Improve your

chances of
assessment
success

Blended Learning
Signup and join our online interactive
workshops to fully get to grips with
the study materials and develop an
effective study plan.

www.theirm.org | Tel: +44 (0)7469 353441 | Email: [email protected]

CONTENTS

PAGE

About the Institute of Risk Management (IRM) .............................................................. 1

IRM qualification aims .................................................................................................... 1
IRM professional standards ........................................................................................... 3
Time constraints............................................................................................................. 4
Collaboration in the design of the qualification ............................................................... 4
Key dates ....................................................................................................................... 4
Language requirements ................................................................................................. 4
Support for teaching and learning .................................................................................. 5
Qualification structure .................................................................................................... 7
Entry requirements......................................................................................................... 8
Equality and diversity ..................................................................................................... 8
Qualification delivery ...................................................................................................... 8
Complaints ..................................................................................................................... 9
Overview of Module 1: Principles of Risk and Risk Management ................................. 10
Module Learning Aims ................................................................................................. 10
Overview of Module 2: Practice of Risk Management .................................................. 23
Module learning aims ................................................................................................... 23
Assessment ................................................................................................................. 37
Appendix 1 Verbs used in the aims and learning outcomes.......................................... 40
Appendix 2 Glossary of terms used .............................................................................. 41
1. About the Institute of Risk Management

The Institute of Risk Management (hereafter known as the IRM), is the leading professional
body for risk management. The IRM is an independent, not-for-profit organisation that
champions excellence in managing risk to improve organisational performance. IRM does
this by providing internationally recognised qualifications and training, publishing research
and guidance and by setting professional standards across the world. IRM’s members work
in all industries, in all risk disciplines and across the public, private and not-for-profit sectors.

2. IRM Qualification Aims

IRM qualifications are aimed at practising or aspiring managers and leaders who are in
decision making roles or working as risk management practitioners. The qualifications
provide students with a broad knowledge and practical skills in risk management, which can
be immediately applied in the workplace.

IRM qualifications provide a holistic, flexible, and module-based approach which is assessed
by using either multiple choice questions in the certificates, and written assignments for the
diplomas.

The IRM’s International Certificate in Enterprise Risk Management (ERM) is designed to

introduce students to the fundamental theory, management, and application of ERM to
ensure timely organisational success. This in turn enhances an organisation’s ability to
achieve its objectives and ensure sustainability based on transparent and ethical behaviours.

2.1 Aims of the IRM’s International Certificate in Enterprise Risk Management:

• Develop students’ knowledge, understanding and skills needed to recognise and

manage risks in an organisation.

• Develop enquiring minds, to ensure that students have the ability and confidence to
work across different business functions in an organisation to recognise lead,
manage and respond to risks in their departments and across the organisation; and

• Develop transferable skills including: Communication, problem solving, adaptability,

time management, organisational and research skills.

1|Page
2.2 IRM qualifications address these aims by:

Designing learning to impart knowledge through academic theory and practical

application through:

• Module 1 which provides the foundation of risk management through the

examination of core principles and concepts.

• Module 2 which builds on the foundations studied in Module 1, to assess how risk
management can be effectively and practically embedded within an organisation.

• The six units in each module explore various aspects of risk management in detail
and meet the aims as follows:

 Each unit consists of a several lessons which provide knowledge in bite-size

pieces.
 Each unit is accompanied by relevant references to essential and further
reading material in the form of books, articles, case studies, websites, videos,
and blogs that support the lessons being taught.
 Each unit include reference to materials that students are expected to access
and assimilate (essential) and materials that will widen their knowledge of the
subject.
 The Certificate is taught over a 6-9 month period, which requires skill in time
management, which is supported by the planning materials in the Student
Handbook.
 Undertaking the activities and engaging in the discussion forums for both
modules support students in challenging academic materials.
 Enabling students to be better able to be involved in and implement risk
management processes.
 Undertaking the activities allows students to use the theory taught to apply it to
a practical situation and improve their confidence in their risk management
knowledge. It also allows students to align their learning to employers and
higher education needs for skilled workforce.
 Each unit has been designed by qualified risk managers, who are expert
practitioners in the field of risk management and engaged in academic activities
outside of the IRM.
 The outline specification for the Certificate has been shared with previous
students and external risk management professionals to test the validity and
value of the subject matter, in line with students and potential and existing
employer expectations.

2|Page
2.3 Providing activities and summative assessments (sometimes called assessment of
learning) is a formal method to evaluate learning by comparing learning to a standard
or benchmark. This is typically at the end of a unit, module or time period. Summative
assessment takes the form of a module test), to progress students to next unit or
module:

• Each unit includes several activities that provide students with the opportunity to
practically apply what they have been taught through the lessons. Each activity is
followed by sample answers from the IRM to ensure the student fully understands
what was being asked of them.
• The modules include an introductory and a summary video. Module 1 includes an
additional examination guidance video, followed by access to a specimen multiple-
choice examination paper, that supports students when sitting the examinations as it
provides them with knowledge of the examination format and the expectations of the
examiners. Module 2 includes an additional assignment writing video which provide
students with guidance on academic writing.

3. IRM Professional Standards

The IRM professional standards are designed so that they can be used by anyone involved
in risk management. They are flexible and can be adapted and used in all types of
organisation, sector, and geographical regions.

The IRM Professional Standards has four functional areas broken down into risk functional
area components. They are:

• Insights and context

 risk management principles and practice

 organisational environment
 external operating environment.

• Strategy and performance develop a risk management strategy to meet organisational

needs

 risk management strategy and architecture

 risk management policy and procedures
 risk culture and appetite
 risk performance and reporting.

• Risk management process

 risk assessment
 risk treatment.

3|Page
 • Organisational capability

 communication and consultation

 change management
 people management.

The standards are written as outcomes of competent performance which is the need for
relevant knowledge to achieve the standards. For more in-depth information on the
Professional standards of the IRM, please refer to our website https://www.theirm.org/what-
we-do/about-us/professional-standards/

4. Time Constraints
Once students register it will be valid for two years.

5. Collaboration in the Design of the Qualification

• CEO Satarla UK
• Client - Ervia Utilities Ireland
• Client and previous student - BHP Mining – Australia Global
• Director - KB Risk Consulting Limited
• Expert Partners Ireland
• Previous student - Metro Bank
• Previous student - Faithful and Gould Construction – UK
• Previous student - Satarla
• Previous student - UK Police Services
• Previous student - BHP Global Risk

6. Key Dates
The assessment dates are May/June and November/December.

7. Language requirements
The qualification is delivered in the English Language.

4|Page
8. Support for Teaching and Learning
This course is self-directed distance learning so that students have the flexibility of studying
at their own pace.

