1. Identification, assessment and measurement of risk
a) Discuss the relationship between organisational strategy and risk management strategy.
b) Develop a framework for risk management and establish risk management systems.
c) Identify and evaluate the key risks and their impact on organisations and projects.
d) Distinguish between strategic and operational risks.
e) Assess attitudes towards risk and risk appetite and how this can affect risk policy.
f) Discuss the dynamic nature of risk and the ways in which risk varies in relation to the size, structure and development of an organisation.
g) Assess the severity and probability of risk events using suitable models.
h) Explain and evaluate the concepts of related and correlated risk factors.
2. Managing , monitoring and mitigating risk
a) Explain and assess the role of a risk manager.
b) Evaluate a risk register and use heat maps when identifying or monitoring risk.
c) Describe and evaluate the concept of embedding risk in an organisation’s culture and values.
d) Explain and analyse the concepts of spreading and diversifying risk and when this would be appropriate.
e) Explain, and assess the importance of, risk transfer, avoidance, reduction and acceptance (TARA).
f) Explain and assess the benefits of incurring or accepting some risk as part of competitively managing an organisation referring to the ‘as low as reasonably practical (ALARP) principle
g) Apply the concept of assurance mapping to modern risk management using the 'four lines of defence'