A. Enterprise Risk

Question 1

what is risk?

Answer 1

condition in which there exists a quantifiable dispersion in the possible outcomes from any activity

the combination of the probability of an event and its consequences

risk in business is the chance that future events or results may not be as expected

Question 2

what are downside/upside risks?

Answer 2

downside: purely bad, adverse outcome
upside: results better than expected, favourable outcome

Question 3

what is two way risk?

Answer 3

sometimes called speculative risk

actual result could be better or worse than forecast

Question 4

what is uncertainty?

Answer 4

arises from ignorance and a lack of information

Question 5

why incur risk?

Answer 5

• INCREASE FINANCIAL RETURN:firms must be willing to take higher risks if they want to achieve higher returns
• TO GAIN COMPETITIVE ADVANTAGE:generate higher returns a business may have to take more risk in order to be competitive
• generate more market share

Question 6

what are the benefits of taking risks?

Answer 6

not limiting its activities or providing little or no competitive advantage

Question 7

What are the following risks?

• political
• legal/litigation
• regulatory
• compliance

Answer 7

• political:due to political instability, external
• legal/litigation:legal action against business
• regulatory:changes in regulation affecting business
• compliance:non-congruence with the law resulting in fines/penalties

Question 8

what are business risks?

Answer 8

strategic
product
commodity price 
product reputation
operational
contractural inadequacy
fraud and employee malfeasance:

Question 9

what are the following risks?

• strategic
• product
• commodity price
• product reputation
• operational
• contractural inadequacy

Answer 9

• strategic:business strategies will fail
• product:failure of new products or loss of interest in existing products
• commodity price:rise in commodity prices
• product reputation:change in a product’s reputation or image
• operational:business operations may be inefficient or business changes may fail
• contractural inadequacy:terms of a contract do not fully cover a business against all potential outcomes

Question 10

what is economic risk?

Answer 10

changes in the economy an affect business

e.g.inflation, unemployment rates, international trade relations

Question 11

what were the 6 contributing factors to the credit crunch?

Answer 11

1. US sub-prime mortgage lending
2. CDOs. i.e collateralised debt obligations
3. Debt rating organisations
4. Banks’ financial structure
5. Credit default swaps
6. Risk takers

Question 12

what were the 5 implications of the credit crunch?

Answer 12

1. the collapse of major financial institutions
2. the credit crunch
3. government intervention
4. recession and ‘austerity measures’
5. problems refinancing government debt

Question 13

describe US sub-prime mortgages contributing factor

Answer 13

low interest rates to stimulate growth
relaxed mortgage criteria
-sub-prime mortgages’ for those even with high default risk and taking out adjustable rates
1/5 in 2005 were sub prime
inflationary pressure caused interest rates to rise
mortgage owners pay higher rate and leads to defaults
boom in house prices came to an end and house prices started falling

Question 14

describe CDO contributing factor

Answer 14

selling on debt in the form of CDOs
insurance for mortgage companies
others shared risk of SPM

3 tier structure:
Tier 1: senior or investment grade which is low risk but with a low return
Tier 2: mezzanine tranche medium risk and return
Tier 3: equity tranche with highest risk and return

money received on mortgages used to pay tier 1 bond holders meaning less left for 2 and 3, with 3 suffering first and creating a waterfall effect

Question 15

describe debt rating organisations contributing factor

Answer 15

CDO bonds credit rates for risk
lack of understanding or too much faith in purchasers
allocated low risk credit rating giving people confidence in investing
regulatory failure

Question 16

describe bank’s financial structure as a contributing factor

Answer 16

banks are highly geared with less than 10% of asset value covered by equity
loss in asset value can wipe out equity account
banks found themselves in a position with negative equity

Question 17

describe bank’s credit default swaps as a contributing factor

Answer 17

alternative to CDOs
lenders could purchase insurance on sub-prime debt through credit default swaps or CDSs
these purchases were first to suffer when default levels increased

Question 18

describe risk takers as a contributing factor

Answer 18

taking risks they didn’t understand

Question 19

Describe the implication of collapse of major financial institutions due to the credit crunch

Answer 19

some very large financial institutions went bust and got into serious trouble thus needing bailouts:

• Lehman Brothers biggest bankruptcy in history
• government put together $85bn bailout for AIG
• BOE lent Northern Rock £27bn in collapse

Question 20

Describe the implication of the credit crunch

Answer 20

banks couldn’t raise sufficient finance
lots of bad debt and low confidence
banks became reluctant to lend leading to liquidity on money markets
harder to refinance loans causing major problems

Question 21

Describe the implication of government intervention

Answer 21

governments felt compelled to intervene and inject money for liquidity purposes
used a mixture of loans, guarantees and the purchase of equity
central banks tried to raise the amount of lending by cutting interest rates but if they’re too low have to resort to QE
Feb2020: QE programme that cost £200bn
many governments found themselves with huge levels of debt with the corresponding need to repay high levels of interest as well as repay the debt

Question 22

what is quantitative easing?

Answer 22

CB buys assets using financial assets such as government and corporate bongs using money it has created out of thin air
the institutions selling these assets will have increased liquidity thus boosting money supply

Question 23

Describe the implication of recession and ‘austerity measures’

Answer 23

credit crunch implications lead to a recession in many countries
fall in taxes but raise in govt spending so need to cut back on spending to avoid higher levels of national debt

Question 24

Describe the implication of problems refinancing government debt?

Answer 24

In 2010/2011 some countries tried to refinance national debt by issuing bonds:

• Spanish government needed to raise more borrowing as debts reached maturity, also needed to cut spending which affected public sector and lead to tax hikes and pension freeze
• Greece government had shorter maturity period on bonds than countries like the UK

Other countries needed IMF bailout e.g Greece, UK and Ireland from the EU

Question 25

What is financial risk?

Answer 25

risk of a change in a financial condition such as an exchange rate, interest rate, credit ration of a customer or price of a good

Question 26

what are the main types of financial risk?

Answer 26

currency
political
credit
interest rate
gearing

Question 27

explain the following financial risks:
currency
political
credit
interest rate
gearing

Answer 27

currency:fluctuation in exchange rate
political:arising from government actions
credit:non-payment by customers
interest rate:risk that interest rates change
gearing:in the way a business is financed (debt vs equity)

Question 28

what is technology risk?

Answer 28

that technology changes will occur that either present new opportunities to businesses or on the down-side make their existing processes obsolete or inefficient

Question 29

what is cyber risk?

Answer 29

risk of financial loss, disruption or damage to an organisation caused by issued with the information technology systems they use

Question 30

what is environmental risk?

Answer 30

risk from changes in the environment e.g. natural disasters or climate change

Question 31

for what type of companies is environmental risk an important factor?

Answer 31

when deciding policy premiums as they can severely alter the results of insurance businesses

Question 32

what changes in the environment can affect environmental risk?

Answer 32

factors we can control e.g. oil spill, pollution

factors we can’t directly control e.g. climate change, global warming

Question 33

what is reputation risk?

Answer 33

downside as the better the reputation of the business, the more risk there is of losing that reputation

Question 34

what is fraud risk?

Answer 34

operational business risk

vulnerability of an organisation to fraud
need to have strong controls
controllable risk

Question 35

what does the size of fraud risk depend on?

Answer 35

the probability of fraud occurring

the size of the losses if fraud does occur

Question 36

how can fraud risk be managed?

Answer 36

fraud prevention:ensuring that the opportunities to commit fraud are minimised
fraud detection and deterrence: identify fraud after it has occurred so employees deterred from performing fraud

Question 37

what could cause corporate reputation risk?

Answer 37

environmental performance
social performance
health and safety performance

Question 38

why is reputation risk harder to control?

Answer 38

some services outsourced e.g. clothing manufacturing so might not know enough about practices e.g. sweat shops

Question 39

what is employee malfeasance risk?

Answer 39

doing wrong or committing and offence

• making false representations
• failing to comply with requirements

Question 40

what are some risks from international operations?