8.1 Virtual Learning Environment (VLE)

The IRM provides learning materials for all units on the VLE, (Moodle). Learners also have
access to openly available essential and further reference materials. Module coaches also
have full access to all learning materials to prepare themselves to support students. Access
to the next unit is provided to students once a unit is completed.

8.2 Webinars/Videos

Students are given free access to a range of webinars and videos. They also have access to
discussion forums to interact with fellow students, coaches and the IRM student support
team.

8.3 Optional Blended Learning

The IRM offers a blended learning option at a cost for students who may prefer a more
interactive customised learning experience. These student-centred workshops reinforce
students understanding of the topics and help them develop the practical skills needed to put
their learning into practice.

8.4 Student Handbook

Students have access to a student handbook which contains a range of background,

guidance and key information that prepares them for successful study and attaining the
qualification. Some sections of the handbook are advisory, helping students to organise and
refine their study and examination skills. Some sections contain essential information that
students must be aware of and careful to follow. The essential information is indicated with
an asterisk (*) in the contents list, and on the title page of each relevant section. Students
should read the handbook in its entirety before they start studying.

5|Page
8.5 Student Membership

Students who have enrolled on the Certificate course automatically become student
members of the IRM. This membership entitles students to several benefits including:

• Access to news and information on the latest developments in the risk profession, in the
form of the Enterprise Risk, IRM’s quarterly magazine.

• Thought leadership by participating in IRM consultation exercises to assist in supporting,

informing, and influencing the regulatory framework in which risk management operates.

• Events and networking to debate and share experiences with peers in the global risk
management community.

• Online discussion forums to enable students to network with other students globally and
discuss studies in virtual student groups.

• Demonstrating to employers student’s commitment to knowledge progression and

supporting the organisation.

The IRM student support team can be contacted by telephone or email to assist with any
administrative issues related to studies. Students completing and passing the examination of
the International Certificate in Enterprise Risk Management can use the letters IRMCert after
their names and automatically become Certificate Members of the IRM.

6|Page
9. Qualification Structure

9.1 Qualification Requirements and Rules of Combination

The qualification structure has been designed to support students to address their own
developmental needs and interests. The Qualification is split into two Modules each with
attached units.

Students need to complete all the units in this qualification as follows:

Module Unit Unit Title Approximate

number Learning
hours
1 Principles of Risk Unit 1 Key Concepts in Risk 30
and Risk Management
Management Unit 2 Strategic Planning for Enterprise 30
Risk Management
Unit 3 Context, Objectives, and Risk 30
Assessment
Unit 4 Managing, Monitoring and 30
Reporting Risks
Unit 5 Risk Culture and Appetite 30

Unit 6 Corporate Governance and Risk 30

Assurance
2 Practice of Risk Unit 7 Risk Management and Strategy 30
Management
Unit 8 Organisational Sustainability 30

Unit 9 Organisational Resilience 30

Unit 10 Approaches to Risk 30

Management
Unit 11 Embedding and Maintaining 30
Risk Management
Unit 12 Risk Management 30
Competencies

7|Page
10. Entry Requirements
Although the IRM do not have any specific formal entry requirements, it ensures that
students have sufficient capability at the right level to undertake the learning and
assessment.

The IRM may consider students prior learning when considering acceptance to IRM
qualifications. See the IRM Recognition of Prior Learning Policy.

Please note, the qualification is offered in English therefore a reasonable knowledge of the
English language is important.

11. Equality and Diversity

The IRM ensures that students/apprentices are provided with equal opportunities to access
all qualifications and assessments, by considering and providing reasonable measures and
special consideration for all.

The IRM endeavours to ensure that all processes, structure, content and arrangements for
content, coaching, assessment, and awarding of certificates:

• Ensure access and equality of opportunity without affecting the integrity of the
qualification.

• Guarantees fair assessment for all students, including those requiring special
considerations.

• Complies with the UK Equality and Diversity legislation by ensuring that there is no
discrimination on grounds age, disability, gender identity or gender reassignment,
marriage or civil partnership, pregnancy or maternity, race or ethnic origin, religion
or belief, sex or sexual orientation.

For further information, please see the IRM’s Equality and Diversity Policy and Reasonable
Adjustments Policy.

12. Qualification Delivery

The IRM ensures that students have access to a full range of information, advice, and
guidance to support them in completing the qualification.

8|Page
13. Complaints
Complaints can be emailed to the relevant individual directly to resolve the issue swiftly.

If dissatisfied with the response, an appeal can be sent to the Chief Operating Officer (COO)
ensuring that name, address, and telephone number, names, and details of the complaint
itself are included. Complaints are acknowledged to within five working days of receipt and
the matter is investigated and action is decided on and taken. A further appeal can be made
which is escalated to the Chief Executive Officer (CEO) who acknowledges within seven
days and arranges an Appeal Review Panel within fourteen days.

9|Page
14. Overview of Module 1: Principles of Risk and Risk
Management

This module introduces the principles and concepts of risk and risk management and its
development through to Enterprise Risk Management based on international best practices.
The principles and framework are explored as the foundations for the effective
implementation of risk management. An examination of the risk management process is
provided through the lens of four simple steps:

• Defining context and objectives

• Assessing the risks
• Managing the risks
• and monitoring, reviewing, and reporting on them.

Risk appetite and tolerance is then explored as a means of understanding how much risk
an organisation is willing to accept or take in pursuit of its objectives, which leads to an
assessment of corporate governance and the need to provide assurance to any
organisation that, in the face of the risks it faces, it is able to achieve its objectives.

Module Learning Aims

By the end of Module 1 students will be able to:

Units Learning Aims

Unit 1 Key Concepts in Risk Appraise risk and risk management, and
Management their purpose aligned to recognised
international standards.
Unit 2 Strategic Planning for Enterprise Determine the most appropriate risk
Risk Management management principles, framework, and
process for an organisation.
Unit 3 Context, Objectives, and Risk Determine the most important risks of an
Assessment organisation given its context and
objectives.
Unit 4 Managing, Monitoring and Establish an organisational environment
Reporting Risks where risks are effectively managed,
monitored, and reported on.
Unit 5 Risk Culture and Appetite Determine the appropriate level of risk
that an organisation can take in relation
to its risk culture.
Unit 6 Corporate Governance and Risk Examine the role of risk management
Assurance within corporate governance and risk
assurance.

10 | P a g e
 UNIT 1 | CONCEPTS AND DEFINITIONS OF RISK AND RISK MANAGEMENT

Unit 1 Key Concepts in Risk Management

Learning hours: 30

Assessment Guidance: Multiple choice questions and written

assignment

Unit Learning Aim

After studying this unit, students will be able to:

• Appraise risk and risk management, and their purpose aligned to recognised
international standards.

