2. Enterprise Risk Management Framework

Question 1

What is ERM?

Answer 1

Enterprise Risk Management: The culture, capabilities, and practices by which organizations manage risk to create, preserve, and realize value (performance).

Question 2

How does COSO define risk?

Answer 2

As neutral

Question 3

What are 2 types of risks?

Answer 3

Negative risk and positive risk.

Question 4

What are 6 elements needed to manage ERM?

Answer 4

1. Culture
2. Develop capabilities
3. Adaptation and integration of ERM practices
4. Integration with strategy-setting and performance
5. Manage risks to strategy and business objectives
6. Link to value through risk appetite

Question 5

What is portfolio view?

Answer 5

A composite view of risk the entity faces

Question 6

What is risk appetite?

Answer 6

The types and amount of risk that an organization is willing to accept

Question 7

What is mission?

Answer 7

Why organization exists.

Question 8

What is vision?

Answer 8

Aspiration for future

Question 9

What are 3 risks that exists in strategy?

Answer 9

1. Misalignment
2. Implications
3. Risk to success

Question 10

What are ERM 5 components?

Answer 10

1. Governance and culture
2. Strategy and objective-setting
3. Performance
4. Review and revision
5. Information, communication, and reporting

Question 11

What is risk ceiling?

Answer 11

The maximum level of risk established by the entity

Question 12

What is risk range?

Answer 12

The acceptable level of risk established by the entity

Question 13

ERM: What are 5 responsibilities of governance and culture?

Answer 13

1. Exercise board risk oversight: organizational bias, independence
2. Establish operating structures
3. Define desired culture
4. Demonstrate commitment to core values
5. Attract, develop, retail capable individuals

Question 14

ERM: What are 4 responsibilities of strategy and objective?

Answer 14

1. Analyze the business context - internal/external
2. Define risk appetite
3. Evaluate alternative strategies
4. Formulate business objectives

Question 15

ERM: What are 5 responsibilities of performance?

Answer 15

1. Identify risk
2. Assess severity of risk
3. Prioritize risks
4. Implement risk responses
5. Develop portfolio view

Question 16

ERM performance: Identify risks: what is risk inventory?

Answer 16

List of risks.

Question 17

ERM performance: Identify risks: What are 7 examples of approaches and methods to identify risk?

Answer 17

1. Cognitive computing (AI)
2. Data tracking
3. Interviews
4. KRI (key risk indicators)
5. Process analysis
6. Workshop
7. Make assumption known

Question 18

ERM performance: Identify risks: what is prospect theory?

Answer 18

How risk is framed (presented) influence peoples response to risk.

Question 19

ERM performance: assess severity of risks: what are 2 measures?

Answer 19

Impact and likelihood

Question 20

ERM performance: assess severity of risks: what are 3 risks that should be considered?

Answer 20

Inherent risk (risk in the absence of efforts to address)
Target residual risk (the desired amount of risk after actions)
Actual residual risk (the realized risk after action)

Question 21

ERM performance: Prioritize risks: What are 5 criteria?

Answer 21

1. Adaptability
2. Complexity
3. Velocity (speed of risk impacts on the entity)
4. Persistence
5. Recovery

Question 22

ERM performance: Implement risk responses: what are 6 risk responses?

Answer 22

1. Accept
2. Avoid
3. Pursue
4. Reduce
5. Share
6. Revisit objectives/strategy to reformulate

Question 23

ERM performance: develop portfolio view: what are 4 integration and view?

Answer 23

1. Minimal integration - risk view
2. Limited integration - risk category view
3. Partial integration - risk profile view
4. Full integration - portofolio view

Question 24

ERM performance: what is bot?

Answer 24

A software application thatruns automated (usually simple) tasks (scripts) on the internet. For example, bots to search a website (e.g., eBay, airlines) for bargains. Also called an internet bot or web robot.

Question 25

ERM performance: what is stress testing?

Answer 25

A method for testing risk portfolios - how different stressers change portfolio

Question 26

What should risk statement include?

Answer 26

A statement of risk and a statement of impact of the risk

Question 27

ERM monitoring, review, and revision: what are 3 responsibilities?

Answer 27

1. Access substantial change
2. Review risk and performance
3. Pursue ERM improvement

Question 28

ERM monitoring, review, and revision: Access: what are 3 example of substantial change?

Answer 28

Rapid growth, innovation, major changes in leadership

Question 29

ERM communication and reporting: what are 3 responsibilities?

Answer 29

1. Leverage information system
2. Communicate risk information
3. Report on risk, culture, and performance

Question 30

ERM communication and reporting: leveraging information system: Is relevant information structured?

Answer 30

Can be structured or unstructured.

Question 31

ERM communication and reporting: leveraging information system: what are 3 elements of effective datamanagrement?

Answer 31

1. Data and information governance
2. Process and controls
3. Data management architecture

Question 32

ERM communication and reporting: which one is narrow; portfolio or profile?

Answer 32

Profile

Question 33

ERM communication and reporting: what is risk owner?

Answer 33

Managers or employees who are accountable for the effective management of identified risks.

Question 34

What is COSO’s definition of fraud?

Answer 34

any intentional act or omission designed to deceive others, resulting in the victim suffering a loss and/or the perpetrator achieving a gain

Question 35

What are 4 categories of fraud?

Answer 35

1. Reporting fraud: financial: intentional misstatement of accounting information
2. Reporting fraud: non financial: Manipulation
3. Misappropriation of assets
4. Other illegal acts and corruption

Question 36

What are 5 fraud risk management principles?

Answer 36

1. Control environment
2. Risk assessment
3. Control activities
4. Information and communication
5. Monitoring activities

Question 37

What are 8 examples of fraud risk management though HR procedures?

Answer 37

1. Background, credit, criminal checks
2. Training
3. Evaluating performance and compensation
4. Annual employee surveys
5. Exit interviews
6. Segregation of duties
7. Transaction level controls
8. A whistleblower system

Question 38

What is fraud triangle?

Answer 38

Incentive and pressure
Opportunity
Attitude and rationalization

Question 39

What are 8 data analytics tools to support fraud management?

Answer 39

1. Data stratification: sort or categorize data
2. Risk scoring
3. Data visualization
4. Trend analysis
5. Fluctuation analysis
6. Statistical analysis and predictive modeling
7. Integrating external data sources

Question 40

Corporate responsibility: what are 4 provisions to promote responsibility?

Answer 40

1. Audit committee - authorization over internal auditors, independent directors, whistle blower system, engaging advisors
2. Officer certification of FS.
3. Misleading auditors is a crime
4. Clawbacks: Officers must payback bonuses if have to materially restate FS

Question 41

Must officer certify only annual FS?

Answer 41

No, both quarterly and annual FS.

Question 42

What are 4 things officers must certify re: IC?

Answer 42

1. Responsible for establishing/maintaining IC
2. Their system will make relevant material info known
3. Recently evaluated the effectiveness of IC
4. Reported the conclusion about effectiveness of IC

Question 43

What are 3 things officers must certify re: FS?

Answer 43

1. Reviewed FS
2. No materially untrue statement
3. FS is fairly presented

Question 44

What must officers do to auditors/committee and certify?

Answer 44

Reported sig deficiencies and material weaknesses in IC, any fraud

Question 45

What are 2 limitations for financial shenanigans?

Answer 45

Off-balance sheet transactions.

Limit on pro forma FS.

Question 46

What is the limitation about loans?

Answer 46

Prohibits public companies from making personal loans to top officers and directors unless its on market terms, in ordinary course of business, and available to the public as well.

Question 47

What must each annual report contain?

Answer 47

IC report

Question 48

What about CFO code of ethics?

Answer 48

SOX requires public companies to disclose whether or nor they have adopted a code of ethics for senior officers

Question 49

What is financial expert requirement?

Answer 49

at least one member of the audit committee be a “financial expert.”

Question 50

What are 2 types of activities re: document that are subject to criminal penalty?

Answer 50

1. Destruction, alteration, falsification of record in federal investigations and bankruptcy
2. Destruction of corporate audit documents

Question 51

How long must audit documents be kept?

Answer 51

5 years

Question 52

What is maximum penalty for white-collar crime due to enhancements?

Answer 52

$5 million in fines, and 20 yrs in jail.

Question 53

What is the penalty against retaliation of whistle blowers?

Answer 53

A fine and up to 10 yrs in prison.