1. How high do you assess the knowledge level of the business strategy throughout the company by the average employee? Is it your assessment that there is a robust understanding of JAAs business strategy? Support your position with examples.
2. As you are aware,effectiveimplementationofISO31000involveseffectivedesignand implementation of a risk management framework and effective implementation of the risk management processes.Thiswillbeverifiedbyincorporationof11keyprinciples. Find an example in the case for each of the 11 principles in action.
3. Why is it important that the company be able to identify JAAs major stakeholders? How should a company identify its stakeholders? What is meant by the concept that stakeholders select the company instead of the company selects the stakeholders?
4. Whatcharacteristicsdoyouseeintheboardofdirectorsthatlendthemselvestoastrong tone at the top and a culture that fully embraces risk management?
5. If you compare the internal audit department at JAA to several that you know of currently in the marketplace, what are some of the major differences that you see at JAA that obviously have contributed to superior performance? What is unique and refreshing about the approach to the external audit as compared to what you have seen in the industry?
6. Whatisyouropinionoftherisk(event)identificationtechniquesinplaceatJAA?How do you think that the company evolved to using such techniques?
7. What is the linkage at JAA between the strategic objectives, context, stakeholders, and risk criteria? Support your comments with specific examples of the link in these four areas.
8. Why is it important that risk criteria be created as per JAA? Do you think it is possible for any reasonable risk treatment plan to be in place without the creation of such criteria?
9. Review the risk management policy in Appendix B and describe the kinds of things that constitute a best-in-class policy.
10. What other types of general or specific policies can you describe to manage risks?