Unit in Brief

In this unit students are introduced to risk management concepts. They are also introduced
to the importance of risk management across enterprises as well as internationally
accepted standards and frameworks that support the effective implementation of risk
management.

Introduction to Unit

This unit introduces the concept of ERM. Once introduced, the terms risk management
and ERM will represent the same concept, unless noted otherwise.

There are many terms and definitions regarding risk and risk management, which are often
misunderstood and inconsistently used by organisations. It is important to be aware of the
appropriate language and methodology to be implemented, the reasons for their use, and
understand the value that risk management can and should bring to an organisation.

In this unit you will gain an insight into what risk and risk management are, looking at the
positive and negative impacts that risk has on organisations. You will also be introduced
to key features of risk and risk management before moving on to explore the history of risk
management. You will then further examine the importance of risk management and its
value is for different stakeholders and finally distinguish between the different risk
management standards.

11 | P a g e
 UNIT 1 | CONCEPTS AND DEFINITIONS OF RISK AND RISK MANAGEMENT

Section Learning Outcomes

Unit Content
The student can:

1.1 Introducing Enterprise Risk Management

A. Approaches to defining risk. Distinguish between risk and risk
B. Approaches to defining Enterprise Risk management using a range of
Management. different recognised approaches.

1.2 Evolution of Enterprise Risk Management

A. Key developments in the evolution of risk Explain the key developments in
management. the evolution of risk
management.
1.3 Importance of Enterprise Risk Management
for organisations
A. Organisational strategy. Evaluate the importance of
B. Governance. Enterprise Risk Management
C. Resilience. from different perspectives in
organisations.
1.4 Different approaches to Enterprise Risk
Management
A. Consistency in approach and integrating with Compare the approaches and
other risk management specialisms, such as: integrations of different risk
• Finance
management specialisms.
• Health and safety
• Project management.
• Link to different approaches to risk
management in Unit 10.

1.5 Enterprise Risk Management standards and

frameworks
A. General risk management standards and Compare different international
frameworks including: risk management standards
• ISO 31000 including ISO31000; COSO; and
the Orange Book.
• COSO (2004 and 2017).
B. Alternative risk management approaches,
including:
• The Orange Book.

12 | P a g e
Unit 2 Strategic Planning for Enterprise Risk
Management
Learning hours: 30

Assessment Guidance: Multiple choice questions and written

assignment

Unit Learning Aim

After studying this unit, students will be able to:

• Determine the most appropriate risk management principles, framework, and

process for an organisation.

Unit in Brief

In this unit students will formulate an appropriate risk management approach for an
organisation by considering risk principles, frameworks, and processes.

Introduction to Unit

The principles of risk management focus on the premise that it delivers value to
organisations by applying practices designed to achieve the best possible outcome
thereby reducing volatility or uncertainty.
In this unit you will learn about strategic planning for the implementation of effective risk
management, including the framework that provides a structure for organisations to work
within. You will investigate and formulate a risk management framework for an
organisation of your choice. The RASP framework (Risk Architecture, Strategy and
Protocols). comprises of Risk Architecture, including roles and responsibilities, Risk
Strategy, including the risk management policy, and Risk Protocols, including the risk
management information system (RMIS)
You will assess the principles of risk management, from a variety of perspectives, and
finally you will learn about different risk management processes and their similarities.

13 | P a g e
Unit content Section Learning Outcomes
The student can:

2.1 Principles and attributes of risk management

A. Principles from international standards. Evaluate the effectiveness of risk
including ISO, COSO and the Orange Book. management based on
B. Attributes of risk management including: established principles defined by
international standards.
 Proportionate, Aligned, Comprehensive,
Embedded, Dynamic (PACED).

2.2 Strategic Planning for Enterprise Risk

Management (RASP) – Risk Architecture
A. Organisational/governance structure. Establish an appropriate risk
management architecture for an
B. Roles and responsibilities including risk and
organisation's operational model
risk control and ownership.
and governance structure.
C. Planning for risk management.

2.3 RASP - Strategy

A. Tone from the top. Establish an appropriate risk
B. Risk Management Policy. management strategy for an
C. Introduction to risk appetite. organisation.

2.4 RASP - Protocols

A. Procedures. Recommend appropriate
B. Tools and techniques. protocols for a successful
organisational risk management,
C. Risk Management Information Systems
clearly justifying how each
(RMIS).
contributes to its success.

2.5 Risk management processes

A. Processes for ISO, COSO, and The Orange Establish an appropriate risk
Book. management process for an
B. Comparison using the four simple steps of risk organisation.
management.

14 | P a g e
 UNIT 3 | CONTEXT, OBJECTIVES AND RISK ASSESSMENT

Unit 3 Context, Objectives, and Risk Assessment

Learning hours: 30

Assessment Guidance: Multiple choice questions and written

assignment

Unit Learning Aim

After studying this unit, students will be able to:

• Determine the most important risks of an organisation given its context and
objectives.

Unit in Brief

In this unit students will appraise the context and objectives for the organisation or activities
they are undertaking. This will enable the identification and analysis of real risks related to
the context and objectives and support the decision-making process regarding which risks
require further management.

Introduction to Unit

Understanding the context in which you are working and the objectives that you are trying
to achieve will allow you to identify and analyse uncertainties (risks) that matter. This will
provide you with the information needed to decide whether any further action is needed,
or whether risks are within the organisation’s risk appetite and tolerance.

You will be using the current ISO 31000 standard as the basis of your work and will do this
for the remainder of the module. You will be referring to other standards too, especially the
COSO ERM framework and The Orange Book, published by the UK HM Treasury.

In this unit you will learn about the first step in the risk management process, regarding
establishing the internal and external context, the objectives at risk, and the purpose of risk
management relevant to your situation.

You will also look at the second step in the process, risk assessment, which comprises risk
identification, risk analysis and risk evaluation.

15 | P a g e
 UNIT 3 | CONTEXT, OBJECTIVES AND RISK ASSESSMENT

Unit Content Section Learning Outcomes

The student can:

3.1 Establishing the internal and external context

A. Internal context Assess the status of, and
 Business processes and strategy. changes to, an organisation’s
B. External context - trends and drivers. internal and external context
C. Tools and techniques for understanding the using a variety of tools and
internal and external context, including: techniques.
 The Extended Enterprise
 Political, Economic, Social, Technical,
Legal, Environment (PESTLE)
 Stakeholder mapping
 Horizon scanning.

