ARM 55: Risk Assessment and Treatment Exam Review
CAD008
Speaker:
• Susan Kearney, CPCU, ARM, AAI, AU, Senior Director of Knowledge Resources, The Institutes
Learning Objectives
At the end of this session, you will:
• Anticipate the ARM 55 Exam Format
• Recall specific principles likely to appear on the ARM 55 exam
• Appraise your strengths and weaknesses applied to ARM 55 exam subjects
Session Overview
• Exam Basics – What to Expect
• Test Taking Tips
• Review of the “Top” Most Challenging Educational Objectives of ARM 55
Exam Basics – What to Expect
• Exam Length, Exam Format
• Educational Objectives
• Balanced Exam
Test Taking Tips
• Don’t get bogged down early
• Try the exam in “waves”
• Get the easy ones
• Eliminate the obviously wrong answers
• Use the mark for later review feature
• Use your scratch paper to keep track
ERM Framework and Process
Model
Risk Assessment and Treatment
Segment A
● Intro to Risk Assessment & Treatment
● Root Cause Analysis
● Business Continuity
● Physical Property Risk
Segment B
● Intellectual Property & Reputation Risk
● Legal & Regulatory Risk
● Management Liability
● Human Resource Risk
Segment C
● Environmental Risk
● Crime & Cyber Risk
● Fleet Risk
Assignment 1: Intro to Risk Assessment and Treatment
• Overview of Risk Assessment
• Categories of Risk Identification and Analysis Techniques
• Risk Treatment
• Traditional Accident Analysis Techniques
• System Safety Analysis
• Loss Control Techniques for Hazard Risk
Challenging Assignment 1
EO 1.04 and EO 1.05
• Describe the following accident analysis techniques:• Sequence of events (Domino theory)
• Energy transfer theory
• Techniques of operations review (TOR) approach
• Change analysis
• Job-safety analysis
• Describe system safety, its primary purpose, and its advantages.
Accident Causation
Accident Analysis TechniquesTechnique Application Control
Sequence of events (Domino theory – H.W. Heinrich)
Presumes that accidents are the end result of a chain of accident factors (5 factors, pg. 1.18)
Correcting unsafe acts
Energy transfer theory (Dr. William Haddon)
Views accidents as energy that is released and that affects objects, including living things, in amounts or at rates that objects cannot tolerate—accidents are caused by energy out of control (10 strategies, pg. 1.19)
Controlling released energy and/or reducing harm caused by that energy
Technique of Operations review (TOR) approach(D.A. Weaver)
Views the causes of accidents to be a result of management’s shortcomings (ineffective management) such as inadequate coaching, failure to take responsibility, unclear authority, inadequate supervision
Managers must recognize their own (or colleagues) faults and correct them
Change analysis Asks a series of “What if?” questions and projects the consequences for each of the changes and for all feasible combinations of change.
Hazards from planned or unplanned changes that can cause or causedundesired outcomes are identified and corrected
Job safety analysis (JSA) Evaluates repetitive human tasks, in an environment sufficiently stable to allow most hazards to be foreseen.
Hazard that are identified, controls are defined, and responsibility for implementing each assigned
Joe works in an auto garage. His work area is cluttered and
disorganized. His supervisor is rarely in the area, and Joe lacks
direction and proper training. Joe is injured when he receives a
severe shock from improper grounding while using a piece of
electrical equipment. This example best illustrates the accident
causation theory of the
A: System safety approach.
B: Technique of operations review (TOR) approach.
C: Energy transfer theory.
D: Domino theory.
Which one of the following system safety techniques is best
suited to analyze repetitive human tasks performed in a
sufficiently stable environment where most hazards are foreseen?
