5 to 85:15
§ Add to professional and
consulting service
capabilities
§ Create or acquire
leading edge
technologies
§ EPS growth >= 15%
annually
§ > $150 million free cash
flow
How will risk management
strategies help reduce
uncertainty and increase the
odds of success?
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
Uncertainty identification deals with risk management strategies for mitigating pure risk as much
as it deals with strategies to exploit opportunities for possible gain. Regardless of desired
outcomes, developing risk management strategies is meant to help reduce the inherent
uncertainty for decision-making and increase the odds of success. This hypothetical example
illustrates the level of increasing specificity that is required to bridge the gap from high-level
organizational goals to more specific objectives. Once objectives are operationalized, it is easier
to answer the question “Which risk management strategies will specifically support the
achievement of organizational objectives?”
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
33
RIMS-CRMP Participant Notebook
ANALYZE
Value Chain Analysis
Value chain analysis is a strategy tool
used to analyze internal firm activities. Its goal is
to recognize which activities are the most
valuable (i.e. are the source of cost or
differentiation advantage) to the firm and which
ones could be improved to provide competitive
advantage. – Strategic Management Insight
Source:: https://www.strategicmanagementinsight.com/tools/value-chainanalysis.html. Used by permission.
31
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
Value chains will be different depending on an organization’s approach to its competition. n
organizations that market themselves as a “low cost” provider the focus is more on cost
reduction compared to their competition. An organization that focuses on a differentiation
strategy will focus more on what customer’s value compared to their competition. Understanding
value chains sets the stage for identifying uncertainties the organization faces to achieve its
objectives.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
34
RIMS-CRMP Participant Notebook
ANALYZE
Conduct Benchmarking
Collect information
• Industry and trade publications
• Stock analyst reports
• Independent research
Analyze and compare information
• Gaps
• Strengths and weaknesses
• Differentiators
• Risks
Rate organization against peers
• Identify potential areas where
risk management could make a
difference.
32
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
Benchmarking compares an organization to itself and its milestones. When performed against
external competitors or industry standards, benchmarking identifies strengths and weaknesses
of the organization, as well as areas where risk management can play a role in maximizing
strengths and minimizing weaknesses.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
35
RIMS-CRMP Participant Notebook
ANALYZE
Benchmarking
q Benefits
§ Establish milestones
§ Consistent
communication
§ Streamline process
§ Measure value
§ Create vision
§ Resolve inefficiencies
§ Increase value
RIMS RMM Competency Drivers
5 Maturity Levels
5 Attributes
Alignment with strategy
Culture and Accountability
Risk Management Capabilities
Risk Governance
Analytics
None
Exists on paper
Exists in repeatable
processes and
decision making is
informed by risk data.
Exists in repeatable
processes and
decision making is
influenced by risk
analytics.
Exists in continuous
improving cycle.
Degree that decisions integrate risk of the strategy itself, those resulting from the strategy, and threats to the strategy.
Extent to which leaders understand the connection and act on potential consequences of identified risks with the
strategy of the organization.
Degree that risk considerations are pervasive from the governing body to the front-line personnel, risk owners understand
and take action commensurate with their responsibility and risk competencies are evident throughout the organization.
Extent that its enterprise risk management discipline reflects the organization's stated cultural and ethical
values/principles.
Degree of organizational and individual learning and development with respect to managing risk; alignment, integration
and engagement with organization and stakeholders.
Degree that the enterprise risk management discipline influences and interacts within an organizational risk ecosystem.
Organization's ability to apply its governance and risk management principles for accountability in managing risk in
creating and protecting value including assessment, execution and process improvement.
Degree to which an organization uses technology and analytics to establish, collaborate, gain insight, and maintain
connections with stakeholders. Extent to which organization uses varied and innovative techniques to report insights,
monitor actions and escalate to the appropriate level of management.
Source: About the RIMS Risk Maturity Model (RMM). 2022.
33
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
There are different approaches to benchmarking an organization to peers. A capability maturity
model such as the RIMS Risk Maturity Model shown here is one approach. Maturity models are
customizable to focus on the intended purpose and expected benefits of benchmarking that are
most relevant to the organization.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
36
RIMS-CRMP Participant Notebook
ANALYZE
Assess Organizational Resilience
Understand the relationship between organizational resilience and risk
management in order to align risk and organizational strategy.
q Knowledge
§ Organizational behavior
§ Organizational resilience
§ Strategy fluency and analysis
§ Risk analysis
q Skills
§ Investigation
§ Persuasion
§ Strategic thinking
§ Inductive reasoning
§ Analysis
§ Interviewing and listening
§ Communication
§ Due Diligence
§ Quantitative analysis
34
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
37
RIMS-CRMP Participant Notebook
ANALYZE
Assess Organizational Resilience
Gap analysis
35
SWOT
Assumptions
Bias
Insight
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
These are the five steps within the task of assessing organizational resilience. Note that the
picture for bias offers you an opportunity to practice how different perspectives influence
perception of reality. In this case the illusion is a saxophone player with a long nose versus the
face of a pretty woman.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
38
RIMS-CRMP Participant Notebook
ANALYZE
Assess Organizational Resilience
Organizational resilience is
q “the ability of an organization to absorb and adapt in a changing environment to enable it to deliver its
objectives and to survive and prosper.”1
q “ . . .both a function of planning for and preparing for future crisis (planned resilience), and adapting to chronic
stresses and acute shocks (adaptive resilience).”2
Benefits of integrating a resilience perspective into an enterprise risk management framework
q Anticipate and address vulnerabilities
q Improve the coherence and performance of interconnected functions in an organization
q Support strategic goals and objectives
1.
2.
36
ISO 22316, 2018
Barasa, Mbau, Gilson, 2018, What Is Resilience and How Can It Be Nurtured? A Systematic Review of Empirical Literature on Organizational Resilience.
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
Our definition and approach to resilience is not just about planned resilience which focuses
traditional hazard-based risks and threats, but also adaptive resilience which focuses on both
emerging hazard-based risks and threats and emerging macro-level forces that could
significantly impact the ability of the organization to be a going concern. We take the idea of
resilience further to focus on the idea of consistent environmental scanning that supports
strategic decision making in an effort to remain competitive or become more competitive.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
39
RIMS-CRMP Participant Notebook
ANALYZE
Assess Organizational Resilience
SPR Step 2
Gap Analysis based on plannedCPG
resilience.
201: THIRA/SPR Guide—3rd Edition
•
•
•
Figure 23: The calculation for identifying an example capability gap.
Risk tolerance
Funding
Ease of resource reallocation
Qualitative Prioritization of Capability Gaps
Priority for Achieving Capability Target
A community has a capability gap if the current capability is less than the capability target. After
identifying that capability gap, communities assign a priority rating (High Priority, Medium
Priority, and Low Priority) to identify how important it is to achieve that capability target.
Communities should attempt to assign priority ratings relative to their other targets and avoid
providing the same priority rating for all or most capability targets. This will result in more
useful data, as it will clearly demonstrate which capability gaps are more important to address.
Count
Vulnerability
1
Hospital capacity
2
Water distribution
3
Natural gas restoration
4
Haz mat response
5
Emergency shelter
6
Debris removal
7
Power restoration
8
Search and rescue
9 Emergency transportation
Capability Gap
negative
negative
negative
negative
negative
positive
positive
positive
positive
Priority
High
High
High
Medium
Low
Threat and Hazard Identification and Risk Assessment (THIRA) and Stakeholder Preparedness
Review (SPR) Guide, 3rd Edition, May 2018, United States Homeland Security
37
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
Source: Threat and Hazard Identification and Risk Assessment (THIRA) and Stakeholder
Preparedness Review (SPR) Guide, 3rd Edition, May 2018, United States Homeland Security.
Figure 24: Explanation for how to assign a priority rating for capabilities
with and without a capability gap.
NOTES:
35
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
40
RIMS-CRMP Participant Notebook
ANALYZE
Assess Organizational Resilience
Organizational Resilience
Internal
Identify
Prioritize
Identify
External
www.Investopedia.com
Strategic Planning
Environment
Strengths,
weaknesses,
opportunities, and
threats (SWOT)
analysis is a
framework used to
evaluate a company's
competitive position
and to develop
strategic planning,
assessing internal
and external factors,
as well as current and
future potential.
Prioritize
38
Risk Management
Strengths
assets, competencies, or
attributes that enhance
competitiveness
Weaknesses
lacking assets, competencies,
or attributes that diminish
competitiveness
based on quality and relative
importance
based on seriousness and
relative importance.
Opportunities
conditions that could be
exploited to create competitive
advantage
conditions that could diminish
competitive advantage
based on ease and expected
return of exploiting the
opportunity
based on likelihood and
severity of occurrence
Threats
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
This table extends the idea of SWOT analysis into the space of risk management versus
strategic planning and shows how both activities support planned and adaptive resilience. On
the left side of the table, we see again internal and external environmental scanning that support
identification and prioritization steps that apply to each type of resilience.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
41
RIMS-CRMP Participant Notebook
Strategic
lanning
An organization’s
is responsible
for
the drafting
evaluating validating and
preparing strategies created and
implemented by the responsible
operational leaders that will
enable an organization to
achieve its mission goals and
objectives.
3
2 22
isk and nsurance
isk
anagement
An organization’s isk
anagement Team is responsible
for collaboratively highlighting
strategic risks during the planning
process and
esilience
rganizational resilience is the
ability of an organization to
absorb and adapt in a changing
environment to enable it to
deliver its objectives and to
survive and prosper.
to enable the decision
makers to more fully plan for
uncertainties in achieving the
organization’s mission goals and
objectives.
anagement Society nc . All rights reserved. Confidential and roprietary . Do not disclose without
written permission from
S eneral Counsel.
This graphical representation shows how adaptive resilience combined with planned resilience
results in a new approach that is not just about absorbing shocks in a traditional sense but also
planning for future changes, surviving, and prospering.
While the idea of risk management challenging assumptions in strategic planning is not new, the
point of this graphic is to remind us of how existing aspects of strategic risk management should
be aligned to support three types of resilience.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
42
RIMS-CRMP Participant Notebook
•
•
•
Confirmation bias
Loss aversion bias
Framing bias
are made
about the
effectiveness of
strategic plans and
risk solutions
esilience
•
•
•
4
2 22
isk and nsurance
lanning fallacy
nformation Bias
Sunk cost bias
anagement Society nc . All rights reserved. Confidential and roprietary . Do not disclose without
written permission from
S eneral Counsel.
Resilience means making predictions about the effectiveness of strategic plans and risk
management solutions. These predictions can be influenced negatively by a number of different
biases. Here we highlight six; three each from the strategic and tactical categories.
Strategic
▪ Confirmation: seek what supports you and ignore what does not.
▪ Loss aversion: the pain of losing is greater than the pleasure of gaining. Loss aversion
bias has significant implications for risk appetite and tolerance.
▪ Framing: leading questions and marketing in order to persuade others.
Tactical
▪
lanning fallacy: “scope creep”
▪ nformation bias: “analysis paralysis”
▪ Sunk cost: “Throwing good money after bad.”
Definitions of specific biases will not be on the exam.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
43
RIMS-CRMP Participant Notebook
ANALYZE
Assess Organizational Resilience
Document insights and set stage for developing risk strategy.
Goals
1.
41
Create
sustainable
value and profit
by growing
revenue.
2.
Achieve market
leadership.
3.
Establish
organization as
the premier
provider of its
products,
services, and
technologies.
Objectives
1.
Double consumer
demand in new
geographies
2.
Differentiation
through new
technology
3.
Deliver defect-free
products and
responsive
services prior to
clients’ expected
timeline
Uncertainties
Risk Strategy
1.
Market demand
1.
Emerging forces
analysis
2.
Scientific
breakthroughs
2.
“What if”
modeling
3.
Supply-chain
disruption
3.
Performance
measures tied to
value
measurements /
early warnings
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
This is an extension of slide 30. Detail is provided about specific uncertainties and specific risk
management strategies that could be applied. The purpose of doing preliminary organizational
analysis work is to think ahead to what will be done, not just from a methodological standpoint
but also from a risk strategy standpoint (i.e., what can risk management offer to the process of
improving outcomes)?
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
44
RIMS-CRMP Participant Notebook
EXAM PREP
Practice Questions
1
A business model is a set of assumptions about the
A.
B.
C.
D.
financial stability of an organization.
organizational structure of a business.
products and services’ past performance.
way an organization creates value.
Domain 1
Reference: Gamble, John; Thompson, Jr., Arthur; Peteraf, Margaret (2012-07-01). Essentials of Strategic
Management: The Quest for Competitive Advantage, 3rd edition (Page 80). McGraw-Hill Higher Education-A.
42
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
Two practice questions appear at the end of each module. The domain is identified here for
practice but will not be identified on the actual exam. Answering two practice questions as a
group will help us prepare to do the first self-assessment in a few pages. The answer key is on
page 210.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
45
RIMS-CRMP Participant Notebook
EXAM PREP
Practice Questions
2
Which activity does the risk management professional perform immediately
after obtaining internal and external information about the organization?
A.
B.
C.
D.
Analyze the information.
Organize the information.
Prioritize the information.
Report the information.
Domain 1
Reference: General knowledge. See RIMS Strategic Risk Implementation Guide, pg. 27
43
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
Two practice questions appear at the end of each module. The domain is identified here for
practice but will not be identified on the actual exam. Answering two practice questions as a
group will help us prepare to do the first self-assessment in a few pages. The answer key is on
page 210.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
46
RIMS-CRMP Participant Notebook
EXAM PREP
Self-Assessment: Analyzing the Organizational Model
Objective: This exercise is an action planner self-assessment checklist. The objective is to self-rate your
understanding and comfort level with each task as you think about the practice questions.
• Score your understanding of each task based on a 5-point scale with 1 being the weakest and 5 being
the strongest.
• Sum the scores.
• Divide the summed total by the total number of tasks: 4.
• Enter the quotient into the box for “Domain.”
• Transfer your Domain quotient score to the table on page 4 of the participant guide.
Self-Rank Score
Domain
Task
A
Note
Analyzing the Organizational Model
1
Obtain internal organization information
2
Obtain external organization information
3
Conduct internal analyses on the organization
4
Assess organizational resilience
Sum of self-scores by task
Divided by 4
44
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
To do the self-assessment, think about the questions you just saw and then think about how
comfortable you feel about the tasks that support the domain of “analyzing the organizational
model.” If you do not prefer quantification, you can make qualitative notes / comments about
where you think you should study more to increase confidence and reduce stress.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
47
RIMS-CRMP Participant Notebook
Workshop Outline
þ Introductions, Objectives, and Expectations
þ Domain 1: Analyzing the Organizational Model
Domain 2: Designing Organizational Risk Strategies
Domain 3: Implementing Risk Process
Domain 4: Developing Organizational Risk
Competency
Domain 5: Supporting Decision Making
Exam Preparation
Recap
45
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
48
RIMS-CRMP Participant Notebook
DESIGN
Domain 2
q
q
q
q
q
q
q
Designing Organizational Risk Strategies
Determine risk appetite and tolerance
Develop a risk strategy approach
Define organizational risk competency and capabilities
Define the Risk Management Framework
Obtain organizational support for risk strategy
Design implementation plan
Develop risk communication plan
ANALYZE
DESIGN
IMPLEMENT
DEVELOP
SUPPORT
ADVISE ON RISK AND RESILIENCE
46
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
The second domain in the RIMS-CRMP certification addresses the design of organizational risk
strategies based on the organizational model.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
49
RIMS-CRMP Participant Notebook
DESIGN
Determine Risk Appetite and Tolerance
q Knowledge
§ risk appetite and risk tolerance concepts
§ roles and responsibilities of the risk owner
§ risk taxonomy and the categories of risks
§ risk taking behaviors and perceptions
§ organizational culture
§ risk management policies
§ organizational knowledge
q Skills
§ communication, interviewing, and active listening
§ strategic thinking and inductive reasoning
§ analytical and quantitative skills
§ aggregating and reporting skill
47
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
50
RIMS-CRMP Participant Notebook
DESIGN
Determine Risk Appetite and Tolerance
Determine ownership
Validate risk taking culture
Identify risk taking parameters
Risk appetite vs risk tolerance
Identify and validate metrics
Communicate
48
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
There are six steps that support the determination of risk appetite and tolerance. We’ll start with
determining ownership and finish up by looking at an example of how to communicate about risk
appetite and tolerance.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
51
RIMS-CRMP Participant Notebook
DESIGN
Determine Risk Appetite and Tolerance
Determine the owner of the risk (and the corresponding risk attitude).
Image Makers
High appetite for risk
Adventuresome Visionaries
Strategist
CEO
Sales
Line Executive
Marketing
Risk Manager
Risk attitude
CFO
Controller
CRO
CIO
Internal Auditor
Low tolerance for risk
COO
Daily Operators
Tactical
Operational Leaders
Organizational mind-set
Strategic
Adapted from: IBM Global Business Services, The Global CFO Study 2008
49
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
52
RIMS-CRMP Participant Notebook
DESIGN
Determine Risk Appetite and Tolerance
Validate the risk taking culture of the organization.
q Risk culture consists of the norms and traditions of behavior of individuals and of groups within an
organization that determine the way in which they identify, understand, discuss and act on the risk the
organization confronts and takes.
Low
Risk Appetite
High
Early-stage, high-potential, high-risk, growth startup organizations
have a high appetite for risk and are usually willing to accept greater
volatility and uncertainty.
Organizations with lower risk appetite generally are more
risk averse as their focus is on stable growth and earnings.
Low
50
Reward
High
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
The conceptualization of varying degrees of risk and reward help us think about where an
organization is in its life cycle, strategic plan, or environment more generally and how that will
influence an aggregated risk position and philosophy.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
53
RIMS-CRMP Participant Notebook
dentify risk taking parameters.
Frontier as portfolio of categories
1
2
6
1
5
4
51
2 22
isk and nsurance
1
11
31
2
7
3
anagement Society nc . All rights reserved. Confidential and roprietary . Do not disclose without
written permission from
S eneral Counsel.
The graphical representation on the right shows a qualitative efficient frontier and comes from
work done by John Pau Luisot and was incorporated into
S’s white paper on isk Appetite
and Tolerance. n the efficient frontier e ample “A” and “B” are divisions within an organization.
“N” is a new division or department and occupies a riskier position on the efficient frontier but
with a higher expected reward. Moreover, the increased risk of the new division is balanced by
the lower risk positions of divisions A and B. Division A is in the theoretically perfect spot of
taking on just enough risk for the highest reward.
If you would like to learn more about quantitative efficient frontiers, have a look at
https://www.investopedia.com/terms/e/efficientfrontier.asp.
The key point is that risk taking is based on parameters or decision rules that come from
expected benefits and risk and can be blended to maximize return.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
54
RIMS-CRMP Participant Notebook
DESIGN
Determine Risk Appetite and Tolerance
Definition
Source
Individual activity
q Review the definitions of risk
appetite and tolerance.
q Look for commonalities and
differences among the definitions.
Appetite
Tolerance
The total exposed amount that an
organization wishes to undertake on the
basis of risk-return trade-offs for one or more
desired and expected outcomes.