3.2 Objectives and purpose

A. Values, mission, objectives, strategy, and Critique the framing of objectives
tactics. and their relevance to an
B. Specific, measurable, achievable, realistic organisation's purpose and
and timebound (SMART) objectives. strategy.
C. Risk criteria and Key Performance Indicators
(KPI’s).
D. Attachment of risk.

3.3 Identification of risks

A. Risk articulation. Determine relevant risks and
B. Known unknowns. objectives, in a particular
C. Risk identification techniques. context, using appropriate risk
D. Emerging risks. identification techniques.
E. Risk classification.
F. Risk networks.

3.4 Analyse and evaluate risks

A. Prioritisation techniques, including: Establish the significance of the
 Impact and likelihood. identified risks, linked to risk
 Impact and action. appetite and tolerance using a
variety of techniques
 Proximity.
 Clock speed.
B. Levels of risk rating, including:
 Inherent.
 Current and target.
C. Risk matrices and heat maps.
D. Link to risk appetite and tolerance.

16 | P a g e
 UNIT 4 | MANAGING, MONITORING AND REPORTING RISKS

Unit 4 Managing, Monitoring and

Reporting Risks
Learning hours: 30

Assessment Guidance: Multiple choice questions written

assignment

Unit Learning Aim

After studying this unit, students will be able to:

• Establish an organisational environment where risks are effectively managed,

monitored and reported on.

Unit in Brief

In this unit students will evaluate the appropriate controls to take charge of and manage
the risks to an acceptable level. The monitoring and reviewing processes validate that
the controls are operating effectively and that any changes in the context, risks and risk
management process are recognised and actioned accordingly. This facilitates the risk
reporting process, enabling relevant information to be communicated effectively, and
supporting risk-based decision making.

Introduction to Unit

Ensuring real controls are designed and implemented to manage risk in an organisation’s
risk appetite and tolerance is one of the most important stages in the risk management
process. Monitoring, reviewing, and reporting on those risks and real controls provides
assurance that, considering the context the organisation is operating in and the risks that
it is facing, it can achieve its objectives. If this is not the case, decisions can be made
whether to put more effort into managing the risks, or where that is not appropriate or
possible, to change the objectives. This unit completes the risk management process,
started in Unit 2, using the current ISO 31000 standard by evaluating the stages of
managing (treating) the risks, and monitoring, reviewing, and reporting on them. The
formal ISO 31000 step of communication and consultation is embedded in all stages of
the risk management process. These stages close the risk management loop and support
risk-based decision making to ensure that objectives can be met.

17 | P a g e
 UNIT 4 | MANAGING, MONITORING AND REPORTING RISKS

Unit Content Section Learning Outcomes

The student can:

4.1 Management of risks using real controls Establish what constitutes a real
A. Real controls. control.
B. Management strategies for both threats and
opportunities.
C. Role of insurance and business continuity.
4.2 Control effectiveness
A. Control effectiveness techniques, including Assess the effectiveness of
the Swiss Cheese Model and the Hierarchy controls to determine if a risk is
of controls. managed.
B. Verification of real controls.

4.3 Monitoring risks

A. Monitoring the risks, including:
• Key risk indicators (KRIs). Monitor the risk status of an
• Key control indicators (KCIs). organisation using different
datasets and indicators.
• Leading and lagging indicators.
• Different datasets.
• Risk status.

4.4 Reviewing risks and risk management

A. Reviewing risks. Distinguish between the risks,
B. Reviewing the risk management process. controls, and processes in need
C. Link to assurance. of a review of an organisation.
D. Link to the control environment.

4.5 Reporting on risks and risk management

A. Communication versus consultation. Establish the audience, style,
B. Link to stakeholder mapping. and content for internal and
C. Communication plans. external risk reporting.
D. Reporting feedback loops.
E. Internal and external reporting.

4.6 Risk based decision making and action

A. Decision making styles. Establish where a decision
B. Link to risk appetite and tolerance. needs to be made to ensure
C. Link to risk culture. action is taken.

18 | P a g e
 UNIT 5 | RISK CULTURE AND APPETITE

Unit 5 Risk culture and appetite

Learning hours: 30

Assessment Guidance: Multiple Choice questions and written

assignment

Unit Learning Aim

After studying this unit, students will be able to:

• Determine the appropriate level of risk that an organisation can take in relation to
its risk culture.

Unit in Brief

In this unit students examine risk appetite and tolerance and their relevance to the
achievement of objectives, including the requirement for and design of risk appetite
statements. They also evaluate risk culture to assess people’s influence on the risk
management process and to determine a successful risk culture for an organisation.

Introduction to Unit

Determining risk appetite, tolerance and capacity enable organisations to understand the
amount of risk they can and are willing to take to achieve their objectives. This in turn
contributes to the practical understanding of which risks are relevant and the amount of
effort that is required and should be undertaken to manage those risks.

Ensuring risks are managed to an acceptable level often requires a change in attitude,
behaviour, and risk culture within an organisation. Establishing the appropriate risk culture,
as part of the organisational culture, can often mean the success or failure of the risk
management process, and from the many worldwide examples, can also mean the
success or failure of the organisation itself.

This unit evaluates both risk appetite and risk culture to ensure the right risks are being
assessed and managed appropriately, to create and protect value for an organisation and
to support it in achieving its objectives.

19 | P a g e
 UNIT 5 | RISK CULTURE AND APPETITE

Unit Content Section Learning Outcomes

The student can:

5.1 Risk appetite and tolerance Distinguish between risk

A. Risk Universe. appetite, tolerance, and
B. Risk Capacity. capacity.
C. Risk Tolerance.
D. Risk Appetite.

5.2 Risk appetite statements Recommend the most

A. Designing risk appetite statements. appropriate form of risk
B. Narrative risk appetite statements. appetite statement for an
C. Tangible risk appetite statements. organisation including
qualitative and quantitative
formats.

5.3 Risk appetite criteria

• Using risk appetite to support action,
Establish risk appetite criteria
including:
and trigger points of an
• High Impact – Low Probability (HILP)
organisation.
• Triggered Response Plan (TARP).
• Link to risk analysis in Unit 3.

5.4 Risk Culture Evaluate risk culture and its

A. Risk Culture and its importance. value for organisations.
B. Different risk culture perspectives, such as
banking and construction.
C. Control of risk cultures, such as ERM vs
compliance.

5.5 People and risk culture Assess the influence of people

A. Risk predisposition. in the risk management process.
B. Risk perceptions.
C. Risk biases.

5.6 Models of risk culture Assess the appropriate risk

A. Leadership, involvement, communication, culture for an organisation using
accountability, learning (LILAC).
different risk culture models.
B. Risk culture models, including:
• ABC Model
• Double S Model.