A: Technique of human error rate prediction (THERP)
B: Failure mode and effect analysis (FMEA)
C: Job safety analysis (JSA)
D: Prototype analysis
System Safety AnalysisSystem Feature Key Points
Components •Physical elements•Subsystems•Flows (energy sources)
Purpose Understand the purpose of the components
Environment Understand system’s environment (aspects of larger systems)•Immediate physical environment•Organizational (management) environment•Socioeconomic/legal environment
Life cycle •Conceptual•Engineering•Production•Operational•Disposal
Houma Mortgage leases a fleet of automobiles for its real estate
appraisers. During her review of recent vehicular accidents, their
risk manager is trying to identify failures, human and/or mechanical,
in order to target corrective actions and prevent future losses by
looking at ways in which these accidents occurred and ways in
which the frequency or severity can be reduced. This is an example
of the
A: Future states analysis.
B: Sequence of events analysis.
C: System safety technique.
D: Technique of operations review approach.
Assignment 2: Root Cause Analysis
• Introduction to Root Cause Analysis
• Failure Mode and Effects Analysis (FMEA)
• Fault Tree Analysis (FTA)
• “5 Whys” Analysis and the Fishbone Diagram
GROUP ACTIVITY
• Root cause analysis
• Failure mode effects analysis (FMEA)
• Fault tree analysis (FTA)
• 5 Whys analysis
• Fishbone (Ishikawa) diagram
Group 1
Root cause analysis (RCA) encompasses a variety of tools,
philosophies, and processes. There are several broadly defined
RCA approaches, according to their basic approach or field of
origin. Which one of the following approaches to RCA evolved
from quality control procedures for industrial manufacturing?
A: Production-based RCA
B: Safety-based RCA
C: Systems-based RCA
D: Failure-based RCA
Group 2
Air-Freight Co. wants to use failure mode and effects analysis (FMEA) to
analyze its systems, subsystems, components, sub-assemblies, and parts.
Level 1 is the overall system for shipping freight. Level 2 is the system
segments, with the prime items (air freight hubs, schedulers, and logistics)
designated as Level 3. Level 4 is the subsystems (local freight handlers,
package sorters, etc.). Level 5 is the hardware and parts (forklifts, conveyor
belts, planes, and delivery vans, etc.). In FMEA, these various systems and
subsystems are called
A: Complexity levels
B: Critical levels
C: Risk priority levels
D: Indenture levels
Group 3
Using fault tree analysis, an "and" gate is connecting the events in
rectangles C, D, and E to the event in rectangle A. If the
probabilities of events in rectangles C, D, and E of the fault tree
are .10, .20, and .30, respectively, what is the probability that the
event in rectangle A will occur?
A: .006
B: .100
C: .300
D: .600
Group 4
Which one of the following is an advantage of "5 Whys" analysis?
A: It uses statistical data that has been collected.
B: As it is a quantitative method, the result is a precise
mathematical measure, complete with confidence levels.
C: If the investigator asks an irrelevant question, the analysis
ends without additional follow-up questions.
D: When several root causes are found, it can help determine
the relationship among them.
Group 5
In a Fishbone (Ishikawa) Diagram, the diagonal lines (the fish's
bones) emanating from the horizontal arrow (the fish's spine)
represent
A: Causes.
B: Effects.
C: Recommendations.
D: The problem being investigated.
An organization’s risk manager determines that loss control
supervision is lacking for a specific department. By
diagramming the consequences of this weakness, the risk
manager is employing
A: Technique of human error rate prediction (THERP)
B: Fault tree analysis (FTA)
C: Job safety analysis (JSA)
D: Failure mode and effect analysis (FMEA)
Assignment 3: Business Continuity Management
• Introduction to Business Continuity Management
• Business Continuity Planning
• Strategic Redeployment Planning
• Supply Chain Risk Management
• Crisis Communication
• Mitigating Supply Chain Risk
Business Continuity PlanningSteps
1. Understanding the business
Understand all aspects of the business, including determining key objectives
Examine use of facilities, materials supply chain, human resources, communications, processes, etc.