The amount of uncertainty an organization is
prepared to accept in total or more narrowly
within a certain business unit, a particular
risk category, or for a specific initiative.
ISO Guide 73:2009 Risk management
vocabulary
Amount and type of risk that an organization
is willing to pursue or retain. Note: ISO
31000 does not include this risk ap- petite
definition in the guidance standard.
Organization’s or stakeholder’s readiness to
bear the risk after risk treatment in order to
achieve its objectives. Note: Risk tolerance
can be influenced by legal or regulatory
requirements.
COSO Strengthening Enterprise Risk
Management for Strategic Advantage, 2009
A broad-based description of the desired
level of risk that an entity will take in pursuit
of its mission.
Reflects the acceptable variation in
outcomes related to specific performance
measures linked to objectives the entity
seeks to achieve.
BS 31100:2008
The amount and type of risk than an
organiza- tion is prepared to seek, accept or
tolerate.
The organization’s readiness to bear the risk
after risk treatments in order to achieve its
objectives. Note: Risk tolerance can be
limited by legal or regulatory requirements.
RIMS
KPMG Understanding and articulating risk
appetite, 2009
Risk thresholds, or risk tolerances, are the
The amount of risk, on a broad level, that an typi- cal measures of risk used to monitor
organization is willing to take on in pursuit of exposure compared with the stated risk
value.
appetite.
Towers Perrin, What’s Your Risk Appetite ,
Emphasis 2009 by J. David Dean and
Andrew F. Giffin
The amount of total risk exposure that an organization is willing to accept or retain on
the basis of risk-reward trade-offs: Reflective
of strategy, risk strategies and stakeholder
expectations; Set and endorsed by board of
directors through discussions with
management
The level of risk that the company is willing
ECIIA and FERMA, Guidance on the 8th EU to take: high return-high risk; low risk-low
return, or a portfolio of different exposures.
Company Law Directive, article 42, 2011
Risk ap- petite is strategic and relates
primarily to the business model.
52
The amount of risk an organization is willing
to accept in the aggregate (or occasionally
within a certain business unit or for a specific
risk category): Expressed in quantitative
terms that can be monitored; Often
expressed in acceptable/ unacceptable
outcomes or levels of risk
The maximum amount of risk that the
company can bear despite controls. Risk
tolerance is more operational and relates
primarily to the company’s targets.
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
Over the years there has been conflicting information about what risk appetite and tolerance
refer to. For example, in BS31000:2008 risk appetite is defined as “The amount and type of risk
than an organization is prepared to seek, accept or tolerate.”
From a practical standpoint, it does not matter if there is conflict in the literature about the
definitions of risk appetite and tolerance because a risk professional simply needs to pick an
approach and stick to it (and be prepared to address detractors and challengers who have an
understanding based on a different approach).
The purpose of this individual activity is to find commonalities and themes that are prevalent in
the definitions.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
55
RIMS-CRMP Participant Notebook
DESIGN
Determine Risk Appetite and Tolerance
Identify and validate risk appetite and risk
tolerance metrics.
qQuantitative risk appetite statements may address:
§ Maximum tolerance for market, credit and operational losses
§ The maintenance of a minimum credit rating level
§ Minimum cash reserve levels
§ The maximum earnings volatility
§ Minimum excess liquidity resources to meet peak stressed
liquidity requirements without the need to liquidate assets
or raise capital (surviving the “black swan”)
qQualitative risk appetite statements may address:
§ Legal and regulatory risk
§ Reputational risk
§ Business mandate
§ Operational risks in the execution of business plans
§ Risk-related decision making, especially in relation to business
opportunities (chasing the “golden goose”)
53
Source: Exploring Risk Appetite and Tolerance, RIMS Executive Report, 2012
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
The graphical representation is an actual example that comes from a non-profit healthcare
organization. The expected outcome in the center of the normal distribution is the midpoint
between significant gain and significant loss. The distribution around the expected outcome
represents the respective appetite and tolerance limits that serve as decision rules for either
investing in new initiatives or stopping the pursuit of an initiative that has already started. The
area in between the appetite and tolerance limits can be referred to as the “sweet spot” where
an organization is operating within parameters and expects predictable results as measured by
gain and loss. The maximum appetite and tolerance limits are the risk capacity of the
organization and represent the overall amount of risk that can be taken on, or loss that can be
sustained. Remember, appetite and tolerance are two side of the same coin: the limit of risk
appetite is defined by the acceptable pain associated with the pursuit. Conversely, the limit of
tolerable pain is defined but the desired reward associated with the pursuit.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
56
RIMS-CRMP Participant Notebook
DESIGN
Determine Risk Appetite and Tolerance
Communicate risk appetite and tolerance.
XYZ Company Risk
Appetite Statement
XYZ Company aims to
achieve a moderate risk
profile through prudent
management, a universal
insurance business model
that is diversified by
geographic area, types of
products, portfolios and
customers as we continue
sustainable premium
growth and our
international presence.
54
XYZ Risk Appetite Core Metrics
Attribute
Metric
Capital Adequacy
Economic Capital Model
Adequate capital to carry out
business operations including
significant weather events and
financial shock
Lose no more than 10% of
surplus in a 1 in 250 year
event
Operating Performance
Loss Ratio
Consistent overall operating
performance
No higher than a 99.5%
combined ratio over a threeyear rolling period.
Credit Rating
A.M. Best Rating
Maintain A.M. Best credit rating A.M. Best rating of no less than
that will allow us to compete in A (Excellent)
the marketplace
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
This example also comes from the RIMS whitepaper and shows ways to write down risk
appetite statements, identify the attributes of the statements more specifically, and -most
importantly-identifies the metrics that are used to set parameters based on risk appetite.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
57
RIMS-CRMP Participant Notebook
DESIGN
Developing a Risk Strategy Approach
q Knowledge
§ organizational culture
§ risk management standards and frameworks
§ organizational guidelines, standards, and regulations
§ budgeting process and project management
§ business case development
§ analysis of organizational strategy
§ organizational behaviors and drivers
q Skills
§ goal setting
§ relationship and consensus building
§ facilitation
§ presentation
§ Planning and analysis
55
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
58
RIMS-CRMP Participant Notebook
ecommend
risk strategy
options
Develop risk
strategy options
Calibrate against
organizational model and
culture
Align risk management goals and
objectives with organizational
goals and objectives
Determine risk management needs
56
2 22
isk and nsurance
anagement Society nc . All rights reserved. Confidential and roprietary . Do not disclose without
written permission from
S eneral Counsel.
These are the five skills that support the task of developing an approach to a risk management
implementation.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
59
RIMS-CRMP Participant Notebook
DESIGN
Developing a Risk Strategy Approach
57
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
Operational, Project, and Strategic risk management are examples of risk strategy approaches.
Depending on the work done in the first domain of analyzing the organizational model, the risk
professional should select an approach that matches culture, organizational model, and also
preferences for methodology.
The dotted red line around the top boxes highlights differences in the goal of the risk strategy
approach. The dotted red line around the risk position boxes reinforces the importance of risk
philosophy based on appetite and tolerance.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
60
RIMS-CRMP Participant Notebook
DESIGN
Developing a Risk Strategy Approach
Reporting Requirements
• Compliance
planning
Q2
• Strategic
planning (3 Year)
• Operations
planning (1 Year)
• Internal audit
planning
• Privacy and
security planning
Q1
Q4
• Financial
reporting and risk
disclosure
planning
Q3
Budgeting
58
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
Organizational goals and objectives are articulated in various reports and other existing process
and procedure. This hypothetical example reminds us to think about existing process, tools,
and management process that inform a comprehensive risk management strategy.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
61
RIMS-CRMP Participant Notebook
DESIGN
Developing a Risk Strategy Approach
q Risk philosophy example
It is Our Organization’s philosophy to align its risk management practices with its overall
corporate vision, mission and strategy, and embed risk competencies into the business
management practices of every business group leader to inform decisions, in order to:
§ Avoid risks that could negatively affect the value of the company to a material
degree
§ Contribute to sustainable earnings
§ Take risks that the company can manage in order to increase returns
§ Balance risk and reward against the impact and cost of managing risks for the
organization
§ Other examples:
59
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
On slide 54, we saw an example of a risk appetite statement. This is an example of a risk
philosophy statement that is broader. The example shows how risk management supports
organizational goals based on risk appetite and tolerance.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
62
RIMS-CRMP Participant Notebook
DESIGN
Developing a Risk Strategy Approach
60
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
Choice of risk strategy is also influenced by organizational culture. Organizational culture will
impact risk taking. For example, if an organization rewards innovation and individuality (flat)
versus steadiness (command and control), this would have significant impacts on how risk
appetite statements are written. The former may be more qualitative based on fluid guidance
and the latter may be more quantitatively based on upper and lower control limits.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
63
RIMS-CRMP Participant Notebook
DESIGN
Define Organizational Risk Competency and Capabilities
q Knowledge
§ organizational risk management competencies and capabilities
§ organizational behaviors and drivers
§ gap analysis process
§ curriculum development
§ benchmarking
§ analysis of organizational strategy
q Skills
§ conducting gap analysis
§ analytical skills
§ project management skills
61
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
Choice of risk strategy is also influenced by organizational culture. Organizational culture will
impact risk taking. For example, if an organization rewards innovation and individuality (flat)
versus steadiness (command and control), this would have significant impacts on how risk
appetite statements are written. The former may be more qualitative based on fluid guidance
and the latter may be more quantitatively based on upper and lower control limits.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
64
RIMS-CRMP Participant Notebook
dentify
required risk
management
competency
and
capabilities
dentify and
assess gaps
Create a risk
management
competency
development
plan that aligns
with strategy
dentify e isting risk
management competency and
capabilities
62
2 22
isk and nsurance
anagement Society nc . All rights reserved. Confidential and roprietary . Do not disclose without
written permission from
S eneral Counsel.
These are the four steps that support the task of defining organizational risk competency. The
objective is not for just the risk manager or the risk “department” to have a high level of
competency in risk management, but also to ensure that risk owners throughout the
organization have the competency to take risk in pursuit of opportunities in a way that is
consistent with common effective practices.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
65
RIMS-CRMP Participant Notebook
DESIGN
Group Breakout: Define Organizational Risk Competency
and Capabilities
Exercise goal: To perform a gap analysis on existing and required risk competency.
1. Select a presenter.
2. Choose one of the three case studies from the participant notebook. You will use the
same case study for additional activities later on.
3. Using your summary notes of the case selected, identify:
• existing risk management competency and capabilities.
• required risk management competency and capabilities.
• Specific components to include in a risk management training plan.
The examples can come from the fact pattern in the case study or you can develop your
own.
4. Document and report back to the large group.
63
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
66
RIMS-CRMP Participant Notebook
The example comes from the Timberwolf Case Study. Remember you do not have a lot of time
so attempt to find short accurate examples to report back to the group within the allotted time.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
67
RIMS-CRMP Participant Notebook
DESIGN
Define Organizational Risk Competency and Capabilities
RISK MANAGEMENT KNOWLEDGE
Successful risk management professionals are knowledgeable
about the standards, guidelines and concepts that reflect
contemporary risk management thinking and practices. This
area includes knowledge related to how risk management can
be incorporated within diverse environments, process
approaches, solutions and more extensive knowledge in
respective subspecialty areas.
TECHNICAL SKILLS
This is the operational layer where the specialized skills of risk
professionals come into play. These skills include the ability to
develop a horizontal, portfolio approach to managing risk.
Application of specialized skills by risk management
professionals provides guidance for increased clarity in
decision making.
NOTE: The term risk management, as used in both the core
competency and professional growth models, encompasses
all types of risk management, including enterprise and
strategic risk management. The models apply broadly,
regardless of area of specialty.
65
RIMS Risk Management Core
Competency Model
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
The risk management core competency model from RIMS offers some specific ways to
operationalize what risk management competency is. While not all risk owners would be
expected to be experts in the specifics of risk management, they should understand what they
need to do to support an integrated approach to managing risk.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
68
RIMS-CRMP Participant Notebook
DESIGN
Define Organizational Risk Competency and Capabilities
Competence: ability to apply knowledge and skills to achieve intended results (ISO 17024)
Risk Appetite Management
5=
Exceptiona
l
4 = Exceeds
Requirement
s
3 = Meets
Requirement
s
2 = Gets
By
1 = Needs
Work
Risk appetite(s) – at varying levels are established and communicated
Variations for risks outside of
boundaries (risk tolerances) are
articulated and monitored
Risks are viewed as an interrelated
portfolio
Risk and reward tradeoff scenarios
are actively considered in daily
management of the organization
Gaps between actual and perceived
risks are actively identified and
closed
Source: RIMS Risk Maturity Model (RMM) self-assessment at www.rims.org/ERM
66
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
The definition of competency comes from ISO. It is a simple and powerful definition that is
based on achieving results based on knowledge. The example comes from a self-assessment
question based on risk appetite. An organization may have formalized risk appetite statements,
but are those statements communicated at different levels within the organization and do front
line workers -for example- understand how to not only make decisions but report deviations
from expected outcomes?
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
69
RIMS-CRMP Participant Notebook
The five tiers of maturity from the RIMS RMM help gap analysis by quantifying differences
between existing capability and needed capability.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
70
RIMS-CRMP Participant Notebook
DESIGN
Define the Risk Management Framework
q
q
Knowledge
§ governance practices and procedures
§ organizational behaviors, structures, and design
§ process development and management
§ internal controls
§ key performance indicators (KPIs) and key risk indicators (KRIs)
§ policy development
§ organizational resilience
§ value chain
§ outcome analysis
Skills
§ Control charts techniques
§
§
§
§
§
§
68
compliance assessment
Marketing
Communication and consensus building
planning
analysis
strategic thinking
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
The five tiers of maturity from the RIMS RMM help gap analysis by quantifying differences
between existing capability and needed capability.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
71
RIMS-CRMP Participant Notebook
DESIGN
Define the Risk Management Framework
• Standards
• Frameworks
Infrastructure
• People
• Process
• Technology
Governance
Structures
69
• Internal
Controls
• KPIs
• KRIs
Process and
Controls
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
These are the three steps that support the task of defining (and choosing) a risk management
framework.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
72
RIMS-CRMP Participant Notebook
DESIGN
Define the Risk Management Framework
Graphics © RIMS 2017: Based on ISO 31000:2018 Principles, Framework and Process
70
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
The RIMS-CRMP is not a framework for executing risk management, nor does it recommend a
particular framework. Rather than use one of the top three frameworks (ISO, COSO, or OCEG)
as an example, S guidance on principles process and frameworks is used as a “decoder.”
In other words, any framework, or hybrid framework, should contain these components and
characteristics. The process cycle will likely be most familiar to you as it is something you have
already done. It also matches closely what you will see in module three.
Principles may vary across frameworks. but these components are good examples of the
attributes that support value creation. Framework components will be quite similar regardless of
approach.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
73
RIMS-CRMP Participant Notebook
DESIGN
Define the Risk Management Framework
AS/NZS 4360
ISO 31000 PRINCIPLES
FRAMEWORK
SAQ ONR 49001
AFNOR CN FD_X50-252
ISO GUIDE 73
TERMINOLOGY
NFPA 101
REQUIREMENTS
ISO 9001
ANSI/ASHRAE 62
OHSAS 18001
GUIDELINES
HB 436
ISO GUIDE 14050
ISO 10005
ISO 14001
NFPA 75
ISO/IEC 27001
ISO/IEC 27002
CSA Q850
TOOLS
ISO/IEC 15408
ISO 31010
RISK
SAFETY
QUALITY
TECHNOLOGY
ENVIRONMENTAL
Source: RIMS Strategic and Enterprise Risk Center
71
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
You may feel like there is a great deal of “background noise” when it comes to identifying a risk
management framework versus other documents and resources available in the field. This
graphical representation clarifies how tools, guidelines, requirements, and terminology from five
different disciplines are connected to ISO 31000.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
74
RIMS-CRMP Participant Notebook
DESIGN
Define the Risk Management Framework
72
People
Process
Technology
Risk
Professionals
Methodology
Information
management
systems
Executive
champion
Reporting
Data collection
Supporters
Monitoring
Analytics
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
75
RIMS-CRMP Participant Notebook
DESIGN
Define the Risk Management Framework
q Align risk strategy with organizational goals.
§ While KPIs measure an organization's progress toward achieving its objectives,
KRIs measure risk and volatility related to achieving those objectives.
Organizational
Objectives
Strategy
implementation and
performance (KPI’s)
73
Risk to the strategy
and arising from plans
to meet the strategy
(KRIs)
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
Key performance indicators (KPIs) and key risk indicators (KRIs) are some of the most common
ways to describe progress -positive or negative- toward achieving objectives.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
76
RIMS-CRMP Participant Notebook
DESIGN
Obtain Organizational Support for Risk Strategy
q
q
74
Knowledge
§ organizational knowledge
§ internal and external environment
§ organizational behaviors and drivers
§ governance practices and procedures
§ business case development
§ business strategy
Skills
§ marketing
§ communication
§ negotiation
§ active listening and consensus building
§ analytical
§ stakeholder management
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
77
RIMS-CRMP Participant Notebook
DESIGN
Obtain Organizational Support for Risk Strategy
Review and
validate
business plan
Obtain
approval for
business
case
Identify key
decision
makers and
influencers
Develop
business case
incorporating
value
proposition
75
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
These are the four steps that support the task of obtaining organizational support for risk
strategy.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
78
RIMS-CRMP Participant Notebook
DESIGN
Obtain Organizational Support for Risk Strategy
Develop business case incorporating value proposition and risk management strategy.
Executive Summary
Program Scope
Statement and Definition
Program Priority
76
• Formal recognition and individual authority to control process
• Program purpose and business need
• List of objectives and expected deliverables
• Description of work
• List of assumptions and constraints
• E.g., strategic, board-level priority
• Benefits to be gained
Schedule, Estimates
and Resources
• Target measures, dates/milestones
• Capital and operating expense requests
• Key internal and external resources needed, estimated work hours
Program Roles and
Responsibilities
• Executive sponsor, program lead, project manager, stakeholder list
(authority and accountabilities for each)
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
79
RIMS-CRMP Participant Notebook
DESIGN
Obtain Organizational Support for Risk Strategy
What benefits does my organization hope to gain from ERM?
Benefit
Rank
Meet regulatory compliance
Enable better informed board oversight
Achieve greater management consensus
Facilitate decision-making process in allocating resources
Increase management accountability
Drive consistent risk appetite approach
Embed root cause discipline / competence
Assist in meeting strategic goals
Reduce earnings volatility
Demonstrate best practice governance standards
Improve disclosure
Provide evidence for ERM scrutiny from rating agencies
Improve business resiliency and sustainability
Protect shareholder value
Other:
77
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
One of the most important parts of a business case is to identify the expected benefits of an
initiative. Think about your own organization and order these potential benefits starting with 1
for the most important and the highest number being the least important.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
80
RIMS-CRMP Participant Notebook
DESIGN
Design an Implementation Plan
q Knowledge
§ project management
§ organizational knowledge
§ benchmarking and metrics analyses
§ performance measurement
q Skills
§ project planning
§ organizational change management
§ presentation
§ analysis
§ facilitation
§ communication
§ stakeholder management
78
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
81
RIMS-CRMP Participant Notebook
DESIGN
Design an Implementation Plan
Confirm
scope of plan
Identify and confirm roles and responsibilities
Identify
priorities for implementation
stakeholders
resources, timelines, milestones, checkpoints, and deliverables
assumptions, dependencies, and constraints
Define
risk strategy success criteria and measures
Conduct
project risk analysis
Document
implementation plan
Secure
79
resource commitments
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
There are ten steps that support the task of designing an implementation plan, four of which are
under the steps related to identification.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
82
RIMS-CRMP Participant Notebook
DESIGN
Design an Implementation Plan
A typical implementation plan template documents answers to specific questions about:
80
1. Foundation
What is the purpose of ERM in my organization?
2. People and technology
What structures are needed to help make ERM happen?
3. Methodology
What measures of impact should our program consider?
4. Data Collection
How will I approach the information gathering process?
5. Data analysis
How will I prioritize and consolidate information about risks and opportunities?
6. Accountability
Who owns the risk and the opportunity?
7. Risk solutions
How will the owner deal with risks and opportunities?
8. Monitoring
How will we monitor and report on key risks and opportunities?
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
This is a non-exhaustive list of components that support the design of an implementation plan
for risk management.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
83
RIMS-CRMP Participant Notebook
DESIGN
Design an Implementation Plan
Establish foundation (participant notebook contains complete template)
81
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
This slide ties to the first item of establishing the foundation from the previous slide (80). The
entire planning template is included in the appendix of the participant notebook.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
84
RIMS-CRMP Participant Notebook
DESIGN
Design an Implementation Plan
82
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
This is an actual example from a multinational food distribution company. The top of the graphic
is a calendar and the number prior to the label refers to the day of the month. The next section
refers to the key initiative and its relevant duration during the calendar year. The next section
identifies specific process steps (MC = management committee and AC = audit committee).
Finally, the lowest level of the graphic refers to external stakeholder communication
requirements.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
85
RIMS-CRMP Participant Notebook
DESIGN
Develop Risk Communication Plan
q Knowledge
§ communication processes
§ communication technologies and media
§ organizational change management
§ project management
q Skills
§ communication
§ collaboration
§ marketing
§ skills in matching message to specific audience
§ stakeholder management
83
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
86
RIMS-CRMP Participant Notebook
DESIGN
Develop Risk Communication Plan
84
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
These are the seven steps that support the task of developing a risk communication plan.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
87
RIMS-CRMP Participant Notebook
DESIGN
Create a Risk Communication Strategy
Audience needs-analysis is critical.
Item
Executive
Leadership
Risk Committee
Risk Champions
Frontline
Managers
Expectation for
risk appetite
Risk/Reward view
Risk portfolio view
Risk status related to
objectives
Risk within sphere of
control
Key message
Strategic, brief and
consultative
Strategic, key priorities
and activities
Consultative
Tactical and
consultative
Multi-media
Committee meeting
One on one
Email or newsletter
Delivery schedule
quarterly
monthly
As needed
On demand
Resources
minimal
time
time
Coordination with ops
and HR
Dashboards KPIs /
KRIs Presentation
Risk Assessments
Data analyses
Action plans
Initiative updates
Task specific
documentation
Media /
communication
channel method
Documentation
85
Internal Audience
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
This is an actual example from an international oil and gas company and exemplifies the
importance of doing audience analysis in order to customize components for different
audiences.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
88
RIMS-CRMP Participant Notebook
DESIGN
Create a Risk Communication Strategy
Common barriers to communication.
q Bias in upward and downward communication.
q Maintaining focus on objectives and permanency.
q Singular channels.
Instant
Communication
Intentional
Conversations
Internal
Communications
86
•Email
•Web presence
•Online training
•Blogs
•Webinars
•Informal interactions
•Targeted “influencers”
•Presentations
•Newsletters
•Staff/“all hands” meetings
Extraordinary
Communication
Extended
Conversations
External
Communications
•Social media
•Public web presence
•Blogs
•Webinars
•Interviews
•Client Advisory Boards
•Credit Agency Meetings
•Supply Chain Forums
•Distributor Summits
•Presentations
•Financial Filings
•Social Responsibility Reports
•Whitepapers
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
These graphics offer examples of different types of communication and corresponding media
that can be used to inform and train risk owners and stakeholders about the risk management
process.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
89
RIMS-CRMP Participant Notebook
EXAM PREP
Practice Questions
3
When defining the success measures for the organization’s risk strategy, the
risk management professional will include which of the following steps?
A.
B.
C.
D.
A review of the goals and objectives of the risk strategy
A selection of appropriate media for communicating the risk strategy
An analysis of the organization’s total cost of insurable risk
The development of timelines for implementing the risk strategy
Domain 2
Reference: Robery R. Moeller, “COSO Enterprise Risk Management” 2011, 2nd ed. Chapter 5 pp. 89-114
87
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
These are the two practice questions for module 2. Answering two quick practice questions as
a group will help prepare us to do the next self-assessment. The answer key is on page 210.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
90
RIMS-CRMP Participant Notebook
EXAM PREP
Practice Questions
4
An effective risk communication strategy requires the selection of
appropriate______.
A. Coaches
B. Data points
C. Media channels
D. Metrics
Domain 2
Reference: Elliott, Michael, Enterprise Risk Management, 1st ed., The Institutes, 2013, p. 12.16-12.20.
88
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
The answer key is on page 210.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
91
RIMS-CRMP Participant Notebook
DESIGN
Self Assessment: Designing Organizational Risk Strategies
Objective: This exercise is an action planner self-assessment checklist. The objective is to self-rate your
understanding and comfort level with each task as you think about the practice questions.
• Score your knowledge and understanding of each task based on a 5-point scale with 1 being the
weakest and 5 being the strongest.
• Sum the scores.
• Divide the summed total by the total number of tasks: 7.
• Enter the quotient into the box for “Domain.”
• Transfer your Domain quotient score to the table on page 4 of the participant guide.
Self-Rank Score
Domain
B
Task
Note
Designing Organizational Risk Strategies
1
Determine risk appetite and tolerance
2
Develop risk strategy approach
3
Define organizational risk competency and capabilities
4
Define the risk management framework
5
Obtain organizational support for risk strategy
6
Design implementation plan
7
Develop risk communication plan
Sum of self-scores by task
Divided by 7
89
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
To do the self-assessment, think about the questions you just saw and then think about how
comfortable you feel about the tasks that support the domain of “designing organizational risk
strategies.” f you do not prefer quantification, you can make qualitative notes / comments
about where you think you should study more to increase confidence and reduce stress.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
92
RIMS-CRMP Participant Notebook
Workshop Outline
þ Introductions, Objectives, and Expectations
þ Domain 1: Analyzing the Organizational Model
þ Domain 2: Designing Organizational Risk Strategies
Domain 3: Implementing Risk Process
Domain 4: Developing Organizational Risk Competency
Domain 5: Supporting Decision Making
Exam Preparation
Recap
90
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
93
RIMS-CRMP Participant Notebook
IMPLEMENT
Domain 3
Implementing Risk Process
q
q
q
q
q
q
Identify scope context and criteria
Identify risk and opportunities
Analyze risk
Evaluate risk
Collaborate with stakeholders to identify risk solution options.
Monitoring organizational risk
ANALYZE
DESIGN
IMPLEMENT
DEVELOP
SUPPORT
ADVISE ON RISK AND RESILIENCE
91
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
These six tasks related to the domain of implementing risk process should look familiar because
they are rooted in methodology that is decades old. However, there are two key differences.
The first is the identification of scope, context, and criteria which may be new to some. The
second is the fifth step which introduces two new ideas: collaboration and solutions. Whereas
older approaches refer to “mitigating” risks in a traditional sense the C
approach discusses
“solutions” which apply to pure risks as much as speculative opportunities.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
94
RIMS-CRMP Participant Notebook
IMPLEMENT
Identify Scope, Context, and Criteria
q Knowledge
§ internal and external environment
§ needs of decisions makers
§ key performance indicators (KPI) and key risk indicators (KRI)
§ training process
q Skills
§ project management skills and abilities
§ analysis
§ scanning and researching
§ prioritization
§ facilitation
92
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
95
RIMS-CRMP Participant Notebook
IMPLEMENT
Identify Scope, Context, and Criteria
For risk assessment, process focuses on
how risk professionals
Set the scope
Identify
factors in the
external
environment
Identify
factors in the
internal
environment
Determine the
criteria
93
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
These four steps support the task of identifying scope, context, and criteria for the risk
assessment process.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
96
RIMS-CRMP Participant Notebook
IMPLEMENT
Identify Scope, Context, and Criteria
94
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
This is an actual example from a hospital in the United States that is managing the risk of
potential negative foreign influence through research engagements. The table shows how they
have thought through the scope, context and criteria that drive three levels of risk associated
with exposure to negative foreign influence in research. The preliminary work lays the
foundation for risk assessment and selecting risk solutions.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
97
RIMS-CRMP Participant Notebook
IMPLEMENT
Identify Risks and Opportunities
q Knowledge
§ risk identification methods and techniques
§ data collection techniques and data validation
§ tail at risk analysis
§ emerging risk, dynamic risk, and environmental scanning -- disruption
§ organizational governance and decision making processes
§ organizational behaviors and drivers
q Skills
§ data collection
§ active listening, facilitation, and consensus building
§ qualitative and quantitative analysis
§ data organization skills
§ skills in considering the possibilities/unknown
§ scenario analysis
§ skills in identifying the "weak signals"
95
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
98
RIMS-CRMP Participant Notebook
IMPLEMENT
Identify Risks and Opportunities
96
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
These are the four steps that support the task of identifying risks and opportunities.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
99
RIMS-CRMP Participant Notebook
IMPLEMENT
Identify Risks and Opportunities
“Risk assessment” refers to all three steps of the
risk assessment process
•
Identification: typical first step
•
Analysis: comprised of consequence,
probability, and level of risk.
•
Evaluation: typical end result of the
assessment process.
Risk identification is a discrete step in the overall
risk assessment process.
Reference: ISO 31000:2018, 61. Used with permission.
97
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
This graphical representation comes from S 31
. emember that the step of “treat risk” is
what we now call “develop risk solutions.” The specifics on process show us the difference
between risk identification and assessment. Many times, the terms are interchanged.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
100
RIMS-CRMP Participant Notebook
IMPLEMENT
Poll: Describe a Risk Identification Process
As an objective facilitator, a risk management professional serves as a data consolidator to
aggregate and synthesize data that enable people within an organization to make risk-effective
decisions. The risk identification process is comprised of finding, recognizing and recording risks
using a variety of methodologies.
q Brainstorming
q Checklists, such as regulations and standards
q Interviews and self-assessment
q Facilitated workshops
q Risk questionnaires and risk surveys
q Focus groups
q Expert elicitation
q Benchmarking
98
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
101
RIMS-CRMP Participant Notebook
IMPLEMENT
Risk and Opportunity Analysis
q Knowledge
§ data analysis
§ analysis criteria
§ risk criteria (e.g., frequency, consequences, vulnerability, interdependency, appetite,
tolerance, portfolio, resilience)
§ reporting
§ tail at risk analysis
§ emerging risk, dynamic risk, and environmental scanning -- disruption
§ risk analysis techniques
q Skills
§ risk analysis
§ ability to select the appropriate risk analysis technique
§ data organization skills
§ data interpretation
§ skills in considering the possibilities/unknown
§ scenario analysis
99
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
102
RIMS-CRMP Participant Notebook
IMPLEMENT
Risk and Opportunity Analysis
Determine analysis methods
Conduct analysis against criteria
Document results
100
to evaluate
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
These are the three steps that support risk evaluation.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
103
RIMS-CRMP Participant Notebook
IMPLEMENT
Risk and Opportunity Analysis
Analysis is the process of breaking down something into its parts to learn what they do and how they relate to one another. Risk analysis is the process of
characterizing and understanding the nature of risk and of considering the level of risk in the context of the organization’s willingness to accept risk for an
expected reward (objective).
Table adapted form from IEC/ISO
31010:2009 with permission from ISO
at www.iso.org. Copyright remains
with ISO.
101
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
The table from ISO 31010 that supports this modified table is based on rankings of strongly
applicable (SA), applicable (A), and not applicable (NA). To develop the revised table, the
three-point scale was converted to numbers and then summed and sorted in descending order
to show those tools and techniques that are most broadly applicable.
Certain methodologies address multiple analytical needs. The list also offers an opportunity to
discuss preferences for quantitative versus qualitative approaches to analysis.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
104
RIMS-CRMP Participant Notebook
IMPLEMENT
Risk and Opportunity Analysis
q Define in advance which risks will be measured
q Model specific risks for monitoring purposes
q Capabilities
§ Outsourcing
§ Building in-house capability
q Off-the-shelf software solutions
q Multiple solutions to validate results
q Beware model risk … that is, the risk of model being
defective
102
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
The graphical representation is based on a quantitative approach to analyzing risk and shows
the steps that start with collecting data and moving through to support an ultimate decision that
is taken. The bullet points apply to any type of analysis.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
105
RIMS-CRMP Participant Notebook
IMPLEMENT
Evaluate Risk and Opportunity
q Knowledge
§ data analysis
§ analysis criteria
§ risk criteria (e.g., frequency, consequences, vulnerability, interdependency, appetite, tolerance,
portfolio, resilience)
§ reporting
§ tail at risk analysis
§ emerging risk, dynamic risk, and environmental scanning -- disruption
§ risk evaluation techniques
q Skills
§ risk analysis
§ ability to select the appropriate evaluation techniques
§ data organization
§ data interpretation
§ skills in considering the possibilities/unknown
§ scenario analysis
§ skills in evaluating the “weak signals”
103
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
106
RIMS-CRMP Participant Notebook
IMPLEMENT
Evaluate Risk and Opportunity
Determine criteria
Determine methods
Apply methods against criteria
Interpret results
Evaluate risk interdependencies,
aggregation, and consequences
Confirm that risk is within risk tolerance and
appetite thresholds
104
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
These are the six steps that support the task of evaluating risk and opportunity.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
107
RIMS-CRMP Participant Notebook
IMPLEMENT
Evaluate Risk and Opportunity
• Interpret results in order to support decisions and choose risk solutions, or change objectives.
Residual Risk
6
4
10
2
0
-2
Diaster
Strategic risk
Preparedness of expanding
into new
business
Technology
and
information
Executive
turnover
Geographic
concentration
Recession
Interest rates
Earthquake
Profitable
operations
Capital
availability
rof
* P
-4
-8
o ns
rati
(8,4
)
* Earthquake (8,6)
* Geographic concentration (7,8)
* Capital availability (7,3)
Inherent Risk
-6
pe
le o
itab
(5,6)
sion
eces
* Rrates
* Interest
(5,5)
Technology and information (4,6) *
* Strategic risk of expanding into new
business (3,7)
* Disaster preparedness (2,8)
* Executive turnover (2,4)
0
10
Management Effectiveness
105
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
You may already be familiar with different approaches to calculating residual risk by combining
inherent risk and management effectiveness. These are actual examples that come from a real
estate company in the United States that used 10-point Likert scales to generate numerical
scores used to calculate residual risk.
There will not be specific math questions on the test.
One of the calculations from the graphic is as follows:
I. Earthquake risk in Southern California
A. Probability based on quantitative analysis. (Probable Maximum Loss PML).
1. A score of 2 on a scale of 1 al 5 -where 2 represents a lower probability- is
assigned.
B. Impact is based on PML and concentration of risk.
1. A score of 4 is assigned representing high impact.
C. Inherent risk: (2*4) = 8
II. Management effectiveness is self-rated.
A. Risk owners assign a score of 3.
B. Control for bias: cost to improve?
1. Risk owners assign a score of 2, where 2 represents a higher cost.
C. Management effectiveness = (3*2) = 6.
III. Residual risk = (2*4) – (3*2), = 8 – 6 = 2
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
108
RIMS-CRMP Participant Notebook
IMPLEMENT
Collaborate with Stakeholders to Identify Risk Solution Options
q Knowledge
§ risk solutions (e.g., transfer, accept, modify)
§ organizational knowledge
§ emerging risk, dynamic risk, and environmental scanning -- disruption
q Skills
§ coaching
§ collaboration
§ negotiation
§ prioritization
§ reading and recognizing dynamic risk environments
106
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
109
RIMS-CRMP Participant Notebook
IMPLEMENT
Collaborate with Stakeholders to Identify Risk Solution Options
107
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
These are the six steps that support that task of collaborating with stakeholders to identify risk
solution options. Recall that this is a step that is different than many other traditional
approaches. There is an emphasis on collaboration with risk owners and also on the idea of
solutions instead of traditional treatments. These attributes expand the notion of managing risk
an opportunity.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
110
RIMS-CRMP Participant Notebook
IMPLEMENT
Collaborate with Stakeholders to Identify Risk Solution Options
ROLE OF RISK MANAGEMENT PROFESSIONALS IN IMPLEMENTING SOLUTIONS
q Strategic advisors
q Solutions advocates
q Collaboration facilitators
COLLABORATION QUESTIONS
• Who within the organization is knowledgeable about the objective, process or initiative affected by the risk?
• Who is/are the logical person or persons to lead the implementation of the solution(s)?
• What external experts, if any, should be involved in finding solutions?
• Who is accountable for the funding and resources necessary to implement solutions?
• Should other stakeholders or risk-related functions be involved?
Source: RIMS Risk Management Techniques Workshop, All rights reserved.
108
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
A risk professional will be in charge of specific process related to managing risk. However, the
ownership of a risk or opportunity will frequently belong to another leader within the
organization. These are examples of collaboration questions that can help the risk professional
understand how to communicate with risk owners and obtain relevant information to incorporate
into process, analysis, and reports.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
111
RIMS-CRMP Participant Notebook
IMPLEMENT
Collaborate with Stakeholders to Identify Risk Solution Options
• What is the root cause?
• Is it within our tolerance?
Source: RIMS Risk Management Techniques Workshop, All rights reserved.
109
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
Students familiar with traditional risk management will quickly recognize the risk treatments of
avoid accept mitigate and transfer. The addition of the “treatment” of e ploiting risk pushes us
into a new space of thinking about taking on more risk in pursuit of rewards.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
112
RIMS-CRMP Participant Notebook
IMPLEMENT
Collaborate with Stakeholders to Identify Risk Solution Options
Source: RIMS Risk Management Techniques Workshop, All rights reserved.
110
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
This is an example of a risk register from Whirlpool Corporation. It is an excellent
demonstration of how risk ownership is incorporated into their risk register at three different
levels: executive committee level (EC), risk owners assigned to manage a risk, and finally more
specific risk owners as applicable. All three have input into development and implementation of
risk mitigation (i.e., solution) options.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
113
RIMS-CRMP Participant Notebook
IMPLEMENT
Group Breakout: Create and Apply Risk Solutions based on a
Collaborative Approach
Exercise goal: to identify and apply risk solutions to the case study.
q Refresh your understanding of the fact pattern from the case study you selected.
q Pick at least one objective and associated risk (explicit or implicit) in the case study.
§ Develop risk solutions –with an emphasis on collaboration- based on the table of
options.
§ Remember risk solutions can be combined.
111
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
This small group activity is designed to focus on the newer task of collaboration to create risk
solution options.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
114
RIMS-CRMP Participant Notebook
Time will go by quickly for the small group activity. The quick example from Liberty City shows
how to select short and accurate examples.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
115
RIMS-CRMP Participant Notebook
IMPLEMENT
Monitor Organizational Risk
q Knowledge
§ performance monitoring
§ quality management
§ Continuous improvement concepts and principles
§ tail at risk analysis
§ emerging risk, dynamic risk, and environmental scanning -- disruption
§ risk criteria (e.g., frequency, consequences, vulnerability, interdependency, appetite,
tolerance, portfolio, resilience)
q Skills
§ metrics formulation
§ performance evaluation (e.g., personnel and organizational)
§ critical thinking
§ reading and recognizing dynamic risk environments
§ skills in considering the possibilities/unknown
§ scenario analysis
§ skills in evaluating the “weak signals”
113
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
116
RIMS-CRMP Participant Notebook
IMPLEMENT
Monitor Organizational Risk
Identify priorities for
organizational risk
monitoring
Monitor changes in
the internal and
external risk
environment
Conduct follow-up
activities as required
by governance
Establish
organizational risk
performance and
monitoring metrics
Generate
organizational metrics
report
Establish
organizational risk
performance and
monitoring schedules
Validate solution
performance
Measure
organizational
performance against
metrics
114
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
These are the eight steps that support the task of monitoring organizational risk. We will look at
two examples that highlight various aspects of the cycle.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
117
RIMS-CRMP Participant Notebook
IMPLEMENT
Process for Monitoring Risk
Key
Performance
Indicators
(KPIs) help a
firm see how it is
performing in
relation to its
strategic goals
and objectives.
Key Risk
Indicators
(KRIs) are
leading
indicators of risk
to business
performance,
giving early
warning about
potential risks.
115
Source: Monica Merrifield, RIMS Strategic Risk Management Implementation Guide, All rights reserved.
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
This is an actual example that comes from the international non-governmental organization
(NGO), the YMCA. It is an example of how KPIs and KRIs are used to identify progress toward
building a new recreation center.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
118
RIMS-CRMP Participant Notebook
IMPLEMENT
Process for Monitoring Risk
116
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
This is a hypothetical example of a risk register that incorporates specific outcome targets for
residual risk position. In this case, the outcome target is to move from the upper right quadrant
of risk to the lower left. This is for illustration purposes and is also based on a traditional
approach to managing pure risks. However, it is an example of how risk tolerance and appetite
should be incorporated into risk assessment and analysis to show progress (positive or
negative).
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
119
RIMS-CRMP Participant Notebook
EXAM PREP
Practice Questions
5
A risk management professional advises management on the status of key
risks by
A.
B.
C.
D.
annually identifying the inventory of risks.
providing information about competitors’ risk management plan.
providing insights into the changing characteristics risks.
summarizing internal audit reports.
Domain 3
Reference: COSO ERM 2004, pgs. 86-87
117
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
These are the practice questions for module three. Answering two quick practice questions as a
group will help prepare us to do the next self-assessment. The answer key is on page 210.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
120
RIMS-CRMP Participant Notebook
EXAM PREP
Practice Questions
6
Which of the following is considered a risk analysis technique?
A.
B.
C.
D.
Budget allocation
Consensus building
Insurance placement
Monte Carlo simulation
Domain 3
118
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
The answer key is on page 210.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
121
RIMS-CRMP Participant Notebook
IMPLEMENT
Self Assessment - Implementing Risk Process
Objective: This exercise is an action planner self-assessment checklist. The objective is to self-rate your understanding
and comfort level with each task as you think about the practice questions.
• Score your knowledge and understanding of each task based on a 5-point scale with 1 being the weakest and 5 being
the strongest.
• Sum the scores.
• Divide the summed total by the total number of tasks: 6.
• Enter the quotient into the box for “Domain.”
• Transfer your Domain quotient score to the table on page 4 of the participant guide.
Self-Rank Score
Domain
Task
C
Note
Implementing Risk Process
1
Identify scope, context and criteria
2
Identify risks and opportunities
3
Analyze identified risk
4
Evaluate risk
5
Collaborate with stakeholders to identify risk solution options
6
Monitor organizational risk
Sum of self-scores by task
Divided by 6
119
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
To do the self-assessment, think about the questions you just reviewed and then think about
how comfortable you feel about the tasks that support the domain of “implementing risk
process.” If you do not prefer quantification, you can make qualitative notes / comments about
where you think you should study more to increase confidence and reduce stress.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
122
RIMS-CRMP Participant Notebook
Workshop Outline
þ Introductions, Objectives, and Expectations
þ Domain 1: Analyzing the Organizational Model
þ Domain 2: Designing Organizational Risk Strategies
þ Domain 3: Implementing Risk Process
q Domain 4: Developing Organizational Risk Competency
Domain 5: Supporting Decision Making
Exam Preparation
Recap
120
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
123
RIMS-CRMP Participant Notebook
DEVELOP
Developing Organizational Risk Competency
Domain 4
q
q
q
q
q
Engage the organization’s risk network
Deliver risk training
Coach on the risk process and techniques
Continuously improve risk management process
Integrate risk management into daily operations
ANALYZE
DESIGN
IMPLEMENT
DEVELOP
SUPPORT
ADVISE ON RISK AND RESILIENCE
121
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
There are five tasks that support the domain of developing organizational risk competency.
Remember the important implications of risk competency in an organizational sense. The
purpose is to ensure that the right risk owners in the right positions within the organization
understand what they need to do to fit in to an overarching integrated process to managing risk
and opportunity. This is a difficult objective to achieve. In module two we talked about how to
do design risk strategy. In this module we focus on how to execute risk strategy.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
124
RIMS-CRMP Participant Notebook
DEVELOP
Engage the Organization’s Risk Network
q Knowledge
§ organizational knowledge
§ risk management body of knowledge
§ foresight body knowledge
q Skills
§ documentation
§ project management
§ gap analysis
§ Communication, rapport building, active listening
§ networking
§ researching
§ Interpersonal, small group facilitation, public speaking
§ adaptability
§ inquisitiveness
§ envision drivers of change
122
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
125
RIMS-CRMP Participant Notebook
DEVELOP
Engage the Organization’s Risk Network
Confirm key relationships across the
value chain
Develop stakeholder engagement
plan
Meet with stakeholders, as required
Adapt organizational risk
management strategy based on
stakeholder's feedback
123
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
These are the four steps that support the task of engaging an organization’s risk network.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
126
RIMS-CRMP Participant Notebook
DEVELOP
Engage the Organization’s Risk Network
Coordinated risk assessments, monitoring, communications and reporting to leadership
Audit
Compliance
• Operations
• Controls assessment
• Anti-money laundering
• Financial reporting
reliability
• Fraud
Technology
• Compliance program
• Laws and regulations
• Contracts and service
level agreements
• Privacy obligations
• Standards
Business Continuity
• Asset, infrastructure
and data protection
• Access management
• Detection measures
• Breach and disruption
responses
• Recovery plans
• Planning
• Emergency response
• Resilience options
• Recovery options
• Drills and exercises
Risk Management
•Risk governance
•Risk management
planning cycle
•Risk assessment
programs
•KRIs
Supply Chain
•Vendor assessments
•Diversity of supply
chain
•Resilience of supply
chain
•Disruption analyses
Strategic Planning
•Strategy planning
cycle
•KPIs
•Benchmarking
Insurance
•Insurable risk transfer
solutions
•Placement and
negotiations
•Benchmarking
•Claims administration
Legal and HR
• Code of Conduct
• Ethics violations
reporting and
disciplinary measures
• Privacy
Safety & Health
• Workplace hazards
• Safety training
• Personal protection
Environmental
• Environmental
sustainability initiatives
• Regulations and
standards
• Monitoring
• Incident response
Security
•Facility and asset
protection
•Executive protection
Coordinated risk assessments, monitoring, communications and reporting to operations and other major support groups
124
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
The departments or functions in an organization that comprise a risk network will vary
depending on the structure and purpose. This hypothetical example offers a view into how to
map out a risk network and then identify key relationships within those departments or divisions.
The top of the graphical representation shows the role and position of executive leadership, and
the bottom of the graphical representation shows how each division or department supports
operations (or the group that is dedicated to providing the main product or service of the
organization).
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
127
RIMS-CRMP Participant Notebook
DEVELOP
Group Breakout: How to Engage the Organization’s Risk Network
Exercise goal: to identify ways to engage an organization’s risk network in the case
study.
q Refresh your understanding of the fact pattern from the case study your group
selected.
q Re-read the organizational chart.
§ Select at least two threats and two opportunities
• Utilize the RACI table on the next slide (and in your participant notebook) to
identify how the risk network would engage leadership.
125
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
This small group activity is designed to focus on engaging an organization’s risk network.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
128
RIMS-CRMP Participant Notebook
DEVELOP
Explain How to Engage the Organization’s Risk Network
Threat /
Opportunity
al
Responsible (R) Accountable (A)
Consult (C)
Inform (I)
i
nc
na
Fi
th
or
ts w T: Negat ive impact
e
Cr
t o ear nings and
reputat ion f rom f ines
and penalt ies
(regulat or y
compliance)
126
CFO, Legal
EVP, Mar ket ing and
Sales
HR
CEO, Boar d
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
Time will pass quickly. The example from Crestworth Financial above shows how to be short
and to the point.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
129
RIMS-CRMP Participant Notebook
DEVELOP
Deliver Risk Training
q Knowledge
§ audience
§ risk management fundamental
§ educational methodology and design
§ learning principles
§ educational media and technologies
§ curriculum development
§ learning objectives
q Skills
§ presentation
§ facilitation
§ engagement
§ software
§ curriculum development
§ gap analysis
§ needs assessment
127
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
130
RIMS-CRMP Participant Notebook
DEVELOP
Deliver Risk Training
Competence: ability to
apply knowledge and
skills to achieve intended
results (ISO 17024)
Addressed the need
Or identifies new needs.
Identify educational
needs
Evaluate
effectiveness of
training
Conduct training
Identify existing
training
Addressed the need, but should improve.
Match training to
audience
Schedule training
Develop and
validate training
128
Conduct gap
analysis between
existing training
and needs
Match media to
audience
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
These are the nine steps that support the task of delivering risk training. The list of steps may
look overwhelming, but to effectively deliver training is labor intensive. The ISO definition of
competence is a reminder of the high standard that we use to define “effective training” which is
to see that intended results were achieved by delivering the training. We’ll focus on two
examples that highlight various steps of the nine.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
131
RIMS-CRMP Participant Notebook
DEVELOP
Deliver Risk Training
q Identify needs
q Identify existing training
§ Ability to leverage
existing resources
q Gap analysis between
needs and existing
training
q Audience analysis
129
Audience
Item
Executive
Leadership
Risk
Committee
Risk
Champions
Frontline
Managers
Learning
objectives
strategic
strategic
comprehensive
tactical
Curriculum
development
general
comprehensive
comprehensive
specific
Channel
Written / inperson
Written / inperson
Written / inperson
Written / inperson / webbased
Delivery
schedule
annually
annually
monthly
quarterly / on
demand
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
This is an actual example that comes from an international oil and gas transportation company.
The table is an extension of slide 85. Here we highlight the execution components on the left
side of the table and contrast the different requirements by four audience types.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
132
RIMS-CRMP Participant Notebook
DEVELOP
Deliver Risk Training
Which risk management
competencies are you
trying to develop?
Which gaps are you
trying to fill?
For what purpose?
130
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
This slide offers another approach to executing the steps in delivering training. It offers a
systematic way to develop training that is relevant and supports specific competencies in risk
management.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
133
RIMS-CRMP Participant Notebook
DEVELOP
Coach the Organization on Risk Process
q Knowledge
§ organization
§ behavior modification
§ risk management process and techniques
q Skills
§ coaching
§ technical
§ providing feedback
§ patience
§ motivational skills
§ gap analysis
§ needs assessment
131
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
134
RIMS-CRMP Participant Notebook
DEVELOP
Coach the Organization on Risk Process
Confirm
coaching needs
Addressed the need, or identifies
new needs.
Evaluate
effectiveness of
coaching
Addressed the need,
but should improve.
Engage in
coaching
132
Conduct gap
analysis
Match coaches
to targeted
stakeholders
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
These are the five steps that support the task of coaching the organization on risk process.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
135
RIMS-CRMP Participant Notebook
DEVELOP
How to Coach an Organization on Risk Process
Training
Instruct and facilitate as an
expert on the topic.
Coaching
Listen and facilitate
Approach
Conveys desired practices and
behaviors to modify
“conventional” thinking about
risk management
Questions current practices and
“conventional” thinking about an
issue concerning strategy,
tactics or performance.
Provides feedback and advice.
Structure
Designed to impart
knowledge, skills and
information for broad
audience through learning
objectives
Designed for conversations in
one-on-one or small group
situations to solve a specific
issue
Style
Coach or Train?
Examples of coaches
§ Risk champions
§ Executive
sponsors
§ Other leaders
(remember, they
may be informal)
“Talk less, listen more.”
Source: RIMS online RIMS-CRMP Kickstarter course, 2018
All rights reserved.
133
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
A valuable cross reference slide to this one is slide 86 that talks about formal versus informal
communication. Coaching may be more common -and required- with influencers within the
organization such as key executives, risk champions, and risk owners.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
136
RIMS-CRMP Participant Notebook
DEVELOP
How to Coach an Organization on Risk Process
Stakeholder
Coach
Key supplier
Executive
Manager
Frontline
Worker
formal
internal
q Identify needs
q Identify existing coaching
§ Ability to leverage
existing relationships
q Gap analysis between needs
and existing coaching
q Stakeholder analysis
informal
external
formal
134
informal
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
This table offers a way to identify other stakeholders in addition to key executives, risk
champions, and risk owners who need coaching. The addition of formal versus informal
attributes on the left column combined with external and internal positions help cast a wider net
for identifying individuals who can help with a risk management implementation.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
137
RIMS-CRMP Participant Notebook
DEVELOP
Continuously Improve Risk Management Process
q Knowledge
§ continuous improvement concepts, principles
§ maturity models
§ evolving risk management practices
§ process controls
§ return on investment (ROI)s
q Skills
§ observation
§ interpretation
§ analytics
§ persistence
§ data management
§ skills in adapting to changing environments
§ organizational change management
§ persuasion
135
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
138
RIMS-CRMP Participant Notebook
DEVELOP
Continuously Improve Risk Management Process
Identify continuous
improvement
opportunities and
options
Implement
improvements as
necessary
Continuously monitor
results of chosen
options
136
Validate continuous
improvement options
with stakeholders
Implement continuous
improvement options
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
These are the five steps that support the task of continuously improving the risk management
process. In implementing risk process, slide 114, we looked at monitoring risk. This task is
similar from a process standpoint but focuses on the risk management process itself. It is a
form of meta-analysis or “analyzing the analysis.” We look at two e amples to highlight various
steps.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
139
RIMS-CRMP Participant Notebook
DEVELOP
Continuously Improve Risk Management Process
ISO 3100:2018, Used with Permission
137
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
The graphic on the left-hand side of the slide comes from a self-assessment tool developed by
RIMS to measure effectiveness and maturity of enterprise risk management (ERM) programs.
The right side of the slide is a highlight of the framework portion of the ISO graphic from slide
70.
The entire checklist is provided in the appendix of the participant notebook.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
140
RIMS-CRMP Participant Notebook
DEVELOP
Continuously Improve Risk Management Process
q Identify continuous
improvement
opportunities
§ Formal review –
summative
evaluation
§ Dynamic review –
formative
evaluation
q Validate continuous
improvement options
with stakeholders
q Implement continuous
improvement options
q Monitor results
q Modify as necessary
138
Source: Leveraging the New RIMS Risk Maturity Model (RMM), 2022
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
The graphical representation comes from the RIMS risk maturity model that was revised in
2022. Slide 67 showed the maturity levels and slide 33 showed the maturity levels combined
with the attributes. The results of validation and monitoring results can be organized by these
categories to prioritize work that needs to be done.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
141
RIMS-CRMP Participant Notebook
DEVELOP
Integrate Risk Management into Daily Operations
q Knowledge
§ organizational knowledge and governance
§ internal and external environments
§ process management
§ policies and procedures of the organization
§ roles and responsibilities
§ regulatory framework
§ supply chain
§ competitive landscape
§ risk landscape
§ risk management techniques
§ organizational risk culture
§ organizational risk escalation,
communication and reporting
§ internal control frameworks
139
q Skills
§ sales and marketing
§ persuasion
§ analysis
§ persistence
§ strategic thinking
§ facilitation
§ monitoring, oversight, and enforcement
§ documentation
§ project management
§ gap analysis
§ communication
§ problem solving
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
142
RIMS-CRMP Participant Notebook
DEVELOP
Integrate Risk Management into Daily Operations
140
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
These are the three steps that support the task of integrating risk management into daily
operations.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
143
RIMS-CRMP Participant Notebook
DEVELOP
Integrate Risk Management into Daily Operations
q Organizations at times manage risk in two
fundamentally different ways:
§
Individual risk, on a largely
compartmentalized and decentralized basis
OR
§ Risks viewed as an interrelated portfolio
within a coordinated and strategic enterprisewide risk management framework.
Graphic from RIMS Strategic and Enterprise Risk Center
(Fox, Epstein, 2010)
141
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
The graphical representation offers a way to think about an integrated approach to ERM versus
a siloed approach. Working from the bottom up, we see how specific risks lead to control
options that support common ERM attributes. In turn, the ERM attributes support overall
(aggregated) loss tolerance risk positions within an organization that are within acceptable
ranges. Culture and governance attributes act as the cohesive force between the two levels of
analysis.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
144
RIMS-CRMP Participant Notebook
DEVELOP
Integrate Risk Management into Daily Operations
Vision
Mission
Strategic Risk
Strategic Objectives and Measurements
Client
Satisfaction
Regulatory
Compliance
Organizational
Efficiency
Talent
Management
Financial
Risk Process
LOB/Business Unit Plans and Measurements
Day-to-day Operations and Decision Making
Risk
Process
Tactical Risk
142
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
This graphical representation offers a simple way to ensure that specific risk process is
incorporated in the correct way at different levels of analysis in an organization. At higher levels
of analysis, risk process is more strategic whereas it is more tactical at lower levels of analysis.
An example would be client satisfaction that has specific measures of success at the
appropriate line of business (LOB) level that are in turn supported by decisions that are being
made on a daily basis by those who are closest to product or service delivery.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
145
RIMS-CRMP Participant Notebook
EXAM PREP
Practice Questions
7
After validating the training curricula, a risk management professional
A.
B.
C.
D.
develops training.
develops and schedules training.
matches training to audience.
schedules and conducts training.
