Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

M67 - Risk Management > 3 - Roles and responsibility > Flashcards

3 - Roles and responsibility Flashcards

1
Q

The approach adopted by enterprise risk management is BEST described as being:

A

holistic

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

In the UK, certain companies are required to disclose in their annual reports and accounts how they have complied with the Corporate Governance Code. This requirement would apply to what type of company?

A

Sha Manufacturing plc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

The risk tolerance of a firm describes the:

A

risks that the firm might be able to bear.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

A claims manager has been asked by the risk management department to review whether the claims settlement authorities granted to claims handlers are being followed and to report his findings to them. What type of risk management technique is being used?

A

Control self assessment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is an advantage to an organisation of having a successful enterprise risk management programme?

A

An improved competitive advantage.

NOT
There is little risk monitoring required.
The ability to look at risks individually.
Rapid changes to the risk culture of the organisation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

The MAIN purpose of an internal audit of risk management is to:

A

provide independent assurance to the board that an effective risk management system is in place and operating effectively.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

The UK Corporate Governance Code SPECIFICALLY charges company directors with:

A

supervising the management of the business.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What responsibilities is a risk officer employed by a large manufacturer likely to have?

A

Identifying, analysing and evaluating a range of individual risks in specific areas.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

In a major UK insurer, who will typically be responsible for agreeing, establishing and overseeing a risk management framework across the organisation?

A

Chief risk officer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

In a five stage model of risk maturity, an example of level five would include having:

A

policies that define all aspects of risk management and governance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

One of the five main responsibilities of a board of directors concerns risk. Under this heading, what is the board responsible for?

A

Supervision of the process of risk assessment and ensuring necessary actions are adopted to mitigate against those risks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Organisations may consider integrating audit, compliance and risk management activities in a single GRC (Governance, Risk and Compliance) system. What are they hoping to achieve?

A

GRC is expected to improve governance and efficiency by aligning strategy, processes, technology and people

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Overall management and direction of any organisation is the responsibility of a …

A

small group of people who accept certain roles and responsibilities in line with corporate legislation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A board cannot ignore its responsibilities regarding risk management. It needs to …

A

specify risk policy, thoroughly review risk exposures and define levels of risk it is prepared to accommodate.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

A common approach with regards to supervising risk is to appoint a …

A

Risk subcommittee

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

The risk subcommittee will act with what authority?

A

board authority, setting policies and making risk decisions as required.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

The way a board sets up an organisation to achieve its objectives, together with the systems it puts in place to manage and control that organisation, is known as

A

Corporate governance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

The UK Corporate Governance Code provides a code of best practice for companies listed on the …

A

London Stock Exchange. It is overseen by the Financial Reporting Council.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

SOX established …

A

enhanced standards for all LJIS public companies listed by the financial regulator.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

CSA is

A

a systematic process requiring management and staff to continually audit and report on risks and risk controls for which they are responsible. Improved awareness and accountability for risk leads to better corporate governance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What is Enterprise Risk Management?

A

The structure set up to control risk management across the whole organisation is known as enterprise risk management.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

ERM systems allow all the risks involved in an organisation to be looked at …

A

together and from different perspectives. This is known as a holistic approach.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

ERM has been recognised as an important element of strong …

A

corporate governance.
Today its use in large organisations is internationally supported by laws, regulations and compliance requirements.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

The ERM framework is important. It shows how essential functions of an organisation combine to create …

A

an integrated system for managing risk across the whole organisation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

A common source of overlapping responsibilities in large organisations arises from the activities of

A

risk management, audit and compliance - all responses to particular requirements organisations have been forced to consider.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Attempts to create such an integrated structure have become known as

A

governance, risk and compliance (GRC) frameworks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Organisations with separate risk management, audit and compliance activities have difficulties providing …

A

coherent (combined) information to the board to improve corporate
governance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

An objective of GRC is to

A

rationalize information gathering and processing structures using common technology to capture, store and process information. Organisation wide training is also required to introduce a common vocabulary across all risk management and assurance functions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

GRC is expected to improve governance and efficiency by …

A

aligning strategy, processes, technology and people.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

ERM is …

A

a dynamic management system which states that people be organized and trained to carry out delegated tasks within specified boundaries and specified communication and reporting channels.

