Module 1 - Unit 3: Enterprise risk management

Question 1

List 6 features of an ERM approach

Answer 1

1. Covers all areas of orgs risk exposure
2. Sees risks as interrelated
3. Evaluates risk in the context of internal and external contexts, systems and stakeholders
4. Provides a structured process for the management of all risks
5. Constructs a means of communicating on risk issues so there is a common understanding
6. Views effective management of risk as contributing to the achievement of business and strategic objectives.

Question 2

Compare and contrast ERM with traditional forms of risk management

Answer 2

Tbc

Question 3

Use a sentence to define “internal environment”

Answer 3

People’s attitudes, entity’s risk management philosophy and risk appetite.

Question 4

Use a sentence to describe “objective setting”

Answer 4

Establishing what the org is setting out to achieve in order to identify events that could obstruct this.

Question 5

Use a sentence to describe “event identification”

Answer 5

Identifying internal and external events or circumstances that could impact the achievement of the org’s objectives.

Question 6

Use a sentence to describe “risk assessment”

Answer 6

Assessing the inherent and residual risk levels of a potential event based on likelihood and impact in order to plan how it is managed.

Question 7

Use a sentence to describe “risk response”

Answer 7

The decision to either avoid, accept, reduce or share risk. Actions aligned to tolerance and appetite of the organisation.

Question 8

Use a sentence to describe “control activities”

Answer 8

Policies and procedures to ensure risk responses are effectively carried out.

Question 9

Use a sentence to describe “information and communication/monitoring”

Answer 9

Relevant information identified and communicated in a form and timeframe that enables people to carry out their responsibilities.

Question 10

Explain why the first element on the side face of the COSO ERM Cube is described as “Entity-Level”

Answer 10

ERM begins at entity level (where tolerance, appetite and objectives are agreed) and is cascaded through the organisation

Question 11

Full implementation of ERM across a large org is likely to be measured a) up to 6 months b) 6 months to 1 year c) 1-3 years d) more than 3 years

Answer 11

More than three years.

Question 12

List 4 ways in which an organisation can benefit from an ERM approach

Answer 12

FIRM

F - inancial e.g. Reduced cost of capital, increased profitability

I - nfrastructure e.g. Reduced disruption, efficiency, reduced operating costs

R- eputational e.g. Regulators satisfied, enhanced shareholder value, improved perception of organisation

M - arketplace e.g. Commercial opportunities maximised, better presence, higher ratio of business success, low ratio of disasters

Question 13

Identify one method you could use to assess the benefits of an investment in ERM

Answer 13

Identify performance measurements aligned to the FIRM scorecard

Question 14

Provide four difficulties or barriers with the implementation of the ERM approach. Try to provide solutions!

Answer 14

1. Lack of support/commitment from senior management 🅰 identify a sponsor on the main board and confirm shared and common priorities. 2. Not seen as a core part of b/s activity, too time consuming 🅰 align with core processes and achievement of the objectives of the org 3. Approach too complicated and over-analytical 🅰 establish appropriate level of sophistication for framework and undertaking of risk assessments 4. Risk Management seen as static, not required for a dynamic org 🅰 - align with objectives and business decision making activities

Question 15

Briefly describe the three levels of context for risk management

Answer 15

1. Internal Context - mission, culture, processes, environment, capacity 2. External Context - product, market forces, social and political circumstances, legal & regulatory 3. Risk Management Context - the aim of risk management within the org, who is responsible, resources available

Question 16

Define ERM

Answer 16

Identifying and evaluating significant and interdependent risks, assigning ownership and responding in line with the orgs risk appetite in order to produce useful information for decision making and assurance of achieving objectives.

Question 17

What 8 elements appear on the front face of the COSO ERM cube and describe the risk management process?

Answer 17

Internal environment

Objective setting

Event identification

Risk assessment

Risk response

Control activities

Information and communication

Monitoring and review

Question 18

What are the 4 types of objectives that make up the top of the COSO ERM cube?

Answer 18

Strategic Operations Reporting Compliance

Question 19

What 4 levels of implementation appear on the side of the COSO ERM cube?

Answer 19

Cascading from the front:

Entity level

Division

Business unit

Subsidiary

Question 20

Which of the following definitions best describes the term ‘control activities’ in the COSO ERM cube?

A) Ways to identify internal and external events that could affect the achievement of objectives

B) The means to analyse risks, their likelihood and impact

C) The ways in which compliance with policies and procedures can be checked

Answer 20

C) The ways in which compliance with policies and procedures can be checked

Question 21

Which of these is part of the risk management context, as opposed to the external or internal contexts?

A) The regulatory framework

B) The organisational structure

C) The risk management strategy

Answer 21

C) The risk management strategy