Domain 4
143
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
These are the practice questions for module four. Answering the practice questions as a group
will help prepare us to do the self-assessment. The answer key is on page 210.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
146
RIMS-CRMP Participant Notebook
EXAM PREP
Practice Questions
8
STEEP is a method used for strategic planning. The acronym STEEP stands
for _____.
A.security, technical, emerging, external, profit
B.social, technological, economic, environmental, political
C.standard, technique, enterprise, environmental, process
D.social, theory, external, engaging, program
Domain 4
Reference: RIMS Strategic Risk Management Implementation Guide, 2012, p. 37.
144
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
The answer key is on page 210.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
147
RIMS-CRMP Participant Notebook
DEVELOP
Self Assessment- Developing Organizational Risk Competency
Objective: This exercise is an action planner self-assessment checklist. The objective is to self-rate your
understanding and comfort level with each task as you think about the practice questions.
• Score your knowledge and understanding of each task based on a 5-point scale with 1 being the weakest and 5
being the strongest.
• Sum the scores.
• Divide the summed total by the total number of tasks: 5.
• Enter the quotient into the box for “Domain.”
• Transfer your Domain quotient score to the table on page 4 of the participant guide.
Self-Rank Score
Domain
Task
D
Note
Developing Organizational Risk Competency
1
Engage organization's risk network
2
Deliver risk training
3
Coach organization on the risk process and techniques
4
Continuously improve risk management process
5
Integrate risk management into day-to-day operations
Sum of self-scores by task
Divided by 5
145
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
To do the self-assessment, think about the questions you just reviewed and then think about
how comfortable you feel about the tasks that support the domain of “developing organizational
risk competency.” f you do not prefer quantification you can make qualitative notes /
comments about where you think you should study more to increase confidence and reduce
stress.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
148
RIMS-CRMP Participant Notebook
Workshop Outline
þ Introductions, Objectives, and Expectations
þ Domain 1: Analyzing the Organizational Model
þ Domain 2: Designing Organizational Risk Strategies
þ Domain 3: Implementing Risk Process
þ Domain 4: Developing Organizational Risk Competency
Domain 5: Supporting Decision Making
Exam Preparation
Recap
146
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
149
RIMS-CRMP Participant Notebook
SUPPORT
Domain 5
Supporting Decision Making
q Explain how to influence risk-based decision making.
q Advise on risk and resilience decisions.
ANALYZE
DESIGN
IMPLEMENT
DEVELOP
SUPPORT
ADVISE ON RISK AND RESILIENCE
147
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
While there are only two tasks that support the duty of supporting decision making, they are
significant in that they incorporate everything done in modules one through four, and they
represent an advanced application of risk process and procedure.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
150
RIMS-CRMP Participant Notebook
SUPPORT
Influence Risk-based Decision Making
q Knowledge
§ decision science frameworks
§ organizational knowledge
§ organizational cultures
§ outcome stability
§ impact analysis
q Skills
§ influencing others
§ coaching
§ facilitation
§ consensus building
148
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
151
RIMS-CRMP Participant Notebook
SUPPORT
Influence Risk-based Decision Making
Facilitate continuous risk dialog on
organizational resilience
Advocate risk based solutions for key
organizational decisions
Facilitate risk based discussion on key
organizational decisions
Evaluate which decisions have the greatest
impact on the organizational model
Characterize risk-taking attitudes of the key
decision makers and influencers
Identify the key decision makers and
influencers
Identify the characteristics and stakeholders
at each stage of the decision making process
149
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
These are the seven steps that support the task of influencing risk-based decision making. An
example of influencing is persuading risk owners to take action that results in a residual risk
position that stays within risk appetite and tolerance. Such an approach may require a risk
professional to encourage a risk owner to move past their loss aversion bias and take on more
risk. Sometimes it may involve telling the risk owner that they have taken on too much risk
without understanding the broader impact to the organization.
Almost always, the role of the risk professional is to support and advise rather than mandating
or directly controlling. The exception is when the risk professional is accountable for certain key
risks or initiatives.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
152
RIMS-CRMP Participant Notebook
SUPPORT
Influence Risk-based Decision Making
q Decision making environment
150
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
This “nine-bo ” comparison highlights the first step of identifying the stage of decision and the
fourth step of identifying the impact of the decision on the organization. Generally, the goal is to
move from the upper right box to the upper left box (in high impact decision environments).
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
153
RIMS-CRMP Participant Notebook
SUPPORT
Influence Risk-based Decision Making
151
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
Not all decisions require intense effort to manage. With well-established process, automatic
decisions should fall into predictable patterns that fit into the “automatic bo .” ur focus is more
on those decisions that either more complex or have strategic importance for the organization.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
154
RIMS-CRMP Participant Notebook
SUPPORT
Influence Risk-based Decision Making
Anchoring / Framing
Cognitive bias
influences
perception and can
lead to faulty
decisions and
unexpected
outcomes.
Belief / Conformance
Confirmation / Belief
Self- or group-centric
Hindsight
152
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
Cognitive bias is a significant influencing factor in decision making. On slide 40 we identified 3
tactical and 3 strategic biases. Here we see three more:
▪
▪
▪
▪
▪
Framing: slide 40
Conformance: The influence of peer pressure and being part of the group.
Confirmation bias: slide 40
Self or group centric: Egocentric (favor yourself) or group think (favor the group)
Hindsight Bias: “knew it all along”
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
155
RIMS-CRMP Participant Notebook
SUPPORT
Group Breakout: Influence Risk-Based Decision Making
Exercise goal: to apply risk-based decision making to the case study.
q Refresh your understanding of the fact pattern from the case study you selected.
q Find a decision that is being contemplated by the organization.
§ Identify the decision making environment.
§ Identify the stakeholders.
§ Identify the decision maker(s).
§ Confirm the decision maker’s accountability.
§ Characterize his or her risk taking attitude.
§ Identify ways risk-based decision making can support the decision.
153
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
This small group activity is designed to apply risk-based decision making to the case studies.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
156
RIMS-CRMP Participant Notebook
Time will go by quickly. The example from Timberwolf shows how to be short and to the point.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
157
RIMS-CRMP Participant Notebook
SUPPORT
Influence Risk-based Decision Making
Facilitating Risk Discussions in Decision Making
Rational decision making is:
A method for systematically
selecting among possible choices
that are based on reason and
facts.
In a rational decision making
process, a business manager will
often employ a series of analytical
steps to review relevant facts,
observations and possible
outcomes before choosing a
course of action.Source: www.businessdictionary.com
155
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
Often individuals think they are basing their decisions on facts but sometimes they do not have
as clear of an understanding of the risks and rewards.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
158
RIMS-CRMP Participant Notebook
SUPPORT
Influence Risk-based Decision Making
Decision Trees Help Drive Rational Choices
Rational Choice Theory
An economic principle
that assumes that
individuals always make
prudent and logical
decisions.
Source: www.investopedia.com
…but does not account for preferences and bias.
156
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
Decision trees are an effective tool to identify facts and support rational decisions. They may
help uncover bias, but do not account for qualitative preferences.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
159
RIMS-CRMP Participant Notebook
SUPPORT
Influence Risk-based Decision Making
Decision Trees Help Drive Rational Choices
q Large Group activity: Decision and Risk Demonstration
§ You have an opportunity to invest $20 with an uncertain return.
§ Your investment will not be returned!
§ To simulate uncertainty, we will use a deck of four playing cards consisting of two
aces and two kings.
§ We will shuffle the cards, place them face down, and then draw two cards.
§ If we draw two aces, you will receive $60.
§ If we draw an ace and a king, you will receive $30.
§ If we draw two kings, you will have to pay an additional $18 and receive nothing. So
the worst outcome is a total out-of-pocket loss of $38.
Adapted with permission from Strategic Decisions Group, Dr. Carl Spetzler, sdg.com. Copyright remains with SDG.
157
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
Activity Goal: to look at an example of how decision trees support risk-informed decision
making.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
160
RIMS-CRMP Participant Notebook
SUPPORT
Influence Risk-based Decision Making
Decision Trees Help Drive Rational Choices
Adapted with permission from Strategic Decisions Group, Dr. Carl Spetzler, sdg.com. Copyright remains with SDG.
158
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
The $20 is an investment of money that will not be returned (sunk cost).
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
161
RIMS-CRMP Participant Notebook
SUPPORT
Influence Risk-based Decision Making
Decision Trees Help Drive Rational Choices
Four possible
outcomes:
1. Ace, Ace
2. King, King
3. King, Ace
4. Ace, King
What are the
probabilities of winning
or losing ?
Adapted with permission from Strategic Decisions Group, Dr. Carl Spetzler, sdg.com. Copyright remains with SDG.
159
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
162
RIMS-CRMP Participant Notebook
SUPPORT
Influence Risk-based Decision Making
Decision Trees Help Drive Rational Choices
Adapted with permission from Strategic Decisions Group, Dr. Carl Spetzler, sdg.com. Copyright remains with SDG.
160
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
These are the calculations of the probabilities:
1. 1/2 * 1/3 = 1/6 or 16.66% (the 16.66% is the result of rounding and using 33.33%
instead of 33% if you convert to whole numbers).
2. 1/2 * 2/3 = 1/3
3. 1/2 * 2/3 = 1/3.
4. 1/2 * 1/3 = 1/6.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
163
RIMS-CRMP Participant Notebook
SUPPORT
Influence Risk-based Decision Making
Decision Trees Help Drive Rational Choices
q We are not wired to make
good judgements about
uncertain situations, even
relatively simple ones.
q Math helps make the
choice.
Would
you like
to invest?
Adapted with permission from Strategic Decisions Group, Dr. Carl Spetzler, sdg.com. Copyright remains with SDG.
161
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
The expected value formula is easy to follow but the $7 ending expected value might be a less
obvious because of the sunk cost. Keep in mind that if the expected value is $27 and the
nonrefundable investment was $20, then the risk adjusted return is $7, not $60 as some may
have thought at the beginning of the exercise.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
164
RIMS-CRMP Participant Notebook
SUPPORT
Influence Risk-based Decision Making
Decision Trees Help Drive Rational Choices
q Contributions risk makes to quantitative
decision making
§ Keep an eye on guaranteed losses (i.e.,
sunk costs).
§ Uncertainty about the future can be
expressed with probabilities.
§ Probability is an expression of our belief
about uncertainties.
§
§
§
§
Intuition is a poor processor of
probabilities; don’t trust your intuition
when it comes to uncertainty.
The quality of a decision can be
understood at the time of decision
A good decision can have a good or a
bad outcome
The expected value (EV) can be
calculated
What about less quantitative decisions?
§ Indirect measurement of guaranteed
losses (e.g., time and overhead).
§ Uncertainty about the future can be
expressed with probabilities (e.g.,
Delphi technique).
§ Probability is an expression of our
belief about uncertainties (e.g., Likert
scales).
Adapted with permission from Strategic Decisions Group, Dr. Carl Spetzler, sdg.com. Copyright remains with SDG.
162
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
Even after relevant facts have been identified and potential bias have been uncovered, decision
makers may still choose to take on risk or make investments that do not seem as attractive or
beneficial as they originally did. There is a difference however between making a risk-informed
decision rather than just “going with your gut.”
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
165
RIMS-CRMP Participant Notebook
SUPPORT
Facilitating Risk Discussions
Objectives
Decision-making steps
Related uncertainties
1. Frame: issue/need defined
Is solving this problem or realizing this opportunity worthwhile?
2. Doable alternatives
What options are available and how effective or disruptive will each one be in solving the problem or realizing
the opportunity? What unintended consequences will this alternative create?
3. Meaningful, reliable information
Is the information accurate, applicable, and useful and how will this affect the decision-making process? What
different interpretations of the data are possible and how will each one affect the decision-making process?
4. Developing options
How feasible, acceptable, or desirable is each option and which will be most useful in achieving the objective?
5. Clear values and trade-offs
In pursuing each option, what are the consequences of making the trade-offs that will be needed? How clearly
is the expected value understood?
6. Logically correct reasoning
What biases may be influencing reasoning?
7. Acting on the decision
Are there resources available for allocation to the decision? How readily will the decision be accepted and
supported by stakeholders?
Adapted from Dr. Lianne Appelt comments on ISO 31000, and A Cultural Approach to Decision Making Presentation at RIMS
2011 ERM Conference by Dr. Carl Spetzler
163
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
This table identifies different uncertainties related to decision making steps and help the risk
professional target different tools and techniques that support rational decision making.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
166
RIMS-CRMP Participant Notebook
SUPPORT
Facilitating Risk Discussions
Risk Management Professional Roles in Decision Discussions
Risk management facilitation methods,
processes and goals may vary according to
context:
§ strategy
§ project management
§ security
§ engineering
§ industrial processes
§ financial portfolios
§ quality
§ compliance
§ information technology
§ environmental
§ social responsibility
§ business continuity
§ operations
§ public / worker health and safety
164
Strategic Advisor
Facilitator
Full participant
Query and challenge
Spectator
Coordinator
Observe and Scribe
Logistics and Reporting
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
Risk professionals will take on different roles in facilitating decision making ranging from full
participant (with corresponding responsibility or accountability) to just being a spectator and
monitoring the process for leading indicators that trigger the need for applying additional
resources in the decision-making process.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
167
RIMS-CRMP Participant Notebook
SUPPORT
Advise on Risk and Resilience Decisions
q Knowledge
§ foresight body knowledge
§ envision drivers of change
§ internal and external environments
§ risk landscape
§ risk management techniques
§ organizational risk culture
§ organizational risk escalation,
communication and reporting
§ internal control framework
§ organizational resilience body of
knowledge
§ knowledge of industry vertical
§ knowledge of industry disruptors
165
q Skills
§ consensus building
§ influencing others
§ coaching
§ facilitation
§ scanning and researching
§ skills in adapting to changing
environments
§ organizational change management
§ persuasion
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
168
RIMS-CRMP Participant Notebook
SUPPORT
Advise on Risk and Resilience Decisions
Escalate discussion
and decisions on
new, changing, and
emerging risks as
necessary
Recommend risk
based solutions to
support
organizational
resilience
Advise on the
potential options to
respond to new,
changing, and
emerging risks
Continuously
monitor and
evaluate
environment for
new, changing,
and emerging risk
166
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
These are the four steps that support the task of advising on risk and resilience decisions.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
169
RIMS-CRMP Participant Notebook
SUPPORT
Advise on Risk and Resilience Decisions
A risk management professional is
a partner who supports the
organization to leverage the
opportunities and uncertainties
associated with its goals and
objectives.
Risks related
to goals and
objectives
- From RIMS-CRMP Handbook
Risk management professionals
[across multiple specialties] lead
the development and
implementation of risk
management practices that enable
an organization to make riskeffective decisions that create and
sustain value.
- From RIMS-CRMP Handbook
167
Source: RIMS Strategic Risk Management Implementation Guide 2012. All rights reserved.
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
These definitions come from the RIMS CRMP handbook (link on slide 202). The graphical
representation was originally shown on slide 16 and is repeated now to remind us to think about
how “risk as opportunity” and “uncertainty” are relevant to a new approach to integrated risk
management.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
170
RIMS-CRMP Participant Notebook
Future Focused Emerging isk and pportunity Scanning
Emerging
eriodic
eport
E
nterviews
rioritization
E ternal
Scanning
•
•
•
robability
mmediacy
mpact
•
•
•
mportance
elevance
Uncertainty
•
Trends /
events
mplications
•
16
2 22
esilience
perational
Strategic
Vision and
ission
•
•
AC
isk
Stability
Coherence
C
isk and nsurance
anagement Society nc . All rights reserved. Confidential and roprietary . Do not disclose without
written permission from
S eneral Counsel.
This graphical representation shows how resilience is supported by focusing on the following:
1. Combine environmental scanning with internal data collection to gather relevant
information.
2. Prioritize both key risks and opportunities. Probability and impact feed into traditional
risk registers. Relevance and uncertainty feed into scenario planning for strategic
planning.
3. Emerging risks and strategic direction evolve from the prioritization stage.
4. Resilience is a combination of operational resilience in the traditional sense of being
able to absorb shocks and a strategic sense in terms of being able to adapt and grow in
a dynamic environment. The second type of resilience is sometimes referred to as
adaptive resilience.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
171
RIMS-CRMP Participant Notebook
This graphical representation comes from the World Economic Forum’s report on emerging
risks from 2010. 2010 was chosen on purpose to give the opportunity to apply hindsight and
determine if the predictions were accurate.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
172
RIMS-CRMP Participant Notebook
SUPPORT
Advise on Risk and Resilience Decisions
Future focused scanning based on key forces
q Risk to strategy – Is there uncertainty that could reduce chances of success?
q Risk from strategy – Is the vision or mission of the organization creating uncertainty or risk?
q Strategic redirection – Should the organization consider changing its vision, mission, or objectives?
Social
Political
Economic
Competitive
Environmental
Customers
Global protectionism
Capital availability
Customer shift
Information availability
Climate change
Demographics
Political instability
Interest rates
Competitor
strengths/weaknesses
Intellectual properties
Water availability
Talent shortage
Regulatory changes
Financial market
stability
New bio uses
Research trends
Global prices
Natural disasters
Market demand
Tariffs / tax
Clash events
Market selection
Taxation
Pricing of key
components
170
Technological
Scientific
breakthroughs
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
This is a variation of PESTLE or STEEPLE analysis with the important addition of a category for
competition. The categories offer a way to think through the three important questions
regarding forward-looking aspects of risk and strategy.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
173
RIMS-CRMP Participant Notebook
SUPPORT
Group Breakout: Advising on Risk and Resilience Decisions
Exercise goal: to practice advising on risk and resilience decisions based on the case
study.
q Refresh your understanding of the fact pattern from the case study you selected. Think
about the broader context impacting the case beyond what is written in the fact pattern.
q Answer the three key strategy questions by:
§
§
171
Performing an environmental scan of key forces impacting the organization.
Document insights related to the three questions.
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
Activity Goal: to practice advising on risk and resilience decisions based on the case study.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
174
RIMS-CRMP Participant Notebook
SUPPORT
Group Breakout: Advising on Risk and Resilience Decisions
Social
Political
Economic
Competitive
Technological
Environmental
Future focused questions:
q What uncertainties could reduce chances of success?
q Is the vision or mission of the organization creating uncertainty or risk? How?
q Should the organization consider changing its vision, mission, or objectives? How?
172
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
Use this slide to take notes for the report back.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
175
RIMS-CRMP Participant Notebook
EXAM PREP
Practice Questions
9
What is the role of risk management in the strategic planning process?
A.
B.
C.
D.
Challenge the decisions made.
Develop risk treatment plans.
Draft the decisions to be made.
Identify threats and opportunities.
Domain 5
173
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
These are the practice questions for module five. Answering practice questions as a group will
help prepare us to do the self-assessment. The answer key is on page 210.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
176
RIMS-CRMP Participant Notebook
EXAM PREP
Practice Questions
10
How can an ERM heat map help to facilitate discussion for a risk committee?