Identify key processes that constitute bases for BIA
2. Conducting a businessimpact analysis (BIA)
Identify and assess risks that may affect organization; what events may occur, when, and how
Measure financial and nonfinancial effect of risks and explore organizational vulnerabilities
Distinguish between critical and noncritical processes
3. Performing a risk assessment
Identify and evaluate potential exposures and probability that events will occur
Reveals exposures and assists in establishing risk mitigation efforts and action plans
Assessments conducted at various levels: enterprise assessment, site assessment, and program or project assessments (pg. 3.7)
4. Developing the continuity plan
Use of one or more strategies:active backup model, split operations model, alternative site model, contingency model (pg. 3.8)
Involves three levels of planning:BCM organization strategy, process level strategy, and resource recovery strategy.
Consider strategic choices: Insurance policy, transfer processing, termination, loss mitigation, or do nothing.
5. Implementing the continuity plan
Approval and support from sr. mgt. Plan should include 7 elements (pg. 3.9)
6. Building a BCM/BCP culture
Vision statement and support provided by sr. mgt.
Expectations and objectives set for middle mgt. for maintenance of departmental plans
Educate staff on importance of BCP; notify external suppliers and customers of BCP
7. Maintaining and updating the plan
Review BCP in detail Amend as internal or external conditional warrant
Supply Chain Best Practices and Mitigation Techniques
The development and implementation of a business continuity
plan entails seven steps. Which one of the following steps
involves assessing what events may occur, when they will occur,
and how they could affect achievement of key objectives?
A: Performing a risk assessment
B: Understanding the business
C: Conducting a business impact analysis
D: Developing a continuity plan
Patricia’s Pies is a small bakery that makes various types of fruit
pies. The pies are only sold at local markets. Patricia’s is loyal to
the local community and has always depended on a local farmer to
supply the fruit for the pies. Due to drought conditions this year,
the local farmer’s crops have been poor and he is unable to meet
the supply needs of Patricia’s Pies. Patricia’s is now contacting
other farmers trying to meet its fresh fruit demand, but the supplies
are limited and the prices are high. Which one of the following
external threats in the supply chain is Patricia’s facing?
A: Change in demand level
B: Single source supplier
C: Geopolitical environment
D: Sole source suppliers
Assignment 4: Physical Property Risk • Physical Property Categories
• Sources of Property Risk
• Windstorm, Earthquake, and Flood Loss Control
• Building - COPE
• Life Safety
• Valuing Physical Property
• Legal Interests in Physical Property
• Assessing and Treating Physical Property Risk
Key Concepts Assignment 4
• Construction• Know the distinctive characteristics of each major types (See Exhibit pg.
4.19)
• Occupancy• Know each of the six common types of occupancies
• What are primary ignition sources and risk control measures associated with each
• Protection• Internal (private) risk control measures
• Fire Suppression Systems and Extinguisher Classes (4.28-4.29)
• External protection (public)
• External Exposure• Loss exposures and risk control measures
Challenging Assignment 4
EO 4.07
• Explain how to use various methods to value physical property.
Valuing Physical PropertyValuation Method Description
Book Value An asset’s historical cost (original cost of property) minus accumulated depreciation.
Replacement Cost The cost to repair or replace property using new materials of like kind and quality with no deduction for depreciation.
Functional Replacement Cost The cost of replacing damaged property with similar property that performs the same function but might not be identical to the damaged property.
Market Value The price at which a particular piece of property could be sold on the open market by an unrelated buyer or seller.
Economic value The amount that property is worth based on the ability of the property to produce income.
Creative Catering has a 15 year old vehicle that was originally built
to prepare and serve sandwiches and drinks at various outdoor
functions such as car shows, sporting events, etc. The vehicle is of
low value but it generates approximately $100,000 a year in sales.
The risk management professional will primarily be most
concerned about its
A: Reproduction cost.
B: Market value.
C: Functional replacement cost.
D: Economic value.
Risk Assessment and Treatment
Segment A
● Intro to Risk Assessment & Treatment
● Root Cause Analysis
● Business Continuity
● Physical Property Risk
Segment B
● Intellectual Property & Reputation Risk
● Legal & Regulatory Risk
● Management Liability
● Human Resource Risk
Segment C
● Environmental Risk
● Crime & Cyber Risk
● Fleet Risk
Assignment 5: Intellectual Property and Reputation Risk
• Introduction to Intellectual Property Risk
• Copyrights
• Trademarks
• Patents
• Trade Secrets
• Valuing Intellectual Property
• Reputation Risk
Challenging Assignment 5
• What types of works are covered?
• What are requirements for creation?
• What are others prohibited from doing?
• What is the duration?
• What risk control measures can be used?
Betty has invented a new device that reduces the time it takes to
backup computer data by 90 percent. She believes this will be of
interest to several major computer and data manufacturers. Betty
should protect her invention with a
A: Copyright.
B: Trademark.
C: Patent.
D: Servicemark.
A duration of a design patent is
A: Three years from the date of application.
B: Fourteen years from the date of issuance.
C: Seventeen years from the date of registration.
D: Twenty years from the date of application.
Providence Pharmaceuticals believes that another company is
infringing upon its trademark. Providence Pharmaceuticals' risk
manager has instructed its legal department to begin by sending a
cease-and-desist letter and, if that is unsuccessful, to follow up with
a notification of intent to sue. This is an example of
A: A restrictive covenant.
B: A search and watch.
C: A notice.
D: An enforcement of rights.
Assignment 6: Legal and Regulatory Risk
• Basis for Legal and Regulatory Risk
• Legal and Regulatory Risk Consequences
• Modifying Legal and Regulatory Risk
• Legal Systems
• International Law
• Commercial Liability Loss Exposures
• Assessing and Treating Legal and Regulatory Risk
Challenging Assignment 6
EO 6.04
• Describe the characteristics of these predominant legal systems:
• Civil law (including Roman-French, German, and Scandinavian)
• Common law
• East Asian
• Hindu
• Islamic
• Socialist-Communist
Predominant Legal SystemsLegal System Description
Civil Uses comprehensive codes and statutes to form the backbone of a legal system and relies
heavily on legal scholars to develop and interpret the law.
Common Judges interpret the facts of a case, examine precedents, and make decisions based on the facts
in the current case.
East Asian Tradition of informal compromise, rather than individual parties' asserting their rights, in
negotiations remains strong characteristic of contract disputes.
Hindu Provides religious and philosophical rules in India and some surrounding countries. While a
statutory code of commercial, criminal, and civil procedures replaced Hindu law of contracts and
property, customs and laws of Hinduism still reflect remnants of caste system, where laws apply
separately and distinctly to members of 4 caste groups: priests, warriors, tradesmen, and
servants/artisans.
Islamic Used in countries whose citizens are almost entirely followers of Islamic Religion. This legal system is derived from the religious precepts of Islam, particularly the Qur’an and the Sunnah. Primary system of law is the Shari’ah.
Socialist-Communist Denotes a general type of legal system which has been used in communist and formerly communist states. It is based on the civil law system, with major modifications and additions. Central idea of the system is emphasis on the state's interest over that of individuals.
As opposed to many other legal systems, a strong
characteristic of the East Asian countries' approach to
contract disputes is
A: A tradition of informal compromise.
B: The dominance of individual parties asserting their
rights in arms-length negotiations.
C: A combination of religious and philosophical doctrines
that inform judicial decisions.
D: The codification of historical business practices as
statutes.
The central idea of the Socialist-Communist law system was the
emphasis on
A: The state's right to acquire private property for public
purposes.
B: Individual production for the state.
C: Communal labor and property.
D: The state’s interest over that of individuals.
Assignment 7: Management Liability
• Directors and Officers Liability Loss Exposures
• Employment Practices Liability Loss Exposures
• Fiduciary Liability Loss Exposures
Management Liability
• Directors and Officers Liability• Major responsibilities and fiduciary duties (care, loyalty, disclosure, obedience)
• Types of suits (derivative, no derivative, class action)
• Employment Practices Liability• Laws affecting EPL loss exposures (See exhibit on pg. 7.10)
• Discrimination
• Wrongful termination
• Sexual harassment
• Retaliation
• Fiduciary Liability• What is ERISA? Why enacted?
• What are the duties and responsibilities of employee benefit plan fiduciaries?
• What is HIPAA?
Challenging Assignment 7
EO 7.03
• Describe the legal foundations for fiduciary liability loss exposures, with specific reference to the Employment Retirement Income Security Act (ERISA) and the duties of employee benefit plan fiduciaries.
Duties and Liabilities of Employee Benefit Plan Fiduciaries
• Loyalty: A fiduciary’s actions must be solely in the best interests of the plan and all of its participants and beneficiaries.
• Prudence: A fiduciary must carry out his or her duties with the care, skill, prudence, and diligence of a prudent person familiar with such matters.
• Diversification: A fiduciary must ensure that the plan’s investments are sufficiently diversified to minimize the risk of large losses.
• Adherence: A fiduciary must act according to the plan documents and applicable law.
The Employee Retirement Income Security Act (ERISA) spells out
the four duties of a benefit plan fiduciary. Which duty requires that
the fiduciary act with a certain level of skill and diligence?
A: The duty of prudence
B: The duty of loyalty
C: The duty of diversification
D: The duty of adherence
Fiduciary liability loss exposures arise mainly when beneficiaries
of a plan make claim against the plan officials for breach of their
fiduciary duties. Which one of the following is a specific duty of a
plan fiduciary?
A: To act in a way that is solely in the best interests of the
organization providing the benefits
B: To ensure that the plan's investments are sufficiently
diversified to minimize the risk of large losses
C: To carry out duties in such a way that no investment plans
will lose money for the beneficiaries
D: To minimize actions that comply with the plan documents but
may not be in compliance with the law
Assignment 8: Human Resource Risk
• Human Resource Potential
• Types of Personnel Losses
• Assessing Personnel Loss Exposures
• Risk Treatment for Work-Related Injury and Illness
• Risk Treatment for Work-Related Violence
• Assessing and Treating Human Resource Risk
Challenging Assignment 8
EO 8.04
• Explain how the following risk control techniques can be used to mitigate losses arising from work-related injury and illness:
• Avoidance
• Loss prevention
• Safety Engineering
• Workplace Design
• Loss reduction
• Separation and duplication
Work-Related Loss PreventionSafety Engineering
• Physical controls – physical controls (engineering)
– Isolation
– Wet methods
– Ventilation
– PPE
• Procedural controls –procedural controls (administrative)
– Job rotation
– Supervision
– Other administrative steps
Workplace Design
• Ergonomics – physical forces
• Manual materials handling
• Cumulative trauma disorders
• Physical layout of workstations
• Displays and controls
• Fatigue
• Disabled employees
• Human factors engineering –human capabilities
• Biomechanics – mechanical limitations of people
A safety engineering physical control that might be used by an
organization to prevent or reduce work-related injury and
illness is
A: Job rotation.
B: Ventilation.
C: Training.
D: Supervision.
Which one of the following is a safety engineering procedural
control used to prevent or reduce work-related injury or illness?
A: Materials substitution
B: Isolation
C: Process change
D: Ventilation
A process that applies the knowledge of human behavior to
design equipment people use on and off the job defines
A: Biomechanics.
B: Ergonomics
C: Process oriented progression.
D: Human factors engineering.
In the middle of a recession, Heavy Equipment Co. (HEC) was
forced to lay-off hundreds of employees. HEC hired Paul as a human
resource manager three weeks before the lay-offs were announced.
Paul agreed to have the lay-off notices sent to employees with his
name on the notice. However, he demanded several security
measures including that his office be located beyond a checkpoint
with a metal detector, his office door would remain locked, and any
employee who visited him would be escorted by a security guard.
The measures Paul required are examples of
A: Physical risk control measures.
B: Procedural risk control measures.
C: Managerial risk control measures.
D: Mechanical risk control measures.
Risk Assessment and Treatment
Segment A
● Intro to Risk Assessment & Treatment
● Root Cause Analysis
● Business Continuity
● Physical Property Risk
Segment B
● Intellectual Property & Reputation Risk
● Legal & Regulatory Risk
● Management Liability
● Human Resource Risk
Segment C
● Environmental Risk
● Crime & Cyber Risk
● Fleet Risk
Assignment 9: Environmental Risk
• Legal Foundations for Environmental Liability
• Other Environmental Loss Exposures
• Environmental Statutes
• Environmental Risk Management, Risk Assessment, and Risk Control
• Climate Change Risk
• Assessing and Treating Environmental Risk
Challenging Assignment 9
EO 9.03
• Summarize the basic purpose and distinguishing features of each of the environmental statutes described.
• See Exhibit Page 9.11 “Summary of Federal Environmental Laws”
Which one of the following federal environmental statutes
facilitates the cleanup of any abandoned or uncontrolled site
containing hazardous substances and imposes strict liability for
cleanup costs on potentially responsible parties?
A: Toxic Substance Control Act
B: Clean Air Act
C: Resource Conservation and Recovery Act (RCRA)
D: Comprehensive Environmental Response, Compensation, and
Liability Act (CERCLA)
Bethel Co. would like to apply a risk control measure to better manage its
environmental loss exposures. The company produces a liquid similar to
formaldehyde. A byproduct of the production process is the creation of a toxic
liquid. One option Bethel is exploring is using a more expensive raw material that
cuts the byproduct produced by over 40 percent. Other alternatives are to burn the
byproduct in an industrial furnace, to add a powder to the byproduct that will
transform it into a gelatin-like substance, or to bury the substance in double-
barrels stored in a concrete bunker. Bethel chose the option of using the more
expensive raw material that cuts the byproduct produced by over 40 percent. The
risk control Bethel opted for is called
A: Solidification disposal.
B: Encapsulation.
C: Source reduction.
D: Stabilization disposal.
Assignment 10: Crime and Cyber Risk
• Distinctive Features of Crime Risk
• Characteristics of Common Crimes
• Controlling Crime Losses
• Cyber Risk Loss Exposures
• Controlling and Financial Cyber Risk Loss Exposures
• Social Media Risk
Key Concepts Assignment 10
• Be able to describe the characteristics of common crimes.
• Be able to distinguish between policy, physical, procedural, managerial controls and application to specific crimes
• Be able to explain cyber risk in property, net income, and liability loss exposures and risk control measures (physical, procedural, etc.)
Using violence, intimidation, or threats to influence others’
behavior, often for a political purpose, is called
A: Kidnapping.
B: Extortion.
C: Blackmail.
D: Terrorism.
Specialized risk control measures are necessary for an
organization to control cyber risk loss exposures. Which one of
the following risk control measures would be most effective at
preventing cyber risk-related losses such as the theft of customer
credit card data?
A: Post-cyber incident rapid recovery program
B: High limits cyber insurance with a coordinated deductible
plan
C: Notification of law enforcement officials when unauthorized
entry to the computer system is detected
D: Managerial controls such as monitoring compliance with the
security plan
Assignment 11: Fleet Risk
• Fleets as Systems
• Federal Motor Carrier Safety Regulations
• Controlling Losses Associated With Motor Vehicle Safety Systems
• Technological Advances in Motor Vehicle Fleet Safety
Challenging Assignment 11
EO 11.01
• Explain how fleets can be viewed as systems and the implications for fleet loss control.
• Components and purpose
• Environment
• Life cycle
• Systems and relationships
Challenging Assignment 11
Life Cycle
Conceptual Phase
Engineering Phase
Production Phase
Operational Phase
Disposal Phase
Challenging Assignment 11
• Systems and Relationships
• When subsystems fail, increases chance of loss in the larger system components
• Brake failure likely to cause accident
• When the larger system fails, it strains the subsystems
The importance of systems relationships from a risk control and
fleet management perspective is that
A: When a smaller system fails, the larger system of which the
smaller system is a part is more likely to fail.
B: Focusing on the larger system of which the smaller system is
a part will result in the best risk management outcomes.
C: Failure of any component leads to increased strain on only
smaller subsystems.
D: Directing all risk management energy toward smaller systems
is most cost-effective.
GOOD LUCK ON EXAM!