31
Q

In a typical ERM system, a group risk management function would be responsible for:

A
  • setting up and maintaining the ERM framework; and
  • managing all risk management functions within the group.
32
Q

An ERM function can make a valuable contribution to … (formation)

A

strategy formation as well as managing risk involved.

33
Q

ERM is a basic management philosophy that can only be initiated and maintained by …

A

the board, which must deliberately take every opportunity to emphasise ERM’s relevance and importance.

34
Q

Large organisations are typically concerned with two types of audit process:

A

internal and external.

35
Q

External audits are conducted by

A

separate professional organisations to give independent assurance to stakeholders that published information conforms to specific standards and is factually correct.

36
Q

Internal audits are carried out within an organisation to provide assurance to

A

the board that approved systems and procedures are operating as intended.

37
Q

The board expects internal audit to provide assurance regarding what functions?

A

several key functions, only one of which is risk management.

38
Q

Evaluation of risk exposure is important. The internal audit will be looking to come to an informed opinion about reliability of what? and effectiveness of what?

A

reliability of information and effectiveness of risk management operations.

39
Q

Organisations whose existence depends on compliance with appropriate laws and regulations often create …

A

separate compliance function specifically to identify and control threats that might lead to breaches of compliance.

40
Q

Compliance must keep up to date with existing and new legislation affecting any organisation operation. Compliance provides …

A

policies, guidance, training and advice on compliance issues, as well as assurance that suitable compliance controls are in place and effective.

41
Q

Organisation of a compliance function could mirror the organisation of

A

Risk Management

42
Q

Compliance activities are a subset of both …

A

audit and risk management activities, concentrating on a limited number of’ specific, but important risks.

43
Q

Some organisations treat risk control as an integral part of general management, making each manager responsible for

A

events in their own area of influence.

44
Q

Effective risk management will heavily depend on the ability of …

A

the central risk management professionals to communicate with and persuade their various management colleagues to treat risk in a coordinated manner.

45
Q

It is difficult, if not impossible, to prevent overlap between various management responsibilities?

A

True

46
Q

In the final analysis, responsibility for risk control throughout an organisation lies with

A

the board of directors

47
Q

A risk subcommittee will set out the structure …

A

by which they intend to manage risk in a written document available for general reference. This is usually referred to as risk management architecture. This document describes the risk management structure of the organisation, laying out lines of communication for reporting risk management issues.

48
Q

The risk management architecture document should be reviewed at least every …

A

one to two years to reflect major changes in an organisation or its environment.

49
Q

A chief risk officer will contribute to decisions about the …

A

direction an organisation is to follow and will be intimately involved in the detail of strategic plans. They could be actively or indirectly involved in many diverse issues.

50
Q

Could a risk manager have board status?

A

A risk manager could have board status in some organisations, a middle management or lesser role in others. In some organisations the role may focus on a particular specialist area of risk.

51
Q

A risk officer is a person who carries out …

A

selected duties under the guidance and direction of the chief risk officer.

52
Q

In any organisation committees are established as forums to …

A

bring together experts or representatives from different areas of the organisation to discuss common topics or objectives.

53
Q

Risk appetite is

A

the amount of risk that an organisation is prepared to accept, tolerate or be exposed to at any point in time.

54
Q

It is important to define risk appetite because?

A

It is important to define risk appetite and communicate the policy to line managers and decision-making staff.

55
Q

Defining risk appetite provides a framework for

A

Decision making

56
Q

Risk tolerance describes those risks that the organisation might be able to …

A

put up with

57
Q

Organisation culture is a collective description reflecting …

A

typical behavior patterns of people who work there.

58
Q

Various initiatives may be used to enhance risk awareness culture in an organisation.?

A

True

59
Q

Maintaining risk awareness culture requires

A

Maintaining this culture will require continuous training support, particularly for new recruits. It will also need a continuous review and monitoring programme to ensure not just that procedures are being followed, but that required results are being achieved.