A. It provides a risk register for an organization to be able to review all risks.
B. It identifies how mitigation efforts could affect frequency and severity of a risk.
C. It provides a map for insurance companies to price an organization’s premiums.
D. It can help benchmark risks for comparison with others in the industry.
Domain 5
Reference: CGMA Tools: How to Communicate Risks Using a Heat Map, AICPA: New
York, NY, 2012
174
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
The answer key is on page 210.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
177
RIMS-CRMP Participant Notebook
SUPPORT
Self Assessment – Advise on Risk and Resilience Decisions
Objective: This exercise is an action planner self-assessment checklist. The objective is to self-rate your
understanding and comfort level with each task as you think about the practice questions.
• Score your knowledge and understanding of each task based on a 5-point scale with 1 being the weakest and 5
being the strongest.
• Sum the scores.
• Divide the summed total by the total number of tasks: 5.
• Enter the quotient into the box for “Domain.”
• Transfer your Domain quotient score to the table on page 4 of the participant guide.
Self-Rank Score
Domain
Task
E
Note
Supporting Decision Making
1
Influence risk-based decision making
2
Advise on risk and resilience decisions
Sum of self-scores by task
Divided by 2
175
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
To do the self-assessment, think about the questions you just reviewed and then think about
how comfortable you feel about the tasks that support the domain of “supporting decision
making.” f you do not prefer quantification you can make qualitative notes / comments about
where you think you should study more to increase confidence and reduce stress.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
178
RIMS-CRMP Participant Notebook
Workshop Outline
þ Introductions, Objectives, and Expectations
þ Domain 1: Analyzing the Organizational Model
þ Domain 2: Designing Organizational Risk Strategies
þ Domain 3: Implementing Risk Process
þ Domain 4: Developing Organizational Risk
Competency
þ Domain 5: Supporting Decision Making
Exam Preparation
Recap
176
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
179
RIMS-CRMP Participant Notebook
EXAM PREP
RIMS-CRMP Exam Preparation
Exam Preparation
q Knowledge of content
q Examination process and logistics
q Practice questions
177
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
180
RIMS-CRMP Participant Notebook
EXAM PREP
Knowledge of Content
Action Planner: Self-assessment checklist
§
§
§
Enter self-scores for each domain.
Then, sum the score and divide by five.
Then enter the quotient into the box for “Average”
§
There is no report back for this individual exercise.
Self-Rank Score
Overall
Domain
Exam Weight
Rank
Note
Domain
A
Analyzing the Organizational Model
16%
B
Designing Organizational Risk Strategies
26%
C
Implementing Risk Process
32%
D
Developing Organizational Risk Competency
16%
E
Supporting Decision Making
10%
Sum of self-scores by task
Average (Divided by 5)
178
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
The final self-assessment checklist activity is already done since you have already transferred
average scores by domain into this slide throughout the workshop. You can now calculate your
overall confidence level. Also, by comparing scores to the potential contribution of a domain to
the exam, gap analysis can be performed to identify which domains require additional
preparation work. The column for rank offers you an opportunity to prioritize which domains
you should study first.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
181
RIMS-CRMP Participant Notebook
EXAM PREP
Knowledge of Content
Benefits of self-assessment
q Helps
§ select additional resources to read.
§ allocate study and preparation time.
§ set improvement goals
• See participant notebook for a blank self-assessment that can be used for
benchmarking.
• Consider having a supervisor or peer rate you as well.
179
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
182
RIMS-CRMP Participant Notebook
EXAM PREP
Eligibility Requirements to Apply for RIMS-CRMP
q Candidates can have one of the below combination of qualifications
§ Bachelor’s degree or higher (or global equivalent) in risk management, and one
year of full-time work experience (or full-time equivalence) in risk management
OR
§ Student enrolled in the final year of a bachelor’s degree program or higher (or
global equivalent) in risk management.
OR
§ Bachelor’s degree or higher (or global equivalent) in non-risk management area of
study, and three years of full-time work experience (or full-time equivalence) in risk
management.
OR
§ Non-degree applicant, and six years of full-time work experience (or full-time
equivalence) in risk management.
180
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
183
RIMS-CRMP Participant Notebook
EXAM PREP
Process for Applying
q If eligible, complete the online application at rimscrmp.rims.org
q Before you start your application, make sure your supporting documents are ready.
§ Official university transcript
§ Letter from the Registrar confirming dates of attendance—grades not required.
(Copies of photographs of a diploma will not be accepted.)
§ Employment verification form (Supervisor or HR Manager signature required)
Commitment to Impartiality:
RIMS membership is not a prerequisite for certification.
Achieving certification does not constitute RIMS membership.
RIMS and RIMS-CRMP does not discriminate on the basis of sex, race, religion, national origin, marital status or physical disabilities.
RIMS understands the importance of impartiality in carrying out its certification activities, manages conflicts of interest and ensures the objectivity of its certification activities.
181
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
184
RIMS-CRMP Participant Notebook
EXAM PREP
Sign Up for the Exam
After approval
q You must take the exam within your authorized six-month timeframe
q Visit www.PearsonVUE.com/RIMS to schedule your exam at a testing center or
remotely from your home or office
q Pearson VUE Test Centers are worldwide, Find your nearest testing
center: https://home.pearsonvue.com/rims
q Learn more about remote testing at https://www.rims.org/certification/rimscrmp/remote-exam
182
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
185
RIMS-CRMP Participant Notebook
ndividual versus group
Find an e pert / mentor
Support or lead a new project at work
Hearing
Writing
1 3
2 22
isk and nsurance
anagement Society nc . All rights reserved. Confidential and roprietary . Do not disclose without
written permission from
eading
S eneral Counsel.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
186
RIMS-CRMP Participant Notebook
EXAM PREP
Approaches to Memory and Retention
q Utilize self-testing: read, recall, and review rather than just reading and taking notes.
The impact is significant.
q Other tips
§ Organize
§ Find meaning: mnemonics or visual cues.
§ Prepare (i.e., avoid cramming)
§ Notes and flashcards. The flashcards will help with self-testing.
184
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
187
RIMS-CRMP Participant Notebook
EXAM PREP
Strategies for Analysis of an Exam Question
q Format
§ Stem
§ Response options
§ Distractors
§ Key
q Type of questions
§ Varying complexity
§ All response options are plausible. Therefore, you are looking for the best answer.
§ All questions come from industry-accepted texts and resources.
185
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
188
RIMS-CRMP Participant Notebook
EXAM PREP
General Strategies for Taking an Exam
q Test strategies
§ Read the instructions
§ Know your time (2 hours; 120 questions)
§ Read both the question and the answers.
q Hide the response options, read the stem, attempt to answer, select the option that most
closely matches your answer.
q For tough questions
§ Eliminate obvious implausible answers if possible
§ Apply a “true false” test to each option
§ Eliminate “lookalikes”
§ If you narrow it down to two, refer back to the stem.
Remember that you are looking for the best answer not only a correct one,
and not one that must be true all of the time, in all cases, and without
exception.
186
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
189
RIMS-CRMP Participant Notebook
EXAM PREP
Test Preparation Strategies
q Utilize your RIMS-CRMP workshop participant notebook.
q Exam questions are developed from the Examination Blueprint and references.
q Use the RIMS-CRMP Examination Blueprint and related reading to guide your
exam preparation.
q References are optional and not a required reading list.
q Use your self-rankings.
187
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
190
RIMS-CRMP Participant Notebook
EXAM PREP
Testing Center
q Pearson VUE is the testing center
q Two valid IDs are required
§ Primary with picture (e.g., drivers license)
§ Secondary with signature (e.g., credit card)
q The proctored environment is strict
§ Restroom breaks are only permitted at testing centers. Breaks are not permitted
with remote exams.
§ Review Pearson VUE policies
q Remote exams
§ Download OnVUE software and conduct systems check in advance
§ Check-in thirty (30) minutes before exam start time
§ Proctor will monitor the exam via webcam and microphone
188
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
191
RIMS-CRMP Participant Notebook
EXAM PREP
Taking the Exam
q Computer based
q Exams are scored on a pass-fail basis
q Submit new application to retake the exam
q Retake opportunities
189
§
2nd time after 30 days from first attempt
§
3rd time after 90 days from second attempt
§
4th time after mandatory waiting period of 120 days
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
192
RIMS-CRMP Participant Notebook
EXAM PREP
Practice Questions
q These Practice questions are more like what you will see on the exam because
§ They are randomized
§ domain references are removed (but are included in the key)
q There are 25 additional practice questions in the participant notebook.
q The relevant domain will NOT be identified on the exam.
q Remember
§ You are looking for the best answer. Each answer is plausible
§ The two-hour computer-based exam is proctored by Pearson VUE and consists of
120 questions.
§ You can select an exam date within your authorized six-month timeframe. The
RIMS-CRMP certification exam is offered throughout the year.
190
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
There are at least three ways to approach the next ten practice questions:
1. Closest to the real thing: Attendees answer individually and then review and discuss
answers when everyone is done.
2. Collaborative: Do each question as a large group and discuss.
3. Hybrid: Do the first five as a group and the last five individually.
The answer key is on page 210. There are 25 additional practice questions in the appendix.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
193
RIMS-CRMP Participant Notebook
EXAM PREP
Practice Questions
11
What two analytical tools are particularly useful in Analyzing the
Organizational Model?
A.
B.
C.
D.
Key performance indicators and total cost of risk
Key risk indicators and gap analysis
Pareto analysis and root cause analysis
Value chain analysis and benchmarking
Reference: General knowledge. See RIMS Strategic Risk Implementation Guide, pg. 27
191
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
The answer key is on page 210. There are 25 additional practice questions in the appendix.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
194
RIMS-CRMP Participant Notebook
EXAM PREP
Practice Questions
12
The organization’s resources and internal support are ________ the risk
management strategy.
A.
B.
C.
D.
adjustable to match
inputs in the development of
metrics used to measure the value of
outcomes of the development of
Reference: Chapman, “Simple Tools and Techniques in ERM”, 2011, 2nd edition, pp. 14-15
192
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
The answer key is on page 210. There are 25 additional practice questions in the appendix.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
195
RIMS-CRMP Participant Notebook
EXAM PREP
Practice Questions
13
Risk management professionals conduct supply-chain analyses to identify
A.
B.
C.
D.
193
contingent business interruption coverage.
customer technology needs.
international regulatory requirements.
potential vulnerabilities to the organization.
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
The answer key is on page 210. There are 25 additional practice questions in the appendix.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
196
RIMS-CRMP Participant Notebook
EXAM PREP
Practice Questions
14
Which risk identification and analysis technique should a risk management professional
use in order to gather information from multiple departments in a brainstorming session
that helps to identify shared risks within an organization?
A. Checklists
B. Flowcharts
C. Workshops
D. Questionnaires
194
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
The answer key is on page 210. There are 25 additional practice questions in the appendix.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
197
RIMS-CRMP Participant Notebook
EXAM PREP
Practice Questions
15
When measuring the financial effectiveness of an organization’s risk management plan,
the risk management professional should _________.
A. determine the overall cost of risk
B. exclude risk financing costs
C. Involve the risk management committee
D. Determine the maximum level of uncertainty the organization can tolerate
Reference: Elliott, Michael, Risk Financing, 6th ed., The Institutes, 2012, p.1.9.
195
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
The answer key is on page 210. There are 25 additional practice questions in the appendix.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
198
RIMS-CRMP Participant Notebook
EXAM PREP
Practice Questions
16
Which of the following BEST guides an organization’s risk management
decision-making process?
A. risk financing opportunities
B. risk retention levels
C. risk strategy approach
D. risk treatment options
Reference: ISO 31000:2018, 4.3.
196
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
The answer key is on page 210. There are 25 additional practice questions in the appendix.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
199
RIMS-CRMP Participant Notebook
EXAM PREP
Practice Questions
17
When analyzing an organization’s value chain, which of the following would be
considered a primary activity?
A. Technological developments
B. HR management
C. Infrastructure management
D. Outbound logistics
Reference: Porter, Michael, Competitive Advantage,1st ed., Free Press, New York, NY,
1985, p.37
197
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
The answer key is on page 210. There are 25 additional practice questions in the appendix.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
200
RIMS-CRMP Participant Notebook
EXAM PREP
Practice Questions
18
Once risks have been analyzed, the risk management professional should
evaluate the risks against the risk _______.
A.
B.
C.
D.
Appetite
Monitoring plan
Treatment
Underwriting criteria
Reference: ISO 31000 5.4.4 Risk Evaluation
198
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
The answer key is on page 210. There are 25 additional practice questions in the appendix.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
201
RIMS-CRMP Participant Notebook
EXAM PREP
Practice Questions
19
What can a risk management professional recommend to management to protect an
organization’s critical infrastructure from a cyber attack?
A. implement password protocols
B. buy a tower of cyber liability insurance
C. ensure employees do not post on social media
D. monitor employees use of the internet
Reference: Cabrera, Ed, “Protecting Critical Infrastructure from Cyberattack”, Risk
Management Magazine, October 3, 2016.
199
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
The answer key is on page 210. There are 25 additional practice questions in the appendix.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
202
RIMS-CRMP Participant Notebook
EXAM PREP
Practice Questions
20
When an operational area develops a treatment for a critical risk, the risk
management professional MUST
A.
B.
C.
D.
add the risk to the risk map.
communicate the treatment plan directly with internal audit.
evaluate the dollar savings associated with the treatment.
evaluate the impact upon other areas.
Reference: ANSI/ASIS/RIMS RA 1-2015 Standard, 6.4.4.5, pg. 78
200
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
The answer key is on page 210. There are 25 additional practice questions in the appendix.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
203
RIMS-CRMP Participant Notebook
EXAM PREP
Action Planner to Obtain RIMS-CRMP
Task
Target Date
Status
Identify expected benefits from certification
today
IP
Review and comply with eligibility requirements
today
IP
Today
Done!
Apply at rims.org/certification
Review your learning style
Build a study plan around your style
Put study time on your calendar
Study according to your style (consider taking the two day prep course)
Schedule an exam date (1 – 60 days in advance)
Take exam
Get results
Plan for continuing education (or retake)
Change business cards, email signature, and obtain digital badge J
201
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
Use this checklist to track and monitor progress toward taking and passing the exam.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
204
RIMS-CRMP Participant Notebook
EXAM PREP
Resources: RIMS-CRMP Certification Handbook
q
q
q
q
q
q
q
About the Program
Eligibility Requirements
Preparing for the Examination
Scheduling the Examination
Taking the Examination
After the Examination
Maintenance of Certification and
Recertification
q RIMS-CRMP Code of Professional
Responsibility
q Policies
q Appendices
Download the candidate handbook at
www.rims.org/certification/Pages/Resour
ces.aspx
202
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
205
RIMS-CRMP Participant Notebook
EXAM PREP
Resources: RIMS-CRMP Study Guide
Learn about the general strategies for
taking the exam, how to analyze the exam
questions, what to expect at the testing
center and review the five core
competencies.
Download the study guide at
www.rims.org/certification/Pages/Resourc
es.aspx
203
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
206
RIMS-CRMP Participant Notebook
EXAM PREP
Need more study materials in specific domains?
Find related reading sources by domain at www.rims.org/certification/Pages/Resources.aspx
Top 10 References
1. Chapman, Robert. Simple Tools and Techniques for Enterprise Risk Management, 2nd ed., John Wiley &
Sons, Ltd, London, 2011.
2. Elliott, Michael. Risk Management Principles and Practices, The Institutes, Malvern, PA.
3. Fraser, J. and Simkins, B.J., Enterprise Risk Management, 1st ed., John Wiley & Sons, Inc., Hoboken, NJ.
4. Gamble, John; Thompson Jr., Arthur; Peteraf, Margaret. Essentials of Strategic Management: The Quest for
Competitive Advantage, 6th ed, 2019.
5. Hopkin, Paul. Fundamentals of Risk Management, 2018.
6. International Organization for Standardization. Risk Management - Guidelines (ISO Standard No.
31000:2018).
7. Moeller, Robert, COSO Enterprise Risk Management, John Wiley & Sons, Inc., Hoboken, NJ.
8. RIMS Executive Report, Exploring the Risk Committee Advantage, RIMS, New York, NY, 2015.
9. RIMS Executive Report, Transitioning to Enterprise Risk Management, RIMS, New York, NY, 2014.
10. Strategic Risk Management Development Council. RIMS Strategic Risk Management Implementation
Guide, RIMS, New York, NY.
204
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
There is not a textbook for the RIMS CRMP. However, this list will help you feel less
overwhelmed as you prepare.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
207
RIMS-CRMP Participant Notebook
Workshop Outline
þ Introductions, Objectives, and Expectations
þ Domain 1: Analyzing the Organizational Model
þ Domain 2: Designing Organizational Risk Strategies
þ Domain 3: Implementing Risk Process
þ Domain 4: Developing Organizational Risk
Competency
þ Domain 5: Supporting Decision Making
þ Exam Preparation
Recap
205
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
208
RIMS-CRMP Participant Notebook
RECAP
Workshop Learning Deliverables
What our objectives were:
ü
ü
ü
ü
ü
206
Become a better risk professional
Understand the five competency domains of RIMS-CRMP
Apply the five competency domains of RIMS-CRMP
Understand the components of the RIMS-CRMP certification
Start an action plan to obtain the certification
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
Thank you for your time!
Good luck!
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
209
RIMS-CRMP Participant Notebook
EXAM PREP
Practice Questions
Key
By Domain
Randomized
Question Number Domain Answer
1
1
D
207
Question Number Domain Answer
11
1
D
2
1
B
12
2
B
3
2
A
13
1
D
4
2
C
14
1
C
5
3
C
15
5
A
6
3
D
16
2
C
7
4
D
17
1
D
8
4
B
18
3
A
9
5
D
19
4
A
10
5
B
20
3
D
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
210
RIMS-CRMP Participant Notebook
RIMS MISSION:
RIMS, the risk management society®,
empowers risk professionals to
strengthen organizational resilience,
by driving strategic decision-making
and improving business outcomes.
94
© 2022 Risk and Insurance Management Society, Inc. All rights reserved. Confidential and Proprietary. Do not disclose without written permission from RIMS General Counsel.
NOTES:
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
211
RIMS-CRMP Participant Notebook
Appendix
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
1
RIMS-CRMP Participant Notebook
Self-Assessment by Domain with Detail
Self-Assessment of Duties and Tasks
Self-Rank Score
Domain
Task
A
Note
Analyzing the Organizational Model
1
Obtain internal organization information
2
Obtain external organization information
3
Conduct internal analyses on the organization
4
Assess organizational resilience
Sum of self-scores by task
Divided by 4
Self-Rank Score
Domain
B
Task
Note
Self-Rank Score
Domain
Task
Note
Self-Rank Score
Domain
Task
Note
Self-Rank Score
Domain
Task
Note
Designing Organizational Risk Strategies
1
Determine risk appetite and tolerance
2
Develop risk strategy approach
3
Define organizational risk competency and capabilities
4
Define the risk management framework
5
Obtain organizational support for risk strategy
6
Design implementation plan
7
Develop risk communication plan
Sum of self-scores by task
Divided by 7
C
Implementing Risk Process
1
Identify scope, context and criteria
2
Identify risks and opportunities
3
Analyze identified risk
4
Evaluate risk
5
Collaborate with stakeholders to identify risk solution options
6
Monitor organizational risk
Sum of self-scores by task
Divided by 6
D
Developing Organizational Risk Competency
1
Engage organization's risk network
2
Deliver risk training
3
Coach organization on the risk process and techniques
4
Continuously improve risk management process
5
Integrate risk management into day-to-day operations
Sum of self-scores by task
Divided by 5
E
Supporting Decision Making
1
Influence risk-based decision making
2
Advise on risk and resilience decisions
Sum of self-scores by task
Divided by 2
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
2
RIMS-CRMP Participant Notebook
Self-Assessment Summary
Self-Rank Score
Overall
Domain
Exam Weight
Rank
Note
Domain
A
Analyzing the Organizational Model
16%
B
Designing Organizational Risk Strategies
26%
C
Implementing Risk Process
32%
D
Developing Organizational Risk Competency
16%
E
Supporting Decision Making
10%
Sum of self-scores by task
Average (Divided by 5)
Questions to consider as you continue preparation:
1. With limited time to prepare for the exam, what are the key resources I can read -or tasks
I can do- in order to improve my chances of success on the exam?
2. Am I biased? If I had my supervisor or a co-worker fill out the checklist while thinking
about my skills, would the results be different? Could such an approach help me better
prepare for the exam?
3. What can you do in your current job or jobs to support your goals? For example, can you
ask to do projects that involve more of the skills you feel you need to improve upon?
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
3
RIMS-CRMP Participant Notebook
Case Studies: Abstracts
Timberwolf Plastics
Timberwolf Plastics, Inc. is a publicly owned, mid-sized manufacturer of injection
molding equipment that sells to the bottling and packaging industry. The company was
founded in northern Minnesota by a German immigrant in the 1920s as a small machine
and tooling shop, and, through several generations of family leaders, has grown into a
major international supplier in this “business to business” industry. The company went
public in the late 1980s and, as of 2010, has its first non-family member CEO, who in
the past couple of years has instituted greater standardization and modernization
programs.
Liberty City
Liberty City is a mid-sized city in the American Southwest with year-round warm and
sunny weather which has earned it a reputation as a popular tourist destination with a
growing community of retirees. Incorporated in 1850, it is the capital of the State of
Columbia and lies on the banks of the Gabriel River between the Santa Maria Mountains
and the Great Western plains.
Crestworth Financial
Crestworth Financial is a mid-sized, privately held, mortgage lender, headquartered in
Charlotte, North Carolina, and licensed to provide financial services in 25 states in the
US. The firm was founded in 1985 by two former bankers who saw the opportunity to
streamline the mortgage lending process through a closer partnership with real estate
developers and provide greater transparency in the process.
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
4
RIMS-CRMP Participant Notebook
Case Study: Timberwolf Plastics
Timberwolf Plastics, Inc. is a publicly owned, mid-sized manufacturer of injection molding
equipment that sells to the bottling and packaging industry. The company was founded in
northern Minnesota by a German immigrant in the 1920s as a small machine and tooling
shop, and, through several generations of family leaders, has grown into a major
international supplier in this “business to business” industry. The company went public in
the late 1980s and, as of 2010, has its first non-family member CEO, who in the past
couple of years has instituted greater standardization and modernization programs.
The company has two factories in northern Minnesota, one in Mexico, and a third in
Taiwan, and plans to build two more, one in Vietnam and another in Brazil, where the
cost of labor is cheaper and market growth potential is greater. While their risk
management team is familiar with U.S. regulations concerning financial accounting,
manufacturing, worker safety, and the environment, they are unfamiliar with the
regulations in the countries considered for possible expansion, not to mention the market
and other operational risks. Additionally, they are also looking at upgrading their
equipment and increasing their staff training in the wake of new designs and materials,
manufacturing technologies, and management and delivery systems.
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
5
RIMS-CRMP Participant Notebook
Timberwolf
Timberwolf Organization Chart-Executive Level and Major Business Units
Board of Directors
CEO/President
Executive Vice President,
Operations and Manufacturing
North American
Manufacturing and
Operations
Project
Management Office
Asia Manufacturing
and Operations
Research and
Development
Executive Vice President,
Global Sales
Chief Financial Officer
IT, Finance and HR
North America
Business Unit
Finance and
Accounting
South America
Business Unit
Risk Management
Middle East, Africa
Business Unit
Asia,
Business Unit
Vice President, Marketing
and Communications
Chief Legal Counsel
Marketing
Communications
Legal Department
Compliance
HR Department
Information
Technology
Europe,
Business Unit
Project Matrix
Special Note: Timberwolf uses a matrix organization for new products and operational technology. The
IT department handles only internal information technology and telecommunications. Environmental
safety and health is handled within the manufacturing and operations of each of the regional units.
b w
’ V
Timberwolf will be a world-class supplier of injection molding solutions.
Timberwolf is a major global supplier of injection molding solutions to the packaging and
bottling industry, providing efficient and sustainable, integrated and supported
production systems. Building on its 90+ year history, the company is a major technical
leader that adheres to the highest principles of innovation, quality, and continual
improvement. As their CE says “We engage in our work with our employees, vendor
partners, and clients in a spirit of collaboration and respect toward mutual benefits and
prosperity for our businesses and our communities.”
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
6
RIMS-CRMP Participant Notebook
Timberwolf
b w
’ M
Two years ago, at a strategic planning meeting, the company revised its mission
statement as follows:
Timberwolf will be an essential collaborator in the packaging and bottling industries.
Towards this end, the company will continue to:
•
•
•
be innovator and leader in the manufacturing of injection molding equipment;
maintain high standards of quality production and sustainable practices;
provide the highest levels of service, reliability, and responsiveness to the needs of
our clients, employees, and vendors.
The company agreed to review and revise as necessary this mission statement at every
strategic planning meeting and every five years.
Core Values
*
*
*
*
Collaboration
Respect
Sustainability
Innovation
Current Set of Challenges:
A number of major issues have impacted the company over the past decade:
•
About five years ago, the company discovered major accounting discrepancies in
its Mexico factory. An internal audit uncovered a major kick-back scheme between
a large supplier and the purchasing department. Following a major investigation
by an outside auditing firm, the employees involved in the scheme were dismissed
and the factory manager was replaced. The incident spawned a major
reexamination of policies and practices aimed at fraud and accounting
inconsistencies within the company.
•
Starting about a decade ago, one of the younger founding family members and
major shareholders made it a personal mission to champion sustainability and
environmental issues. This timely effort grew into a major initiative under which
the company implemented a large-scale ISO 14000 program. While ahead of the
curve of its competitors on this front, a community advocacy group in Taiwan has
recently uncovered illegal dumping of pollution by one of its key suppliers.
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
7
RIMS-CRMP Participant Notebook
Timberwolf
•
While on a tour of major customers in China two years ago, the Vice President of
Manufacturing recently found, totally by accident, a number of spare machine parts
for Timberwolf equipment from an unidentified third-party supplier. Not only did the
customer violate the maintenance and support agreement with Timberwolf, but of
greater concern, raised fears over the potential for Chinese manufacturers creating
knock-off equipment, in light of lax control over technical intellectual property.
Timberwolf’s economic health has been solid over the past two decades; much of the
falloff in orders in North America and Europe were made up by growth in the Asian market
and parts of Africa. Despite this, a primary concern of the board of directors lately is
balancing the financial sustainability of the company with its environmental and social
responsibilities. The packaging industry has come under increasing pressure to use
renewable resources and energy, and to focus on worker equity throughout the value
chain.
The risk management team will have to address these and other significant and emerging
issues.
Additional Detail Timberwolf Plastics
The total market for injection molding equipment globally is valued at around $11.768
billion. Timberwolf competes for this market share with the following competitors;
market share per company and country of origin are indicated below.
Market Share
Schoental GmbH
(Germany)
0
10%
7%
29%
12%
Grupo Gamba (Brazil)
Timberwolf
20%
21%
Shinzuki (Japan)
Leerman (USA)
Others
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
8
RIMS-CRMP Participant Notebook
Timberwolf
Key Performance Indicators (note: not an exhaustive list; your team will come up with
additional examples that are reasonable based on the case)
Financial
•
Sales; Growth
•
EBITDA1; Growth
•
•
•
ROA (return on assets)
ROE (return on equity
Days sales outstanding
Measure (current year)
$2.3 billion/annually
2.4% average over 10
years
$176 million/annually
2.6% average over 10
years
7%
12.6%
96 days2
Client retention
Annual Increase in # clients
78%
24
Client
•
•
Operational
•
•
•
Inventory turnover
Revenue productivity/employee
Capacity utilization
12
$1.33 million
89.5%
Staffing
•
•
•
Staff retention
Staff productivity % increase
Staff satisfaction; Scale 1-10
87%
3.4%
8.6
Additional Risks to Consider:
•
•
•
•
•
•
Market risks
Technology risks
Social/Ecological
Weather hazards:
o blizzards and flooding in the Minnesota area;
o earthquakes in Mexico;
o typhoons in Taiwan.
Foreign exchange risks.
Risk of strikes (e.g., social instability).
1
EBITDA=Earnings Before Interest, Taxes, Depreciation, and Amortization.
Timberwolf’s payment terms typically are 25% due upon the order 5 % on delivery and 25% after
installation; most equipment is financed by the purchasing company. Sales are booked upon final
payment.
2
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
9
RIMS-CRMP Participant Notebook
Case Study: Liberty City
Liberty City is a mid-sized city in the American Southwest with year-round warm and
sunny weather which has earned it a reputation as a popular tourist destination with a
growing community of retirees. Incorporated in 1850, it is the capital of the State of
Columbia and lies on the banks of the Gabriel River between the Santa Maria Mountains
and the Great Western plains.
Liberty City serves as both a center for innovative technologies and a major tourist
destination due to its natural beauty, historical and cultural sites, with nearby Native
American tribal lands and communities. The city is also a major gateway to the ski and
summer resorts nestled in the Santa Maria Mountains. Columbia State University (CTU),
on the outskirts of the city, has a sprawling campus with 10,000 full time students housed
on campus and an additional 25,000 students who commute from the surrounding metro
area or participate through online learning; CTU includes a major biomedical research
facility specializing in nuclear medicine and has spawned a number of related biotech
start-ups in the area.
The following are key statistics available for Liberty City:
Population: 785,000 residents within the city limits; an estimated 1.8 million
residents in the greater metro area; an average of 40-50,000 tourists are in the city
on any given day.
Geographical Size: 285 sq. miles
Media: The city is served by 5 regional TV news outlets, 5 local radio stations,
and one major newspaper.
Government: Mayor and City Council; 4-year voting cycle.
Major Sites: Liberty City Zoo, Columbia State Historical Museum, Columbia
Museum of Art, and the Columbia Bowl Stadium complex (includes retail,
recreational sporting activities, and entertainment venues).
Transportation: Has three interstate and 5 major highways, a beltway around the
city, and rapid bus system with dedicated bus and tandem bicycle lanes. There is
a major train line that runs through the City to major points east and west. Patrick
Henry Airport (PHA) serves the major Liberty City metro region with a dozen major
airlines serving the region.
Professional Sports Teams: The Liberty City Bells are a professional football
team that play in the Columbia Bowl (shared with CTU for football). The city has
two minor league baseball teams.
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
10
RIMS-CRMP Participant Notebook
Liberty City
Major Hospitals: Coloradas Healthcare System (1,900 beds); St. Mary Hospital
(600 beds); Columbia Health Network (850 beds), the Franklin Clinic (cancer
specialty with additional general care capacity; 1,100 beds).
Liberty City Government-Organization Chart
The Residents of Liberty City
City Council
Mayor
Director of
Communications
Office of
Internal Audit
Deputy Mayor of
Operations
IT Dept.
Police Dept.
Deputy Mayor of Health
and Human Services
Dept. of Education
Office of
Public Health and
Environment
Fire Dept.
Dept. for the Aging
Dept. of Public
Works
Dept. of People with
Disabilities and
Special Needs
Dept. of
Transportation
Dept. of Cultural and
Spiritual Affairs
Dept. of Sanitation
Office of Family and
Children Services
Dept. of Parks
and Recreation
Deputy Mayor of Finance
and Administration
Dept. of Finance
Legal Department
Office of the
City Clerk
Office of
Management
and Budget
Office of the
Inspector General
Office of
Administrative
Services
Office of Human
Resources
Office of Labor
Relations
Dept. of Design and
Construction
Dept. of Housing,
Preservation, and
Community
Outreach
Dept. of Planning
and Development
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
11
RIMS-CRMP Participant Notebook
Note: The heads of the Offices of Internal Audit, City Clerk, Management and Budget, and the Inspector General
are appointed for 4-year terms with the approval of the majority of the City Council; they may be reappointed for a
second consecutive term (8 years total). These agencies are staffed predominantly by career professionals with the
intension that they operate independently political leanings and to avoid patronage appointments.
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
12
RIMS-CRMP Participant Notebook
Liberty City
Vision and Goals:
Every four years the mayor and city council convene a strategy meeting on the goals for
the ne t four years based on the city’s vision statement.
Vision Statement:
Liberty City is an exciting, vibrant, and growing community with a rich cultural
history in the mountainous American Southwest.
Four-year goals:
To establish a sustainable, healthy and prosperous community for all segments of
society Liberty City will:
•
•
•
•
•
•
Ensure that everyone in our community is able to fully participate in our
economy and have access to housing, healthcare, healthy food choices,
and education.
Commit to the safety and security of all of our citizens, including the
emotional and social well-being of our fellow citizens.
Plan for sustainable, sensible and balanced development of our commercial
sector, residential housing, and recreational and public space.
Protect the natural environment and resources, ensuring that the habitat is
maintained for generations to come.
Support and coordinate the growth of sustainable industries and achieve
mutual success in partnership with the city government.
Conduct the business of government efficiently and in accordance with the
highest ethical values, maintain transparency, and be responsive to the
common needs and requests of our citizens.
Core Values
* Safety
* Sustainability
* Integrity
* Multiculturalism
Current Set of Challenges:
A number of major issues have come up for the city government in the past five years:
•
The rapid population growth of both retirees and young individuals and families
(due to CTUs expanding research projects and start-ups) moving to new
developments has caused a greater strain on city services. The Department of
Public Works (DPW) has struggled to keep up with the demands for water and
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
13
RIMS-CRMP Participant Notebook
Liberty City
sewer lines. This issue has also been compounded by access to fresh water; an
agreement on water rights between the regional states has come into question as
those communities further upriver on the Gabriel River have increased their usage
leaving lower water levels down river for cities like Liberty. This is further
exacerbated by persistent drought conditions.
•
Long-time residents who are influential in the community have been advocating for
lower fees and taxes at the same city officials are facing pressure to increase fees
and taxes to expand and improve the services to the community. Columbia State
has traditionally been a fiscally conservative community, with a strong spirit of
individualism. Newcomers to the community, however, have greater expectations
of government programs and services, and expect closer cooperation and support
for CTU and its cluster of burgeoning high technology start-ups around CTU.
•
There has been an increase in the level of minor crime. The Liberty Police
Department reports an increase in the number of clandestine meth labs and
trafficking in illegal immigrants. These trends have residents concerned about the
decline in the quality of life.
•
$250 million in bonds were issued to build the Columbia Bowl Stadium to attract
the Liberty Bells as a professional football league franchise. The construction
project created new jobs that have extended into some commercial and residential
construction projects. However, the city is still bearing the weight of the bond
payments and has yet to see the revenue stream expected from an increase in
commercial taxes.
•
The National Basketball Association (NBA) has approached the city and several
wealthy citizens with the idea of an expansion franchise. They have laid out the
benefits and requirements. This would include the need to build a new arena,
parking, and added public transit capacity and a co-marketing agreement. The
team could play at CTU’s basketball facilities for the first season until a new facility
is built. The estimated cost for a new facility, parking and other related expenses
is $120 million.
•
The city was recently hit with several major lawsuits that have tied up the
Corporation Counsel and Legal Department:
o A lawsuit over ADA access to schools and other major municipal buildings.
o A major sexual harassment lawsuit against the Commissioner for Parks and
Recreation.
o A negligence suit due to several major accidents involving Liberty City
Transit (LCT) buses.
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
14
RIMS-CRMP Participant Notebook
Liberty City
Liberty City has had a healthy local economy until recently but is now suffering from legacy
healthcare and pension costs from its unionized workforce in various public agencies: police, fire,
schools, and public works. The bond issue for the stadium and increased costs of services are
driving the need for increased taxes and fees. While many residents are resistant to these costs
being passed along to them, the current administration does not appear to be able to avoid them.
The mayor has assigned a risk management team from among his key staff to address
these and any other significant and emerging issues.
Additional Detail Liberty City
The city rates the performance against its goals by what it considers its peer group of 9 cities,
similar cities in terms of size, demographics, and geography:
Goal Area
General Indicators
Civic Engagement
Voting participation, informed
on local news/issues,
volunteerism, cultural and arts
attendance
Violent and crimes property
crimes, average response
time/EMS/Fire/Police, survey
results of residents
%of adult residents with high
school/college degree or
higher, poverty rate, infant
mortality rate, morbidity rate,
longevity, % exercising
frequently
Air and water quality, energy
consumption per capita, water
consumption per capita,
recycling and trash per capita,
parks and green space
available per 10K residents
Growth in per capita income,
employment rate, small
business share of
employment, job growth
Budget growth, spending per
resident cost per gov’t
employee, survey of residents
Public Safety
Development
Environmental
Protection
Economic Health
Governance
4 Year
Average
LC Data
(Score 110)
6.8
Latest LC
Data
(Score 110)
Peer
City
Rank
7.3
3 of 9
7.2
7.0
3 of 9
8.1
8.4
4 of 9
9.3
8.5
2 of 9
7.6
8.7
1 of 9
8.6
8.8
2 of 9
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
15
RIMS-CRMP Participant Notebook
Liberty City
Key Performance Indicators
The Liberty City Office of the Controller keeps annual statistics and compiles the following brief
“report card” on performance. (note: not an exhaustive list; your team will come up with
additional examples that are reasonable based on the case)
Governance/Financial
•
•
•
Total Spending; % Growth 10 Yr. Avg.
Spending/Resident
Avg. Cost per FTE3
Measure (current year,
unless otherwise
indicated)
$1.8 billion; 4%
$2,400
$87,000
Civic Engagement
•
•
•
•
Voting participation
Informed on local news/issues
Volunteerism
Cultural and arts attendance
51%
46%
39%
42%
Economic
•
•
•
•
Growth in per capita income; 4 yr. avg.
Employment rate
Job growth
Small business share of employment
4%
68.6%
3.4%
20.5%
Public Safety and Environment
•
•
•
•
•
Property crimes/100K residents;
Average response time/EMS/Fire/Police;
Ozone annual avg. ppm level (US avg.
0.075)
Water gallons used per capita
Percent open space of total city
5,962
145 seconds
0.067
160
29%
Additional Risks:
•
•
•
•
•
•
3
Weather hazards:
o Forest fires;
o Drought;
o Earthquake.