5.7 Successful risk culture Evaluate the success of the

A. Questions to ask a Board. risk culture of an organisation
B. Measuring risk culture, including:
• Culture Aspects model.

20 | P a g e
 UNIT 6 | CORPORATE GOVERNANCE AND RISK ASSURANCE

Unit 6 Corporate governance and risk assurance

Learning hours: 30

Assessment Guidance: Multiple choice questions and written

assignment

Unit Learning Aim

After studying this unit, students will be able to:

• Assess the role of risk management within corporate governance and risk
assurance.

Unit in Brief

In this unit students will analyse corporate governance, regulatory requirements and the
relevant risk management roles and responsibilities for boards and executive
management. Information that management receives regarding risks and controls being
managed and implemented effectively supports decision making and provides assurance
to the organisation and external stakeholders that an organisation is an ongoing concern
and has a long-term viability.

Introduction to Unit

The requirements of corporate governance, in the UK and worldwide, are to provide

assurance that organisations are directed and controlled in a way that ensures success
and sustainability, not just to protect shareholder interests, but also the interests of the
other internal and external stakeholders.

The board structure and the roles and responsibilities of members also provide guidance
on a relevant risk management framework for an organisation. This in turn provides
structure for assurance on the successful implementation of risk management and internal
control.

This unit examines the role of risk management in corporate governance and risk
assurance in relation to internal controls and the control environment.

21 | P a g e
 UNIT 6 | CORPORATE GOVERNANCE AND RISK ASSURANCE

Unit Content Section learning outcomes

The student can:

6.1 Corporate governance

A. Principle based governance. Explain different corporate
B. Prescriptive based governance. governance models.
C. International perspectives.

6.2 Board structures

A. Board structures and approaches to risk Assess the impact of different
management, including: board structures on risk
 Unitary. management of organisations.
 Supervisory.
 Two-tier.
6.3 Regulatory influences
A. Influence of regulatory bodies the risk Determine the influence of
management in organisations, including: regulatory bodies on risk
• Financial Reporting Council (FRC) management of organisations.
• Sarbanes-Oxley (SOX).
6.4 Board roles and responsibilities
A. Roles and responsibilities of the board, Determine the roles and
including: responsibilities of the Board for
• Board members. risk management in
• Board as a group. organisations.
• Chief Risk Officer (CRO).
6.5 Assurance
A. Internal control and the control environment. Evaluate the role and purpose of
B. Role of audit. internal control and assurance
C. Assurance models, such as the IIA Three for risk management in
Lines of Defence model. organisations.
D. Criteria of Control (CoCo).
6.6 Internal assurance
A. Internal assurance, including: Explain the role of internal
• Ongoing concern assurance and requirements for
• Long-term viability. risk management in
B. Link to viability statements in Unit 9. organisations.

6.7 External assurance

A. External assurance, including the of role Explain the role of external
rating agencies and changing requirements, assurance and requirements for
risk management in
such as Environmental, Social and
organisations
Governance criteria (ESG).
B. External audit.
C. Link to sustainability in Unit 8.

22 | P a g e
 UNIT 7 | RISK AND STRATEGY

15. Overview of Module 2 – Practice of Risk Management

This module builds on the principles and concepts learnt in Module 1 by exploring the
practical aspects of implementing effective risk management in organisations to ensure it
creates and protects value. Risk management is examined in relation to setting and
delivering on an organisation’s strategy, taking account of its value chain and core
objectives. The ability to achieve these objectives is further assessed through the scrutiny
of organisational sustainability and resilience, recognising that the world is changing at a
fast pace and risk management can help organisations be prepared, proactive and agile
enough to survive and thrive. The module then explores some of the different approaches
to risk management depending on the work being undertaken by an organisation, leading
to an examination of how risk management can be embedded effectively within
organisations, assessing the maturity of the risk management framework and process and
the competency requirements of both individuals and risk management professionals.

Module Learning Aims

By the end of the Module 2 students will be able to:

Units Learning Aims

Unit 7 Risk Management and Strategy Correlate the risk management

framework with the strategic framework
of an organisation.
Unit 8 Organisational Sustainability Explain how risk management is a vital
tool in establishing organisational
sustainability.
Unit 9 Organisational Resilience Explain how risk management is a vital
tool in ensuring organisational resilience.
Unit 10 Approaches to Risk Management Explain the purpose and typical approach
to managing risk from a variety of
perspectives.
Unit 11 Embedding and Maintaining Risk Determine the appropriate approach to
Management embedding risk management in an
organisation.
Unit 12 Risk Management Competencies Establish relevant risk management
competencies of an organisation.

23 | P a g e
 UNIT 7 | RISK AND STRATEGY

Unit 7 Risk Management and Strategy

Learning hours: 30

Assessment Guidance: Essay assignment

Unit Learning Aim

After studying this unit, students will be able to:

• Correlate the risk management framework with the strategic framework of an

organisation.

Unit in Brief

In this unit students will examine the importance of an organisation’s strategy and how this
leads to the setting of objectives.

Introduction to Unit

Strategy is an important starting point for ERM. Setting and understanding organisational
objectives follow on from the strategy, and risk management focuses on the uncertainties
associated with the achievement of those organisational objectives.

Strategy is highlighted in the first step of the ISO 31000 process (scope, context, and
criteria) and in the second component of the current COSO ERM framework (strategy and
objective setting), which has been considered in Unit 3. It also forms part of the risk
management (RASP) framework covered in Unit 2.

Understanding the mission, vision and core values of an organisation and the development
of strategy and objectives is key to ensuring that relevant risks are identified, understood,
and managed within the organisation’s risk appetite.

This unit goes into further detail on strategy and objectives, introducing methods for
formulating business strategy and building on that knowledge to assess the
interconnectivity between risk and strategy processes. Finally, the role of risk in a series
of strategy models will be evaluated.

24 | P a g e
 UNIT 7 | RISK AND STRATEGY

Unit content Section learning outcomes

The student can:

7.1 Strategy
A. Strategy definitions. Appraise the quality of an
B. How strategy is formulated, including: organisation's business strategy.
 Vision, mission, objectives, strategy, and
tactics (VMOST).
 COSO / ISO 31000.
 Idea generation.

7.2 Risk management and strategy

A. Risks arising from the strategy. Assess how risk management is
B. Risk management’s influence on strategy. interconnected to the strategy of
an organisation.
7.3 Risk management and strategy models
A. Strategy models, including: Compare different risk
• Porter’s 5 Five Forces. management strategy models
• Value chains. used by organisations.
• Business processes.

25 | P a g e
 UNIT 8 | ORGANISATIONAL SUSTAINABILITY

Unit 8 Sustainability
Learning hours: 30

Assessment Guidance: Essay assignment

Unit Learning Aim

After studying this unit, students will be able to:

• Explain how risk management is a vital tool in establishing organisational

sustainability.

Unit in Brief

In this unit, students will examine the role that sustainability has on the performance of an
organisation and of the part that risk management plays.

Introduction to Unit

This unit begins by explaining the evolution of sustainability. It then examines the role of
risk management in organisational sustainability, before assessing how risk management
acts as a tool to hold organisations to account. The unit then moves on to evaluate the role
that ethics plays, and finally investigates one key aspect of sustainability, which is climate
change.

Sustainability will be examined from the lens of its journey so far, including aspects such
as Corporate Social Responsibility (CSR) and ESG and how issues such as climate
change and ethics are critical factors in a organisational strategy.

26 | P a g e
 UNIT 8 | ORGANISATIONAL SUSTAINABILITY

Unit content Section Learning Outcomes

The student can:
8.1 Organisational Sustainability
A. Sustainability definitions. Explain the evolution of
B. Evolution of sustainability, including: organisational sustainability.
• CSR.
• 1987 Bruntland Commission Report.
• Carbon Targets.
• ESG.

8.2 Risk management and sustainability

A. The role of risk management. Assess the role of risk
B. Integration with sustainability. management for organisational
sustainability.
8.3 Risk management, sustainability, and strategy
A. Risk management as an accountability Assess the impact of risk
mechanism for organisations, including: management on the
• Internally. sustainability of an organisation.
• Externally.
B. Risk management tools, including:
• Risk culture.
• Risk monitoring and reporting.
C. Influence of sustainability on strategy.

8.4 Climate change

A. Climate change and risk management. Determine the role of risk
B. Task force on climate-related financial management in understanding
disclosures (TCFD). and reporting on climate change
risks.
8.5 Ethics
A. Organisational behaviour. Assess the impact that
B. Personal ethics and its impact on personal organisational behaviour has on
predisposition to taking risk and exercising risk taking and control.
control.

27 | P a g e
 UNIT 9 | ORGANISATIONAL RESILIENCE

Unit 9 Resilience
Learning hours: 30

Assessment Guidance: Essay assignment

Unit Learning Aim

After studying this unit, students will be able to:

• Explain how risk management is a vital tool in ensuring organisational resilience.

Unit in Brief

In this unit students examine organisational resilience and how it can help organisations
manage future shocks, disruptive events, and major incidents. This unit assesses the
importance of organisational agility and how resilience can be tested to give some
assurance to stakeholders.

Introduction to Unit

As organisations emerge from the COVID-19 pandemic, in common with those that
survived after the financial crisis of 2008/9, the topic of resilience comes centre stage.

This unit begins with evaluating the concept of resilience and builds on it to examine past
and potential future disruptors. Organisational agility is appraised and how risk
management can support both agility and innovation in a dynamic world.

Risk management tools for testing for resilience are examined, and the concept of ‘Long
Term Viability,’ introduced in the UK following the financial crisis of 2008/9, as a reporting
requirement on companies to justify their resilience taking account of their principal risks.

28 | P a g e
 UNIT 9 | ORGANISATIONAL RESILIENCE

Unit content Section Learning Outcomes

The student can:

9.1 Organisational Resilience

A. Definition of resilience. Assess the role of risk
B. Evolution of organisational resilience. management in organisational
resilience.
C. Role of risk management in organisational
resilience.

9.2 Organisation disruptors

A. Past disruptors, including case studies. Assess past and potential
B. Potential disruptors. disruptors of an organisation.

9.3 Agility and risk management

A. Agility and risk management. Explain how risk management
B. Risk management and innovation. supports agility and innovation in
organisations.
9.4 Tests for resilience
A. Resilience testing tools, including: Determine the most appropriate
• Scenario analysis. risk management tools that can
used to test resilience of an
• Horizon scanning.
organisation.
• Stress testing.
• Business Continuity Management.

9.5 Viability statements

A. Viability and going concern. Appraise an organisation’s
longer term viability statement.
B. Components of longer-term viability.
C. Integrated / combined reporting.

29 | P a g e
 UNIT 10 | APPROACHES TO RISK MANAGEMENT

Unit 10 Approaches to risk management

Learning hours: 30

Assessment Guidance: Essay assignment

Unit Learning Aim

After studying this unit, students will be able to:

• Explain the purpose and typical approach to managing risk from a variety of
perspectives.

Unit in brief

In this unit students will examine different approaches to risk management relating to
different activities, functions, and perspectives in an organisation.

Introduction to Unit

ERM is defined by COSO as: ‘The culture, capabilities, and practices, integrated with
strategy-setting and its execution, that organizations rely on to manage risk in creating,
preserving, and realizing value.’ Enterprise Risk Management integrates with and cuts
across all sources of risk management in an organisation.

This unit explores some of the different risk management approaches that can be found
in organisations, where risk management exists for different regulatory or operational
purposes. You will examine some of the common approaches relating to: Information
technology, health, safety, security, environment, and social aspects, portfolios and
programs, and projects, insurance, banking; the supply chain and legal.

30 | P a g e
 UNIT 10 | ORGANISATIONAL RESILIENCE

Unit content Section Learning Outcomes

The student can:
10.1 Information Technology
A. Information Technology and digital. Explain the purpose and typical
B. Cyber security. approach to manage risk from the
C. Key standards, including: perspective of an individual in the
• COBIT 2019. IT field.
• ISO 27001.

10.2 Health, safety, security, environment, and

social aspects Explain the purpose and typical
A. Health and Safety. approach to manage risk from the
B. Security, Environmental and Social. perspective of an individual in the
C. Key standards, including: Health and Safety field.
• IOSH.
• NEBOSH.
• RIDDOR.
• ISO 45000.

10.3 Portfolios, Programmes and Projects

A. Portfolios. Explain the purpose and typical
B. Programmes. approach to manage risk from the
C. Portfolios. perspective of an individual in the
D. Key standards, including: project management field.
• Association of Project Management.
• Project Management Institute.

10.4 Insurance
A. Types of insurance. Explain the purpose and typical
B. Captive insurance companies. approach to manage risk from the
C. Actuaries and underwriters. perspective of an individual in the
D. Insurance vs reinsurance. insurance field.
E. Key standards, including:
• Solvency II.

31 | P a g e
 UNIT 10 | ORGANISATIONAL RESILIENCE

Unit content Section Learning Outcomes

The student can:
10.5 Banking
A. Financial services. Explain the purpose and typical
B. Operational risk management. approach to manage risk from the
C. Stress testing and capital requirements, perspective of an individual in the
including: banking field.
• Own Risk and Solvency Assessment
(ORSA).
• Internal Capital Adequacy Assessment
Process (ICAAP).
D. Key standards, including:
• Basel III.

10.6 Supply chain

A. Value chain, including the extended Explain the purpose and typical
enterprise. approach to manage risk from the
B. Procurement and contractual approaches. perspective of an individual in the
C. Key standards, including: supply chain field.
• ISO 28000.

10.7 Legal
A. Legal requirements and compliance in Explain the purpose and typical
general. approach to manage risk from the
B. Key standards, including: perspective of an individual in the
• ISO 31022. legal field.

32 | P a g e
 UNIT 11 | EMBEDDING AND MAINTAINING RISK MANAGEMENT

Unit 11 Embedding and maintaining risk

management
Learning hours: 30

Assessment Guidance: Essay assignment

Unit Learning Aim

After studying this unit, students will be able to:

• Determine the appropriate approach to embedding risk management in an

organisation.

Unit in Brief

In this unit students will examine the maturity of risk management within an organisation
and the need for continuous improvement.

Introduction to Unit

Risk management processes are rarely reviewed for appropriateness and effectiveness
by many organisations. This leads to lack of engagement, disinterest, reduction in value
and sometimes the failure of risk management.

This unit assesses the maturity of risk management in organisations. You will explore
the interconnectedness of risks and integration of risk management with other
operational activities. Finally, you will examine road maps to risk management maturity
to ensure continuous improvement in increasingly changing internal and external
contexts.

33 | P a g e
 UNIT 11 | EMBEDDING AND MAINTAINING RISK MANAGEMENT

Unit content Section Learning Outcomes

The student can:
11.1 Risk management maturity
A. Gap analysis. Analyse the maturity of risk
B. Levels of sophistication. management of an organisation.
C. Critical success factors.

11.2 Interconnectedness of risks and integration

of risk management
A. Network and causal analysis. Evaluate the links between risk
B. Activity touch points, including budget, management and established
strategy, and systems. systems, processes, activities,
and functions of an organisation.
11.3 Road maps to risk management maturity
A. Quick wins. Recommend an appropriate road
B. Medium-and-long-term maturity. map to achieve desired risk
C. Role of software. management maturity for an
organisation.
11.4 Continuous improvement
A. Management of change. Assess the continuous
B. Continuous improvement. improvement of risk management
using different methodologies.

34 | P a g e
 UNIT 12 | RISK MANAGEMENT COMPETENCIES

Unit 12 Risk management competencies

Learning hours: 30

Assessment Guidance: Essay assignment

Unit Learning Aim

After studying this unit, students will be able to:

• Establish relevant risk management competencies of an organisation.

Unit in Brief

In this unit students will examine the risk management competencies required to
implement effective risk management within an organisation, recognising the value of
risk management professionals.

Introduction to Unit

Risk management is a value adding process for all organisations, provided it is

supported by competent risk management professionals, relevant to the size, nature,
and structure of each organisation.

This unit assesses the competencies of risk management professionals and those
capabilities needed by individuals in organisations. You will examine risk management
gap analysis and road maps to achieve desired competency levels. You will also explore
specific skills commonly required of risk management professionals, such as facilitation,
data analysis and influencing. Finally, you will assess the value that risk management
professionals bring to organisations.

35 | P a g e
 UNIT 12 | RISK MANAGEMENT COMPETENCIES

Unit content Section Learning Outcomes

The student can:
12.1 Risk management professional/
management competencies
A. Gap analysis. Determine the gaps in the
B. Professional competencies, including: professional competencies and
• IRM Professional Standards behavioural and technical skills of
risk managers and those involved
C. Behavioural and technical skills.
in the risk management process
of an organisation.
12.2 Road maps to risk management
competency
A. Upskilling. Critique a competency framework
B. Training. roadmap of an organisation for
C. Coaching and mentoring. optimal risk management.

12.3 Specific skills - facilitation

A. The role of the facilitator. Recommend an approach to
B. Running effective risk workshops. facilitating an effective risk
workshop for an organisation.
12.4 Specific skills – data analysis
A. Analytical skills. Determine the need for risk
B. Data analysis and how it is changing. management professionals to
analyse data effectively.
12.5 Specific skills – influencing
A. Communication, reporting and Evaluate the need for risk
presentations. management professionals to
B. Complacency vs crisis. influence decisions and actions
C. Informing and supporting decision-makers. effectively and appropriately in
organisations.
12.6 Value of the risk management professional
A. Making an impact. Establish your personal value to
B. Making a difference. the organisation as a risk
C. Engagement and commitment. management professional.

36 | P a g e
16. Assessment
Formative assessments are available to students at the end of each unit to encourage
learning. It provides generic feedback to students on their level of attainment. Students are
encouraged to engage with the formative self-assessments in the Moodle lessons and use
these tools to determine their level of attainment to move on to the next unit.

Formative assessments are where students can engage in self-assessment and feedback to
assess the progression of learning and understanding.

Part of the IRM’s Enterprise Risk Management International Certificate Module 1 summative
assessment or assessment of learning is conducted through an online third party’s software
using multiple choice questions (MCQs) which are selected from a bank of questions at
various degrees of difficulty. Questions may be standalone or used in conjunction with case
study scenarios. The other part of Module 1 as well as Module 2 are assessed by
assignment-based essay questions in order to assess the student’s ability to apply the
theory learnt in Module 1.

IRM assessments are designed to ensure that learning outcomes of modules/qualifications

are achieved. As such, learning outcomes are embedded in the marking criteria against which
judgements are made about a student’s performance. Students and examiners/assessors
have a clear understanding of these criteria, which are published in the lessons on the
VLE/Moodle and the Examiners Handbook.

Assessments are designed to promote effective learning. They provide opportunities for all
intended learning outcomes that have been defined for the module and syllabus, to be
assessed. The range and types of assessment measure students’ achievement of module
learning outcomes. Tasks are designed to assess one or more learning outcomes of modules.
There is a clear development of, and information about, progression through the modules, in
terms of both attainment and demonstration of skills and attributes.

16.1 Principles of External Summative Assessments

16.1.1 Validity of IRM summative assessments is assured by ensuring that the content,
skills, applications, and qualities which are defined throughout the qualification,
are evident in the assessment using appropriate assessment methodologies.
16.1.2 Reliability of IRM assessments is achieved by ensuring that assessments can be
used with the same results over a specified period for all students in different
geographies. Comparability of IRM assessments is understood by users in terms
of benchmarks and historic standards as applied to the assessment, with
assessment outcomes that are comparable to the standards of the qualification
and the assessment itself and between similar qualifications and assessments of
other awarding bodies every two years. The IRM also amends qualifications
when new knowledge in the risk management field necessitates, for the
qualifications to stay current and fit for purpose.

