2. Risk Management Strategy

Question 1

What are the 7 steps of CIMA’s Risk Management Strategy model?

Answer 1

1. Establish a risk management strategy
2. Identify risk areas
3. Understand and assess scale of risks
4. Develop a risk response strategy
5. Implement the strategy and allocate responsibilities
6. Implement and monitor the suggested controls
7. Review and refine the process and do it again

Question 2

What should the risk management group do?

Answer 2

Facilitiate and coordinate the overall risk management process, and assign responsibilities

Question 3

What should the risk management group do?

Answer 3

Facilitiate and coordinate the overall risk management process, and assign responsibilities

Question 4

What is the role of the risk manager?

Answer 4

Instil a culture of risk awareness throughout the organisation and implement the risk strategy

Question 5

What is the role of the risk committee?

Answer 5

A group of NEDs who promote the understanding and assessment of risk and facilitate the development of a strategy for dealing with the risks identified

Question 6

What is a company’s risk appetite?

Answer 6

The amount of risk an entity is willing to accept in pursuit of returns

Question 7

What does the identifying risk areas step involve?

Answer 7

A risk audit (PESTLE/SWOT) assessing the competitive environment in which the company operates, relevant economic conditions and key stakeholders

Question 8

What are the 6 key elements of the risk register?

Answer 8

1. Title/ID
2. Likelihood
3. Potential impact
4. Risk owner
5. Mitigation actions
6. Overall risk level

Question 9

Who could be responsible for setting up and maintaining the risk register?

Answer 9

1. Senior management (top down)
2. Bottom up lower level staff
3. External consultant
4. Risk manager (internal)

Question 10

What are we trying to consider when looking at evaluating the scale of risk?

Answer 10

1. Serious enough
2. Controllable enough

Question 11

What 3 methods can be used to quantify risks?

Answer 11

1. Probabilities
2. Expected values
3. Cost benefit analysis

Question 12

What is the most common method of risk evaluation?

Answer 12

Risk map of impact vs likelihood

Question 13

What 2 methods can be used to create a risk mapping matrix?

Answer 13

1. Regression analysis
2. Monte Carlo (What If) analysis

Question 14

What are the 4 matrix options for a risk response strategy?

Answer 14

1. Transfer (high/low)
2. Accept (low/low)
3. Reduce (low/high)
4. Avoid (high/high)

Question 15

What does Portfolio Theory suggest?

Answer 15

It is less risk to have a diverse source of income, spreading investments via market expansion or diversaification

Question 16

Who could be used to monitor control effectiveness?

Answer 16

Internal audit

Question 17

What sort of a process do CIMA suggest that companies view risk management as?

Answer 17

A continual, embedded process

Question 18

How do COSO define ERM?

Answer 18

A process, led by the board of directors, applied in strategy setting across the organisation, designed to identify potential events that may affect the entity and managing risk to be within the risk appetite, to provide reasonable assurance

Question 19

What are the 8 components of the COSO 2004 framework?

Answer 19

1. Internal environment
2. Objective setting
3. Event identification
4. Risk assessment
5. Risk Response
6. Control activities
7. Information and communication
8. Monitoring

Question 20

What are the 4 objectives of the COSO 2004 framework?

Answer 20

1. Strategy (high level goals)
2. Operations (effective and efficient resource use)
3. Financial Reporting (reliability)
4. Compliance

Question 21

What was the focus of the 2017 COSO update?

Answer 21

ERM in strategic planning and embedding it throughout the organisation

Question 22

What were the 5 points of the 2017 COSO ERM update?

Answer 22

1. Governance and culture
2. Strategy and objective setting
3. Performance
4. Review and revision
5. Information, communication and reporting

Question 23

How does ISO 31000 describe risk?

Answer 23

An iterative process that is part of the organisation’s governance and leadership, considering internal and external factors

Question 24

What are the 3 clauses of ISO 31000?

Answer 24

1. Creating and protecting value
2. Risk governance framework
3. Risk management process

Question 25

What are the 3 dimensions that determine the size of the risk cube?

Answer 25

1. Seriousness of the threat
2. Extent of vulnerability
3. Impact of threat if arises

Question 26

What are the 4 lines of defence in a risk assurance map?

Answer 26

1. Fisrt line - managers/policies
2. Second line - functions e.g. audit committees
3. Third line - independent functions e.g. internal audit
4. Fourth line - external providers e.g. government

Question 27

What is an assurance map?

Answer 27

A tool that provides a structured approach to identifying the main sources and types of assurance in an organisation

Question 28

What are the 10 suggested points on a strategy map?

Answer 28

1. Identify sponsor
2. Determine scope (strat/op level)
3. Assess level of assurance needed
4. Map each assurance provider to defence line
5. Identify assurance activities
6. Reassess scope in light of activities
7. Assess quality of activities
8. Assess assurance split by defence lines
9. Analyse gaps or overlaps
10. Determine a course of action