Financial
Risk of government union strikes.
Terrorism/Active shooter.
Tourism.
Commercial growth.
FTE- Full time employee
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
16
RIMS-CRMP Participant Notebook
Case Study: Crestworth Financial
Crestworth Financial is a mid-sized, privately held, mortgage lender, headquartered in
Charlotte, North Carolina, and licensed to provide financial services in 25 states in the
US. The firm was founded in 1985 by two former bankers who saw the opportunity to
streamline the mortgage lending process through a closer partnership with real estate
developers and provide greater transparency in the process. Crestworth serves a wide
range of clients including:
•
•
•
Residential construction- multifamily, condominium, and cooperative housing; the
company has a sub-specialty in conventional, FHA, & VA loans.
Retail- mixed-use and retail.
General Commercial - office, industrial, hotel, healthcare, light service, and selfstorage properties.
With over 3 billion dollars in loans on the books annually, Crestworth is a primary lender
and occasionally will work with local lenders as part of a syndicated loan but prefers to
work directly with developers to maintain the client relationship and control over the
performance of its loan base. The company has recently expanded rapidly in the midWest and Western US after largely avoiding the mortgage loan crisis and great recession
of 2008.
Crestworth Organization Chart-Executive Level
Board of Directors
CEO/President
Executive Vice President,
Marketing and Sales
Northeast
Midatlantic &
Southeast
Midwest
West and
Southwest
Vice President,
Information Technology
Chief Financial Officer, Senior Vice
President Financial Operations
Commercial
Development
Systems
Development and
Management
IT Maintenance
and Support
Business
Financing
Lines
Industrial
Development
Vice President,
Human Resources
Talent Management
and Development
Benefits
Management
Chief Legal Counsel
Legal Department
Internal Audit &
Compliance
Residential
Construction
Development
Information
Systems Security
Financial Controller
Risk Management
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
17
RIMS-CRMP Participant Notebook
Crestworth Financial
Vision Statement
Crestworth Financial will be recognized as a premier commercial mortgage lender
in the United States.
In over three decades Crestworth Financial has built a solid reputation as a major
mortgage lender to regional real estate developers in the 24 states in which it is
licensed. Crestworth’s website says “With over $3 billion on loans we are one of the
fastest growing mortgage lenders in the middle market and seek to expand this growth
into new states. We have helped hundreds of our clients realize their success by
keeping our focus on:
•
•
•
Exceptional customer service
Competitive and customized financing packages
Streamlined approvals and contracting”
Continual improvement in procedures with a keen awareness of our regulatory
environment is important for the organization.
Mission Statement
Crestworth Financial is a trusted partner that works diligently to help our clients realize
their goals. We accomplish this through a commitment to the success, first and
foremost, of our clients, our employees, and other external partners. We understand
that financing is the lifeblood of building our clients’ dreams and that we carry that spirit
of endeavor beyond the dollars and cents. Supporting us in our mission are three basic
tenants:
•
•
•
Consideration: We work hard to understand our clients' goals, objectives, and
circumstances and provide customized options and advice to meet their financing needs.
Control: We provide the tools and options our clients need to comprehend and stay in
control of their financing streams.
Caring: We take a tailored, compassionate approach, and stay attuned to the needs of
our clients by providing exceptional, personal service; our approach is prudent, but
flexible and fair.
Core Values
* Service
* Efficiency
* Communication
* Compassion
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
18
RIMS-CRMP Participant Notebook
Crestworth Financial
Current Set of Challenges:
Despite their success, some major issues have hit the company in the past decade:
•
In 2008 an internal audit uncovered that one of its star brokers, who closed a record
150 deals in the past year valued at over $180 million, was involved in a mortgage
fraud scheme. The case was prosecuted by the State Regulator, sending the
employee to prison and fining Crestworth $500,000, and required the hiring of an
outside auditing agency to review their lending practices.
•
An investigation of its Seattle branch was started by the Washington State Attorney
eneral’s office claiming that the firm engaged in discriminatory practices that
violated the Fair Housing Law by habitually offering higher interest rates and larger
down payments for minority owned businesses. The local media has amplified
coverage of the story recently and has tarnished the sterling reputation they had
earned in that region.
•
A major potential growth area for the firm along the Louisiana Gulf Coast was
adversely impacted by the BP Macondo Oil well explosion and disastrous oil leak.
Crestworth was working on a $500 million dollar loan package for a new riverboat
complex, including piers, hotels, retail, and luxury housing, when the incident took
place. The developers halted the project just before the paperwork was to be
signed, and they have pursued other investments.
•
A newly hired senior executive, seeking to build a positive reputation in the
company, is encouraging product development in the single-family residential
market space. The initiative has created a great deal of internal debate since
Crestworth‘s business model has not traditionally included this market segment.
There are also significant investments that need to be made in the service
infrastructure and others perceive the market as more volatile.
Crestworth has maintained a healthy balance sheet although it has had to write down a
number of poorly performing loans and missed some market opportunities. A number of
major clients have gone out of business with a decline in the brick-and-mortar retail sector,
and there are concerns over the natural hazard risk to client opportunities in
developments close to areas prone to flooding and wildfires.
The risk management team will have to address these and any other significant and
emerging issues.
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
19
RIMS-CRMP Participant Notebook
Crestworth Financial
Additional Detail Crestworth Financial
Key Performance Indicators (note: not an exhaustive list; your team will come up with
additional examples that are reasonable based on the case)
Financial
•
Gross Revenue; 10 year Avg. Growth.
•
•
•
•
EBITDA4
ROE (return on equity)
Loan to value ratio
Delinquency rate of loan payments,
>60days
Measure (current year)
$3.2 billion; 10
year average-4.8%
$112 million
10.3%
72.5%
6.8%
Client
•
•
•
Client retention (5 yr. average)
Annual Increase in # clients
Increase in revenue/client
82%
32
12%
Operational
•
•
•
Deals/year
New deals/total projects
Deals/RFPs
2,285
31%
28%
Staffing
•
•
•
Staff retention
Revenue/staff member
Staff satisfaction (scale 1-10)
74%
$2.7 million
6.7
Additional Risks:
•
•
•
•
4
Market risks
Financial risks
o Credit risks
Weather hazards:
o Wildfires in the West.
o Coastal storms.
Political (regulatory) risk.
EBITDA=Earnings Before Interest, Taxes, Depreciation, and Amortization.
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
20
RIMS-CRMP Participant Notebook
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
21
RIMS-CRMP Participant Notebook
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
22
RIMS-CRMP Participant Notebook
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
23
RIMS-CRMP Participant Notebook
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
24
RIMS-CRMP Participant Notebook
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
25
RIMS-CRMP Participant Notebook
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
26
RIMS-CRMP Participant Notebook
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
27
RIMS-CRMP Participant Notebook
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
28
RIMS-CRMP Participant Notebook
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
29
RIMS-CRMP Participant Notebook
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
30
RIMS-CRMP Participant Notebook
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
31
RIMS-CRMP Participant Notebook
ERM Program Self-Assessment Checklist
RIMS Enterprise Risk Management Workshop
Company Name
ERM Program Self-Assessment Checklist
Review Information
Your Name:
Date:
Review Period:
to
Guidelines
Complete this review, using the following scale:
NA = Not Applicable
1 = Needs Work
2 = Gets By
3 = Meets Basic Organizational Requirements
4 = Exceeds Basic Organizational Requirements
5 = Exceptional
Repeat the review periodically and compare your progress over time. To validate your ratings and find out more about how
to improve in particular areas, take the RIMS Risk Maturity Model (RMM) self-assessment at www.rims.org/ERM
Communication and Consultation
(5) =
Exceptional
(4) = Exceeds
Requirements
(3) = Meets
Requirements
(2) =
Gets By
(1) =
Needs Work
ERM goals are clearly and specifically
articulated to align with creating and
capturing organizational value
Risk management generally is sought as an
organizational partner
ERM training materials and tools are sought
after and used
Internal communication network / methods
established for information sharing
Communications / reports effective for
Board
Executive management
Internal stakeholders
External stakeholders
Executive Sponsorship, Support and Adoption (Commit)
(5) =
Exceptional
(4) = Exceeds
Requirements
(3) = Meets
Requirements
(2) =
Gets By
(1) =
Needs Work
Policy, charter, mandate or guidelines are
documented
Roles and responsibilities are clear and
Copyright © 2010 Risk and Insurance Management Society, Inc. All rights reserved.
Page 1
A-29
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
32
RIMS-CRMP Participant Notebook
RIMS Enterprise Risk Management Workshop
documented
Proactive in requiring risk assessments,
and monitoring key risk plans
Supports cross-functional approach to risk
identification, analysis and response
Helps to resolve conflicts / smooth the way
Establishes clear expectations
Provides necessary resources
Managers are required to report on risk
management activities in normal business
reporting
Cross-Functional Relationships (Design)
(5) =
Exceptional
(4) = Exceeds
Requirements
(3) = Meets
Requirements
(2) =
Gets By
(1) =
Needs Work
(2) =
Gets By
(1) =
Needs Work
Strong collaboration and cooperation exists
among risk functional areas such as Risk
Management, Internal Audit, Security, IT
Risk Management, Compliance, Business
Continuity, et al.
ERM is fully integrated into front-line day to
day decision-making
ERM delivers value for cross-functional
partners (get as much or more out than
what they put in)
Communication among risk functional areas
is open and multi-directional
Executives and risk functional areas model
desired risk behaviors / attributes
Process Management (Activate)
(5) =
Exceptional
(4) = Exceeds
Requirements
(3) = Meets
Requirements
Common risk language / vocabulary
Standardized assessment process (identify,
analyze, select treatments) and ratings /
rankings used by all risk functions
Both qualitative and quantitative techniques
are used
Repeatable, scalable and flexible enough to
be applied in any part of the organization
Copyright © 2010 Risk and Insurance Management Society, Inc. All rights reserved.
Page 2
A-30
A-39
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
33
RIMS-CRMP Participant Notebook
RIMS Enterprise Risk Management Workshop
Understandable and transparent key risk
indicators (KRIs) and key performance
indicators (KPIs), i.e., dashboards
Timely and accurate reporting on key risks
and measurable action plan(s)
Risk Appetite Management (Activate)
(5) =
Exceptional
(4) = Exceeds
Requirements
(3) = Meets
Requirements
(2) =
Gets By
(1) =
Needs Work
(2) =
Gets By
(1) =
Needs Work
(2) =
Gets By
(1) =
Needs Work
Risk appetite(s) – at varying levels - are
established and communicated
Variations for risks outside of boundaries
(risk tolerances) are articulated and
monitored
Risks are viewed as an interrelated portfolio
Risk and reward tradeoff scenarios are
actively considered in daily management of
the organization
Gaps between actual and perceived risks
are actively identified and closed
Root Cause Discipline (Activate)
(5) =
Exceptional
(4) = Exceeds
Requirements
(3) = Meets
Requirements
Sources and causes of key risks are
discovered through a formalized process
before risk response action is taken
Unintended consequences are considered
before a risk response action is taken
Effectiveness of management actions and
control techniques are part of the risk
assessment process
Uncovering Risks (Activate)
(5) =
Exceptional
(4) = Exceeds
Requirements
(3) = Meets
Requirements
Uncertainties and opportunities both are
documented in risk assessments
External and internal risk data are collected
broadly from employees, reports,
databases, and other sources
Copyright © 2010 Risk and Insurance Management Society, Inc. All rights reserved.
Page 3
A-31
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
34
RIMS-CRMP Participant Notebook
RIMS Enterprise Risk Management Workshop
Dependencies and correlation among
seemingly disparate risks are
acknowledged and analyzed
Managers employ risk process tools and
techniques independently from (but
provided by) risk management organization
Performance Management (Monitor and Review)
(5) =
Exceptional
(4) = Exceeds
Requirements
(3) = Meets
Requirements
(2) =
Gets By
(1) =
Needs Work
(2) =
Gets By
(1) =
Needs Work
ERM is integrated with strategic planning
(before, during and after)
ERM goals and activities are formally
established, communicated and measured
Risk owners and managers are
compensated for managing risk well
Business Resiliency and Sustainability (Improve)
(5) =
Exceptional
(4) = Exceeds
Requirements
(3) = Meets
Requirements
ERM is integrated within operational
planning and day-to-day decisions
enterprise-wide
ERM is integrated within treasury and
financial planning
ERM is integrated within internal shared
services (HR, facilities, IT, Accounting, etc.)
ERM is integrated into vendor
management, supply chain and distribution
planning
Consequences are explicitly stated in risk
assessments and planning
Scenario planning is incorporated in major
initiatives
Copyright © 2010 Risk and Insurance Management Society, Inc. All rights reserved.
Page 4
A-32
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
35
RIMS-CRMP Participant Notebook
Practice Questions
1. A success criterion for a risk management program includes
A.
risk accountability.
B.
dependencies.
C.
organizational structure.
D.
performance.
2. Which of the following is the BEST example of a reason to revise a risk management
program?
A.
A new exposure arises such as a new merger or acquisition.
B.
Significant turnover within the risk management function.
C.
New product offerings by the insurance industry.
D.
A revision of a company's annual earnings forecast.
3. A potential DISADVANTAGE of benchmarking is that it
A.
may limit the type of information obtained if it only considers organizations
viewed as a direct competitor.
B.
focuses primarily on areas of overlap in product or services and does not
consider areas in which organizations differ.
C.
focuses primarily on company best practices and can not be used to identify
areas for possible innovation.
D.
does not provide useful information about industry and market trends.
4. Which industry environmental factors create uncertainty for an organization?
A.
Demand and competition
B.
Cultural factors
C.
Transportation and infrastructure
D.
Historical claims experiences
5. To increase the likelihood that a risk strategy approach will be adopted, it is important for a
risk management professional to understand the organization's
A.
governance.
B.
hierarchy.
C.
culture.
D.
profit margins.
6. A risk management oversight body focuses on what quadrant of risk as aligning closest to its
organization's ability to meet corporate objectives?
A.
Hazard
B.
Financial
C.
Strategic
D.
Operational
7. Risk Mapping is an effective visual tool employed by risk management professionals to
A.
capture risk portfolio relative frequency and severity.
B.
define historical risk portfolio materiality thresholds.
C.
provide Monte Carlo Simulation inputs.
D.
confirm validity of loss triangles.
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
36
RIMS-CRMP Participant Notebook
8. When a line employee identifies a risk, to whom should the information first be reported to?
A.
Compliance Officer
B.
Operations Manager
C.
Risk Committee
D.
Risk Manager
9. The purpose of documenting business model uncertainties is to
A.
prioritize the impact of residual risks.
B.
conduct a review of the enterprise risk management framework.
C.
disqualify a business case to support loss control measures.
D.
provide a tangible resource for the design of risk strategies.
10. What is one KEY advantage that can be used to obtain organizational support for adopting
an enterprise risk management strategy?
A.
Increased capital flows associated with increased risk controls
B.
Reduced scrutiny from management or oversight boards
C.
Improved effectiveness of safety and security practices
D.
Reduced governance costs through increased control efficiency
11. As the concept of organizational resilience evolves, what is ONE critical challenge to
communicating and implementing a sustainable process?
A.
Economic cost of implementing a resilient program design
B.
Resilience across and between organizational cultures
C.
Market recognition of resilience program effectiveness
D.
Ensuring alignment between resilience program design and execution when
needed
12. A risk management professional evaluates which type of key external force to gain insight
about another company's strengths and weaknesses?
A.
Political
B.
Competitive
C.
Economic
D.
Technological
13. A timeline is included in the
A.
risk implementation plan.
B.
risk governance structure.
C.
risk management framework.
D.
risk monitoring metrics.
14. The three components that make up the risk assessment phase of the risk management
process are
A.
establishing the context, risk evaluation, and risk treatment.
B.
establishing the context, risk identification, and risk evaluation.
C.
risk identification, risk analysis, and risk evaluation.
D.
risk identification, risk analysis, and risk treatment.
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
37
RIMS-CRMP Participant Notebook
15. When working with risk owners to develop risk treatment, it is necessary to
A.
consider risks equally.
B.
consider risk within the context of the business.
C.
generate a positive return on investment in the current year.
D.
seek approval from the Board of Directors.
16. The risk management professional should prioritize information about the business model
based on
A.
industry trends.
B.
annual reports.
C.
analyst reviews.
D.
strategic objectives.
17. When seeking to advise the organization on risks, the risk management professional should
try to adopt what type of relationship model?
A.
Compliance
B.
Operational
C.
Partnership
D.
Sales
18. Which of the following would signal a potential change in an organization's risk context?
A.
The organization acquires a new business.
B.
The organization changes insurance brokers.
C.
The organization's board of directors reviews a compliance report.
D.
The organization publishes its annual report.
19. What is the FIRST step in delivering risk training?
A.
Developing training
B.
Identifying existing training
C.
Identifying training needs
D.
Scheduling training
20. The risk management professional can use various risk dimensions to analyze risks. These
include impact, likelihood and
A.
change in size.
B.
coefficient of reliability.
C.
collective opinion or team rating.
D.
speed of onset or velocity.
21. Which type of risk management is the most influential in facilitating risk discussions on a
board or similar organizational level?
A.
Integrated
B.
Enterprise
C.
Traditional
D.
Advanced
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
38
RIMS-CRMP Participant Notebook
22. Which approach should be used to reduce the risk of perception bias when conducting a
facilitate risk workshop?
A.
Working with managers
B.
Working with a diverse group
C.
Working with other risk management professionals
D.
Working with a large group
23. To gain greater insight on the effects of uncertainty on organizational objectives, the risk
management professional
A.
has a strong incentive to consult and communicate organizational risks.
B.
should consult with key risk stakeholders.
C.
should focus on identifiable risks.
D.
has a duty to inform when risks are outside of a risk tolerance.
24. An effective way for a risk management professional to analyze operations of an
organization is to form a
A.
risk committee.
B.
captive insurance company.
C.
risk management department.
D.
template to gather information.
25. Before a decision is made, which of the following issues should ALWAYS be escalated to
higher level risk committees, management committees, or the Board?
A.
Those that are important but lack critical information.
B.
Those that are overly complex and not well understood.
C.
Those that exceed the authority of the intended decision maker or decisionmaking body.
D.
Those that fall within the authority of the intended decision maker or decisionmaking body.
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
39
RIMS-CRMP Participant Notebook
Answer Key
1.
2.
3.
4.
5.
A
A
A
A
C
6.
7.
8.
9.
10.
C
A
B
D
D
11.
12.
13.
14.
15.
B
B
A
C
B
16.
17.
18.
19.
20.
D
C
A
C
D
21.
22.
23.
24.
25.
B
B
B
A
C
Copyright 2023 by the Risk and Insurance Management Society, Inc. All rights reserved.
40
Related documents
Writing can be very hard, in this module we'll be looking at the basic steps of writing a creative story
Writing can be very hard, in this module we'll be looking at the basic steps of writing a creative story
Differential eq
Differential eq
Public Finance (Overview)
Public Finance (Overview)
Download
advertisement