37 | P a g e
 16.1.3 Relevance of IRM assessments is achieved by evaluating both knowledge and
skills of students/candidates in the field of risk management. The design of
assessments reflects the skills that students are required to develop, as well as
measuring the students’ understanding of the learning aims and outcomes.
16.1.4 The IRM endeavours to provide sufficient balance between learning and
assessment. Minimising bias of IRM assessments which is achieved by:
• Ensuring that all students have access to assessments which are highlighted
in, The IRM Equality and Diversity Policy, which is considered when designing
the assessment.
• Ensuring that the design of assessments reflects the needs of a wide range
of students, recognising and respecting equality and diversity so that
individuals or groups are not disadvantaged.

16.2 Security of summative assessments

The summative MCQ assessments for part of Module 1 are conducted on-line at the
third parties’ examinations centres (currently Pearson VUE test centres) and
security is in place to prevent malpractice including Pearson VUE
Candidate Rules Agreement, Securing Exams against Test Fraud and
Pearson Professional Examination Rules, to prevent:

• Impersonation of students – ID and passwords are required.

• Use of mobile phones.
• Use of notes (in any format).
• Use of the internet.

During the assessment students cannot print screen or take photographs. This is to
prevent ‘sharing’ of assessments and maintain the integrity of the assessments.

The assignment essay type assessments for part of Module 1 and all of Module 2 are
secured by being released only during the time period allocated for the assignment until
submission.

16.3 Structure of summative assessments

MCQ summative assessments for Module 1 are constructed from questions in a question
bank. The question bank includes questions on all areas of Module 1 syllabus hence
ensuring that the learning outcomes can be assessed.

The IRM uses several question types, in designing the MCQ questions, from simple
MCQs to reasoning and assertion style questions. Questions may be standalone or used
in conjunction with case studies scenarios.

The assignment-based essay type questions for part of Module 1 and all of Module 2
are to give students the opportunity to show their knowledge and understanding of the
various topics and be able to apply this to organisations of their choice.

38 | P a g e
16.4 Valid assessment decisions

MCQ assessments are marked on-line by the third-party’s software. A meeting is held
where a statistician from the third-party provider as well as the Principal and Chief
examiners and members of the examination and qualification development staff review
each item performance and set the pass marks for the assessment.

Assignment based essay questions for part of Module 1 and all of Module 2 are
marked by assessors through the Moodle portal, using marking rubrics.

16.5 Issuing Results and Certificates

The IRM aims to issue results within six weeks after the last examination sitting. The
results are issued via email to students. All certificates are sent by post to students within
three weeks of the notification of results.

16.6 Withholding results or certificates

Results or certificates may be withheld due to allegations of malpractice either by

a student or a centre until a resolution is found but IRM will not withhold results of
certificates because of student financial difficulties.

16.5 Resits and resubmissions

If a student fails the MCQ examination, they can re-sit at the next available session.
Students are permitted a maximum of three attempts.

Re-sit application forms must be submitted with the appropriate fees no later than
two months before the examination.

If a student fails the essay-type assignment, they can re-submit it at the next
available submission window. Students are permitted a maximum of three
submissions.

Re-submission forms must be submitted with the appropriate fees no later than
two months before the submission deadline.

39 | P a g e
Appendix 1 Verbs used in aims and learning outcomes

Term Definition

Analyse Critically examine methodically breaking it

down, to explain and interpret it.
Appraise Assess the value or quality of something.
Assess Make an informed judgement about the
value, strengths, or weaknesses of an
argument, claim or topic by weighing all the
views on it.
Compare Identify similarities between two or more
subjects of discussion.
Correlate Find a mutual relationship or connection in
which one thing affects or depends on the
other.
Critique Provide an opinion or verdict on whether an
argument or set of research findings is
accurate.
Determine Ascertain or establish the facts.
Distinguish Identify similarities between two or more
subjects of discussion.
Establish Determining the facts.
Evaluate Provide one’s own opinion concerning the
extent to which an argument or set of
research findings is accurate.
Examine Establish the key facts and important issues
of a topic or argument by looking at them in
close detail to analyse them.
Explain Clarify a topic by providing as much detail
as possible and giving definitions for any
key terms used, showing clear
understanding in a logical coherent
response.
Justify Explain the basis of an argument by
presenting evidence that informed the view
explaining why other arguments are
unsatisfactory.
Monitor To keep track of or check for a special
purpose.
Recommend Put forward something/an idea as suitable
for a particular purpose or role.

40 | P a g e
Appendix 2 Glossary of terms used

Abbreviation Meaning

Cert Certificate
COBIT Control Objectives for Information Technology
CoCo Criteria of Control
COO Chief Operating Officer
CRO Chief Risk Officer
CSR Corporate Social Responsibility
ERM Enterprise Risk Management
ESG Environmental, Social and Governance
FRC Financial Reporting Council
HILP High Impact – Low Probability
HM Her Majesty’s
ICAAP Internal Capital Adequacy Assessment Process
IOSH Institute of Occupational Safety and Health
IRM Institute of Risk Management
IRMCert Institute of Risk Management Certificate
ISO International Standards Organisation
KCI’s Key Control Indicators
KPI’s Key Performance Indicators
KRI’s Key Risk Indicators
LILAC Leadership, Involvement, communication, Accountability and Learning
NEBOSH National Examination Board in Occupational Safety and Health
ORSA Own Risk and Solvency Assessment
PESTLE Political, Economic, Social, Technology, Legal, Environment
RASP Risk Architecture, Strategy and Protocols
RIDDOR Reporting of Injuries, Diseases and Dangerous Occurrences
Regulations
RMIS Risk Management Information Systems
SMART Specific, Measurable, Achievable, Realistic, Timebound
SOX Sarbanes-Oxley
TARP Triggered Response Plan
TCFC Task Force on Climate-related Financial Disclosures
UK United Kingdom
VLE Virtual Learning Environment
VMOST Vision, mission, objectives, strategy, and tactics

41 | P a g e
Build your
career as a risk
professional

Training with the IRM

With training courses covering a wide range of
enterprise risk management topics, our courses are
delivered by industry experts so you can immediately
apply the latest in best practice techniques. As well as
being practical and interactive, the courses allow you
to log CPD hours and some offer accreditation.

www.theirm.org | Tel: +44 (0)20 7709 9808 | Email: [email protected]