4. Risk Management (10% 12 MCQs) Flashcards
Section E - Proficient
Risk Management Concept (Fundamental)
Risk - Definition
Risk Management Process
Risk: Possibility of events impacting the organization, measured by impact and likelihood.
Section E - Proficient
Risk Management Concept (Fundamental)
Risk Management - Definition
Risk Management Process
- Risk Management (RM): Process to identify, assess, manage, and control events to ensure organizational objectives.
- Standard 2120 – RM: IA evaluates and improves the RM process.
- RM: Can be formal or informal.
Section E - Proficient
Risk Management Concept (Fundamental)
Risk Management Process - Definition
Risk Management Process
- Identification of Context
- Risk Identification
- Risk Assessment & Prioritization
- Risk Response
- Risk Monitoring
Section E - Proficient
Risk Management Concept (Fundamental)
Responsibility for Aspect of Org RM
Risk Management Process
- RM: Key responsibility of management and the Board.
- IA Assurance: Reviews and recommends improvements.
- IA Consulting: Identifies, evaluates, implements, and manages methods and controls.
- Board Role: Determines IA’s RM role based on culture, competence, and local conditions.
- IA Role: Defined in the Charter.
Section H - Basic
Role of IA in RM
Risk Management Process
- Standard 2120.A1: Assess alignment, risk identification, responses, and communication.
- Standard 2120.A2: Evaluate fraud risk and management.
- IG 2120: Understand RM framework, assess risk maturity, plan audits, and report issues.
- Implementation: CAE assesses and discusses RM, performs gap analysis, ensures timely action, and reviews Board minutes.
- Conformance: Charter, Audit Plan, Meeting Minutes, IA Risk Assessment.
Section E - Proficient
Risk Management Concept (Fundamental)
Risk Management in Consulting
Risk Management Process
- Performance Standard 2120.C1: Address risks per engagement objectives.
- Performance Standard 2120.C2: Incorporate consulting knowledge.
- Performance Standard 2120.C3: Avoid management responsibilities
Section F - Basic
RM Framework (COSO, ISO 31000 etc.)
ERM - Definition & Concepts
COSO Framework - ERM Overview
- Culture: Values influencing risk management.
- Capabilities: Skills and resources for risk.
- Practices: Methods for managing risks.
- Strategy: Aligning risks with goals.
- Performance: Managing risks to create value.
Section F - Basic
RM Framework (COSO, ISO 31000 etc.)
ERM - Role & Responsibilities
COSO Framework - ERM Overview
- Board: Provides oversight via committees (e.g., audit, risk, governance).
- Management: Manages risk and achieves objectives daily.
- Risk Officer: Centralizes and coordinates risk management.
- Three Line Model:
* First: Risk owners.
* Second: Support functions (e.g., Risk Officer).
* Third: Assurance functions.
Section F - Basic
RM Framework (COSO, ISO 31000 etc.)
COSO ERM Framework
COSO Framework - ERM Component & Limitations
Enterprise Risk Management
A set of principles organized into 5 interrelated components.
* Governance & Culture - Mission, Vision & Core Values
* Strategy & Objective Setting - Strategy Development
* Performance - Business Objective Formulation
* Review & Revision - Implementation & Performance
* Information, Communication, & Reporting - Enhanced Value
Section F - Basic
RM Framework (COSO, ISO 31000 etc.)
COSO ERM Components
COSO Framework - ERM Component & Limitations
Enterprise Risk Management
A set of principles organized into 5 interrelated components.
* Governance & Culture -
1. Exercises Board Risk Oversight
2. Establishes Operating Structure
3. Defines Desired Culture
4. Demonstrates to Core Values
5. Attracts, Develops & Retains Capable Individuals
Section F - Basic
RM Framework (COSO, ISO 31000 etc.)
COSO ERM Components
COSO Framework - ERM Component & Limitations
Enterprise Risk Management
A set of principles organized into 5 interrelated components.
* Strategy & Objective-Setting
6. Analyzes Business Context
7. Defines Risk Appetite
8. Eveluates Alternative Strategies
9. Formulates Business Objectives
Section F - Basic
RM Framework (COSO, ISO 31000 etc.)
COSO ERM Components
COSO Framework - ERM Component & Limitations
Enterprise Risk Management
A set of principles organized into 5 interrelated components.
* Performance
10. Identifies Risk
11. Assesses Severity of Risk
12. Prioritize Risks
13. Implements Risk Responses
14. Develops Portfolio View
Section F - Basic
RM Framework (COSO, ISO 31000 etc.)
COSO ERM Components
COSO Framework - ERM Component & Limitations
Enterprise Risk Management
A set of principles organized into 5 interrelated components.
* Review & Revision
1. Assesses Substantial Change
2. Reviews Risk & Performance
3. Pursues Improvement in Enterprise Risk Management
Section F - Basic
RM Framework (COSO, ISO 31000 etc.)
COSO ERM Components
COSO Framework - ERM Component & Limitations
Enterprise Risk Management
A set of principles organized into 5 interrelated components.
* Information, Communication & Reporting
1. Leverages Information & Technology
2. Communication Risk Information
3. Reports on Risk, Culture & Performance
Section F - Basic
RM Framework (COSO, ISO 31000 etc.)
ERM Limitations
COSO Framework - ERM Component & Limitations
Enterprise Risk Management
- Faulty Judgment
- Cost-Benefit Considerations
- Simple Errors
- Collusion
- Management Override