60
Q

Generally speaking, organisations with effective risk management processes can expect …

A

less unexpected losses and better selection of future opportunities.

61
Q

A qualitative indication of progress in developing risk awareness in an organisation can be obtained by

A

by regularly assessing the current: level of risk culture.

62
Q

Processes of observation, audit and interviews are used to evaluate the extent to which risk culture is embedded in what?

A

is embedded in organisation procedures and practices. The result is a classification in terms of risk maturity, where various levels of maturity are defined by descriptions of different risk control structures and perceived attitudes to management of risk.

63
Q

Do organisations have their own risk maturity models

A

Yes

Organisations may develop their own risk maturity model for this type of assessment or use one of the general framework models available. A simple model known as the 4Ns is currently being promoted. This has four levels of maturity labelled as naïve, novice, normalized and natural, with corresponding descriptions for each of these levels.

64
Q

It is accepted that greater risk management system maturity reduces the impact of

A

undesirable events and will reduce risks involved in forward strategies and plans.

65
Q

What is corporate governance?

A

Corporate governance is the way a board sets up an organisation to achieve its objectives, together with the systems it puts in place to manage and control that organisation.

66
Q

What sort of devices and procedures can be used for internal control?

A

• approvals;
• authorisations;
• reconciliations;
• separation of duties;
• physical controls;
• IT controls;
• peer reviews.

67
Q

What is ERM and why is it desirable?

A

ERM is the structure an organisation sets up to control risk management across the whole of its organisation. ERM allows all the risks involved in an organisation to be looked at together and from different perspectives. This is known as a holistic approach.

68
Q

Can you outline a typical organisation structure within an ERM framework?

A

Heads of departments have primary responsibility for identifying, assessing and managing operational risks in their areas. A group risk management function is responsible for setting up and maintaining the ERM framework, and for coordinating all risk management functions within the group.

69
Q

State five key responsibilities you would expect a chief risk officer to have.

A

• Ensure risk management is at the heart of strategic decision making.
• Supply appropriate risk management skills and expertise concerning any corporate involvement in major initiatives or programmes.
• Agree, establish and oversee a risk management framework across the
organisation.
• Raise ‘risk awareness’ across the organisation.
• Communicate on risk matters with all business areas and appropriate external stakeholders.
• Ensure all risk owners understand the risk’s they are responsible for.
• Provide advice and support across the organisation to ensure effective risk management.
• Identify risk trends and emerging risks of interest to the organisation.
• Identify, analyze, assess and evaluate a range of individual risks across the organisation.
• Maintain an up-to-date risk register.
• Evaluate existing risk controls - highlighting any deficiencies and creating action plans for improvement.
• Implement cost-effective risk controls or adjustment.
• Identify and report on the most important risks faced by the organisation.
• Prepare insurance programmes and business continuity plans.
• Identify and report on significant changes in probability or impact of the most important risks faced by the organisation.
• Work within agreed budgetary constraints.
• Take overall responsibility for recruitment and development of direct reports including appropriate training.

70
Q

What is the difference between audit and compliance functions?

A

Compliance is a subset of audit, concentrating on a limited number of important risks, normally those threatening compliance with relevant laws and regulations.

71
Q

What is the difference between risk appetite and risk tolerance?

A

Risk appetite describes those risks that an organisation is actively willing to take. Risk tolerance describes those risks that: the organisation might be able to put up with. A risk appetite policy can be used as a guide for both new and existing risks.

72
Q

What activities support a risk aware culture?

A

Activities that support a risk aware culture include leadership, involvement, learning, accountability and communication. Any management device is useful that contributes to the aim of fully embedding risk consideration as an integral part of everyday procedures at all levels in an organisation.

73
Q

UK Corporate Governance Code

A

The UK Corporate Governance Code provides a code of best practice for companies listed on the London Stock Exchange. It is overseen by the Financial Reporting Council (FRC).

M67 - Risk Management (10 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions