7.3 Enterprise risk management

Question 1

What is enterprise risk management?

Answer 1

ERM is a process, effected by the board, management and other personnel, applied in strategy setting, designed to identify potential events and manage risk to be within risk appetite, providing reasonable assurance regarding achievement of objectives.

Question 2

Three essential characteristics distinguish ERM from standard risk management:

• a h______ focus
• emphasis on v_____-a______ risk management
• blending f_____ and i________ risk management tolls

Answer 2

holistic
value-added
formal
informal

Question 3

Why is ERM a “holistic” process?

Answer 3

ERM should be applied across the whole organisation.

Question 4

What is the traditional “silo” approach to risk management?

Answer 4

Different categories of risk were managed individually by different people, ignoring gaps and interconnectivities between risks.

Question 5

What is the main way to achieve holistic ERM?

Answer 5

Through a central risk function under the controk of a chief risk officer.

Question 6

ERM is a value-add activity. What does this mean?

Answer 6

ERM should, if applied correctly, create and protect value to an organisation through effective strategic-level risk management decision making.

Question 7

ERM has both formal and informal factors. What do we mean by formal factors?

Answer 7

The tangible systems, processes, procedures, policies and committees that make up the risk management system.

Question 8

ERM has both formal and informal factors. What do we mean by informal factors?

Answer 8

Intangibles such as culture, social networks and the way risk management is perceived.

Question 9

List some benefits of ERM.

Answer 9

Improve reporting to support strategic decisions
Avoidance of silos
Improved operational efficiency
Better cost effectiveness
Improved profitability and equity value
Improved ability to achieve objectives
Consistent decision making
Effective resource allocation
Spreading risk ownership to local experts

Question 10

The key elements of an effective ERM process are:

• ERM policies and p_________
• risk a________
• enterprise risk r___________
• r___ and a____ committees
• escalation and w_____________
• business c__________ management

Answer 10

procedures
appetite
reporting
risk
audit
whistleblowing
continuity

Question 11

List some key elements of an ERM policy.

Answer 11

• the overarching approach to risk
• how risk aligns with mission, vision and values
• specific risk management objectives
• how the organisation balances risk and opportunity
• a high level overview of the ERM process
• a statement on organisational risk culture
• roles and responsibilities for ERM
• the ERM reporting structure

Question 12

Why is risk appetite important to ERM?

Answer 12

The organisation must understand the risk it is willing to take and that which it is not.

Question 13

Why can a combined risk and audit committee be problematic?

Answer 13

Audit committees are usually focused on risk reduction and so may not give positive risks their due consideration.

Question 14

Why is escalation and whistleblowing important?

Answer 14

Concerns regarding control failures or unauthorised policy breaches including criminal acts must be reported to a single point of contact.

Question 15

What do we mean by “business continuity management”?

Answer 15

Processes that ensure that the impacts of risk events are properly managed and mitigated.