M_o_R® Foundation Exam Simulator

Goals of the M_o_R process steps:

• Identify – Context step: To understand the context in which risks arise by examining external and internal factors that may influence the organization's risk landscape. This includes a thorough analysis of the organizational environment using tools like PESTLE (Political, Economic, Social, Technological, Legal, Environmental) and SWOT (Strengths, Weaknesses, Opportunities, Threats) analysis, and horizon scanning to identify potential risks.

• Identify - Risks step: To systematically identify and analyze risks that could affect the successful delivery of projects, programs, or activities. This involves using techniques such as risk breakdown structures (RBS), cause and effect diagrams (e.g., Ishikawa or fishbone diagrams), and checklists to uncover potential risks.

• Assess Risks: To evaluate the significance of each identified risk by determining its probability of occurring and its potential impact on the organization. Techniques such as probability impact grids, impact assessment matrices, and proximity assessments are used in this step.

• Plan Response: To develop strategies for responding to risks based on their level of significance. This includes avoiding, exploiting, reducing, enhancing, transferring, sharing, or accepting the risks. Contingency planning is also a part of this stage.

• Implement Response: To enact the chosen risk responses and ensure that the plans are effectively in place and operational. This may involve formalizing agreements for outsourcing risks, updating policies, or training staff.

• Monitor and Review: To continuously monitor the risk environment and evaluate the effectiveness of risk management activities. This includes conducting regular risk reviews and making adjustments to strategies as necessary.

Roles and Responsibilities in Risk Management:

• Senior Team: Provides overall governance, ensures adequate controls are in place, and monitors risk tolerances. They are responsible for defining the risk management framework and ensuring compliance with it.

• Senior Manager: Represents the Senior Team on day-to-day risk matters, ensuring that internal controls are effective and resources are adequately allocated to manage risks.

• Manager: Ensures risk registers are in place and risk assessments are validated, escalating risks as per the policy when necessary. They are responsible for the operational management of risks within their areas of responsibility.

• Assurance: Provides independent oversight, ensuring that risk accountabilities are clear, compliance with controls is monitored, and the effectiveness of risk management practices is formally assessed.

• Risk Specialist: Provides expert advice on specific types of risks (e.g., financial, security, environmental), develops and updates risk management strategies, and creates guidance and training materials for managing these risks.

• Team: Participates in all aspects of the risk management process, from identifying and assessing risks to implementing responses and monitoring outcomes.

Common Techniques used in Risk Management:

• PESTLE, SWOT Analysis, Horizon Scanning: Tools for understanding the broader context that may affect the organization.

• Stakeholder Analysis, Influence/Interest Matrix, RACI Diagram: Methods for identifying and understanding stakeholders' interests and responsibilities.

• Probability Impact Grid, Summary Risk Profile: Tools for visualizing and assessing the overall risk associated with an activity or project.

• Checklist, Prompt List, Risk Breakdown Structure: Methods for identifying specific risks within a defined scope.

• Cause and Effect Diagram: A tool to identify root causes of potential risks.

• Avoid, Reduce, Exploit, Enhance, Transfer, Share (TREE or Shared Responsibility): Approaches to responding to identified threats and opportunities.

• Contingent Plans: Prepared responses for the worst-case scenarios of high-impact risks, typically used in conjunction with 'reduce' or 'enhance' strategies.

• Probability Assessment, Impact Assessment, Proximity Assessment, Expected Value Assessment: Techniques for quantitatively or qualitatively evaluating the significance of a risk.

Risk Specialisms and Their Purposes:

• Business Continuity Management: Ensures that the organization can continue to operate during and after disruptive events.

• Incident and Crisis Management: Manages unexpected or sudden events, minimizing their impact on the organization.

• Health and Safety Management: Protects employees, assets, and the environment from potential hazards.

• Security Risk Management: Ensures the confidentiality, integrity, and availability of information and data.

• Financial Risk Management: Identifies, assesses, and mitigates financial risks to protect the organization's financial assets and reputation.

• Environmental Risk Management: Manages risks related to environmental factors that could affect the organization or its stakeholders.

Each specialism has a unique focus but contributes to an integrated risk management strategy that covers all aspects of the organization's operations.