Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

BEC > 3 COSO Enterprise Risk Management Framework > Flashcards

3 COSO Enterprise Risk Management Framework Flashcards

1
Q

What are the five interrelated components of the COSO ERM Framework?

A

Supporting aspects:

  1. governance and culture
  2. Information, communication, & reporting

Common process components:

  1. strategy and objective-setting
  2. performance
  3. review and revision
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the five principles of governance and culture?

A
  1. the board exercises risk oversight
  2. the organization establishes operating structures
  3. the organization defines the desired culture
  4. the organization demonstrates commitment to core values
  5. the organization attracts, develops, and retains capable individuals
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

How may the board delegate risk oversight?

A

by creating a risk committee

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

The manner in which core values are communicated across the organization can be described as what?

A

The tone of the organization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are the four principles of strategy and objective setting?

A
  1. the organization analyzes business context and its effect on the risk profile.
  2. the organization defines risk appetite
  3. the organization evaluates alternative strategies and their effects on the risk profile
  4. the organization establishes business objectives that align with and support strategy
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is business context?

A

the relationships, events, trends and other factors that influence the organization’s current and future strategy and business objectives

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is PESTLE analysis?

A

the external environmental factors consisting of:

Political - government intervention and influence
Economic - interest rates and availability of credit
Social - consumer preferences and demographics
Technological - R&D activity
Legal - laws, regulations, and industry standards
Environmental - climate change

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is risk appetite?

A

The amount of risk an organization is willing to accept in pursuit of value

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is risk capacity?

A

The maximum amount of risk an organization can assume

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

When an organization evaluates alternative strategies, what is an approach commonly used?

A 
SWOT analysis: 
Strengths
Weaknesses
Opportunities 
Threats
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

When should strategy be changed?

A

If it fails to create, realize or preserve value

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Business objectives are established to align and support strategy, they should be?

A
  1. Specific
  2. Measurable or observable
  3. Obtainable
  4. Relevant
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are the five principles that relate to performance?

A
  1. the organization identifies risks that affect the performance of strategy and business objectives
  2. the organization assesses the severity of risk
  3. the organization prioritizes risks at all levels
  4. the organization identifies and selects risk responses
  5. the organization develops and evaluates its portfolio view of risk
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are examples of risk identification methods and approaches?

A
  1. day-to-day activities - ex. budgeting, business planning or reviewing customer complaints
  2. simple questionnaires
  3. facilitated workshops
  4. interviews
  5. data tracking
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is severity of risk?

A

A measure of considerations such as impact, likelihood, and time to recover from events.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is time horizon to assess risk?

A

The amount of time it takes to achieve a strategy - Ex. the risk affecting a strategy that takes 2 years to achieve should be assessed over the same period.

17
Q

What are examples of quantitative methods used to assess risk?

A
  • decision tress
  • modeling (probabilistic and nonprobabilistic
  • Monte Carlo simulation
18
Q

Risks characteristics are evaluated using agreed-upon criteria. Higher priority is given to risks that most affect the criteria. What are examples of the criteria?

A
  1. complexity - the nature and scope of a risk
  2. velocity - the speed at which risk affects the entity
  3. persistence - how long a risk affects the entity, including the time it takes the entity to recover
  4. adaptability - the entity’s capacity to adjust and respond to risk
  5. recovery - the entity’s capacity to return to tolerance (ex, returning to normal operations after a natural disaster)
19
Q

What are the five categories of risk responses?

A
  1. acceptance - no action is taken to alter the severity of the risk
  2. avoidance - action is taken to remove the risk
  3. pursuit - action is taken to accept increased risk to improve performance without exceeding acceptable tolerance
  4. reduction - action is taken to reduce the severity of the risk so that it is within the target residual risk profile and risk appetite.
  5. sharing - action is taken to reduce the severity of the risk by transferring a portion of the risk to another party ( ex. insurance, hedging, joint ventures and outsourcing)
20
Q

What is portfolio view of risk?

A

The culmination of risk identification, assessment, prioritization and response

21
Q

What are the four risk views?

A

Risk views have different levels of risk integration:

  1. risk view - risks are identified and assessed (minimal integration)
  2. risk category view - identified and assessed risks are categorized (ex. based on operating structures)(limited integration)
  3. risk profile view - risks are linked to the business objectives they affect and any dependencies between objectives are identified and assessed (partial integration)
  4. portfolio view - composite view of risks relates to entity-wide strategy and business objectives and their effect on entity performance (full integration)
22
Q

What are qualitative methods used to evaluate how changes may affect the portfolio view of risk?

A
  • benchmarking
  • scenario analysis
  • stress testing
23
Q

What quantitative method is used to evaluate how changes may affect the portfolio view of risk?

A

statistical analysis

24
Q

What are the three principles of review and revision?

A
  1. the organization identifies and assesses changes that may substantially affect strategy and business objectives
  2. the organization reviews entity performance results and considers risk
  3. the organization pursues improvement of ERM
25
Q

When performance results deviate from target performance or tolerance, this may indicate?

A
  • unidentified risks
  • improperly assessed risks
  • new risks
  • opportunities to accept more risk
  • the need to revise target performance or tolerance
26
Q

What are the three principles of information, communication, and reporting?

A
  1. the organization leverages its information systems to support ERM
  2. the organization uses communication channels to support ERM
  3. the organization reports on risk, culture and performance at multiple levels and across the entity
27
Q

What is structured data?

A

structured data are generally well organized and easily searchable (ex. spreadsheets, public indexes or database files)

28
Q

What is unstructured data?

A

unstructured data are unorganized or lack a predefined pattern (ex. word processing documents, videos, photos or email messages)

29
Q

What is risk taxonomy (categories)?

A

A risk taxonomy is a comprehensive, common and stable set of risk categories that is used within an organization. By providing a comprehensive set of risk categories, it encourages those involved in risk identification to consider all types of risks that could affect the organization’s objectives.

30
Q

What is data management architecture?

A

Information technology is designed that determines what data are collected and how the data are used.

31
Q

What are the 8 steps for implementing an ERM program?

A
  1. seek board and senior management involvement and oversight
  2. identify and position a leader to drive the ERM initiative
  3. establish a management working group
  4. inventory the existing risk management practices of the organization
  5. conduct an initial assessment of key strategies and related strategic risks
  6. develop a consolidated action plan and communicate to board and management
  7. develop and/or enhance risk reporting
  8. develop the next phase of action plans and ongoing communications
32
Q

What is ESG?

A

Environmental, social and governance risks. These risks are also known as sustainability, nonfinancial or extra-financial risks.

33
Q

The guidance for ESG related risks includes actions to help manage current risks and develop the resilience ot adapt to future megatrends, what the actions?

A
  1. governance and culture
  2. strategy and objective-setting
  3. performance - risk identification
  4. performance - risk assessment and priorities
  5. performance - risk responses
  6. review and revision
  7. information, communication, and reporting

BEC (16 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions