1
UNISA EXAM MEMO RSK2601 MAYJUNE 2014
SECTION A (40 MARKS)
1. 3 11. 3 21. 4 31. 3
2. 1 12. 4 22. 1 32. 1
3. 3 13. 3 23. 3 33. 2
4. 1 14. 2 24. 3 34. 4
5. 4 15. 1 25. 1 35. 1
6. 2 16. 4 26. 3 36. 2
7. 3 17. 1 27. 2 37. 2
8. 2 18. 2 28. 3 38. 1
9. 2 19. 3 29. 1 39. 1
10. 4 20. 2 30. 4 40. 4
SECTION B (30 MARKS)
Question 1 (10 marks)
Risk management framework
The risk management framework is a basic conceptual structure used to address the risks faced by
an organisation. The purpose of the risk management framework is to assist an organisation in
integrating risk management into its management process so that it becomes a routine activity. The
framework is composed of the following five steps:
Mandate and commitment
Design framework
Implement framework
Monitor framework
Improve framework.
Risk management policy
A risk management policy sets out how the risks, which have been identified by the risk assessment
procedure, will be managed and controlled. The risk management policy assigns responsibility for
performing key tasks, establishes accountability with the appropriate managers, defines boundaries
and limits and formalises reporting structures. The policy should address specific responsibilities of
the board, internal audit, external audit, the risk committee, the corporate governance committee,
the central risk function, employees and third party contractors in implementing risk management. A
policy statement defines a general commitment, direction or intention. A policy on risk management
expresses an organisation’s commitment to risk management and clarifies its general direction or
intention.
Risk management process
According to International Risk Standard, ISO 31000 (2009), a risk management process is one that
systematically applies management policies, procedures, and practices to a set of activities intended
Jameszon31@gmail.com 081 438 7509/ 061 429 0222/ 078 548 0303
, 2
to establish the context, communicate and consult with stakeholders, and identify, analyse,
evaluate, treat, monitor, and review risk.
Question 2 (14 marks)
2.1 (8 marks)
Risk reduction
Risk reduction can also be referred to as treatment or mitigation. Risk reduction can be seen as risk
diversification (reduction of risks by distribution) for example, where a business invests in multiple
stocks to reduce risk and the impact of the risk. Two approaches to reduce risk can be followed
namely:
reducing the likelihood of a risk occurring, and;
Limiting the loss should the risk materialise.
Methods used to reduce the likelihood of occurrence or impact of risk by a business is protection,
controls, maintenance and risk spreading.
Risk removal
Risk removal can also be referred to as avoidance, elimination, exclusion and termination. Risk
removal is used to eliminate a risk when a negative outcome/impact or high-risk exposure is
anticipated. For example, doing business with a country that has political uncertainty may be too
risky to make the opportunity worthwhile (a potential for loss has been eliminated). When a
business wants to remove risk, factors such as opportunity, business objectives and costs involved
must be considered. All three of these concepts must be taken into regard. For example, when a
business decides not to introduce a new product or ending the production of an existing product and
ceasing operations that have been carried out in the past.
Risk reassignment or transfer
Risk reassignment is the strategy used to transfer risk to another entity, business or organisation.
Businesses can use contracts and financial agreements to transfer risk to a third party. Risk transfer
does not reduce the severity of the risk but does increase the impact of the risk. The most common
method of risk transfer is insurance. For example the financial consequences of the loss is
transferred to the insurance company. When a business transfers risk the business must consider
the objectives of the parties, ability to manage the risk, risk context and cost effectiveness of the
transfer.
Risk retention
Risk retention is also referred to as acceptance, absorption or tolerance. A business can be in the
position to only be able to accept the risk as the alternative methods, for example risk removal,
reduction and transfer are not available; or it can be more economical to the business to accept the
risk. In the risk retention strategy the options available, timing and the ability to absorb the risk must
be considered.
Jameszon31@gmail.com 081 438 7509/ 061 429 0222/ 078 548 0303