Answer 40

culture
litigation
credit
items in transit
financial risks

Question 41

what are the following international operations risks:
culture
litigation
credit
items in transit
financial risks

Answer 41

culture: culture clash, lack of local knowledge
litigation:may not understand legislation well so more risk of breaching it
credit:controlling credit risk in overseas operations, harder to chase debt
items in transit:damaged or lost in transit
financial risks:foreign exchange risks, interest rate risks

Question 42

what is risk management?

Answer 42

the process of understanding and managing the risks that the organisation is inevitably subject to in attempting to achieve its corporate objectives

Question 43

what is the traditional view of risk management?

Answer 43

avoid downside risk

Question 44

what is the new approach of risk management?

Answer 44

benefiting from upside risk

Question 45

what is ERM?

Answer 45

enterprise risk management is the term given to the alignment of risk management with business strategy and the embedding of a risk management culture into business operations

Question 46

what are the key principles of ERM?

Answer 46

• consideration of RM in the context of business strategy
• RM is everyone’s responsibility, with the tone set from the top
• the creation of a risk aware culture
• a comprehensive and holistic approach to RM
• consideration of a broad range of risks (strategic, financial, operational and compliance)
• a focused RM strategy, led by the board

Question 47

what does the cube in the COSO ERM framework represent?

Answer 47

the relationships between objectives, components and different organisational levels

Question 48

what do the 4 objectives represent?

Answer 48

the responsibility of different executives across the entity and address different needs

areas of responsibility

Question 49

what do the 4 organisational levels emphasise?

Answer 49

the important of managing risks across the enterprise as a whole

Question 50

what are the 8 compounds?

Answer 50

function effectively for risk management to be successful

Question 51

what are the elements of effective internal control system?

Answer 51

the 8 elements that are components of managing risks

Question 52

what is EY’s model for shareholder value?

Answer 52

shareholder value = Static NPV of existing business model + value of future growth options

sum of the value of what a company does now and the value of what they could possible do in the future

Question 53

what 4 stages does EY identify as risk management?

Answer 53

a) establish what shareholders value about the company
b) identify the risks around the key shareholder value drivers
c) determine the preferred treatment for the risks
d) communicate risk treatments to shareholders

Question 54

how did COSO update the ERM framework in 2017?

Answer 54

double helix format as should be part of company DNA
rainbow colour to represent inclusivity

doesn’t replace cube but shows change in business environment

Question 55

what are the 5 components of the 2017 ERM framework?

Answer 55

governance and culture:internal environ and importance of tone of org
strategy and objective setting:main focus of update, emphasis of importance in making sure ERM is aligned to risk appetite
performance:combines cube
review and revision
information, communication and reporting

Question 56

what are the benefits of ERM?

Answer 56

• enhanced decision making by integrating risks
• reduced performance fluctuations and fewer interruptions to operations
• the resultant improvement in investor confidence and hence shareholder value
• focus of management attention on the most significant risks
• a common language of risk management which is understood throughout the organisation enabling performance improvement
• increased ability to benefit from upside risk and reduced susceptibility to downside risk
• reduced cost of finance through effective management of risk
• improved utilisation of resources
• increased opportunities for the organisation

Question 57

how was risk management strategy formed in the past?

Answer 57

left to individual managers to make assessments of the risks the business faced and exercise judgement on what was a reasonable level of risk

Question 58

how is a risk management strategy formulated in modern times?

Answer 58

ensure the risk exposures of the organisations are consistent with its risk appetite. Should be sufficient to:

• review its internal control system and its adequacy at least annually
• ensure that controls are properly implemented
• monitor the implementation and effectiveness of controls

try to achieve required business objectives with the lowest possible chance of failure

Question 59

what are some factors that affect the risk appetite?

Answer 59

nature of product being manufactures
the need to increase sales
the background of the board
amount of change in the market
reputation of the company

Question 60

what are the features of a risk management strategy according to the IMA-IFAC joint report Enterprise Governance?

Answer 60

• statement of the organisation’s ATTITUDE to risk - the balance between risk and the need to achieve objectives
• the risk APPETITE of the organisation
• the OBJECTIVES of the risk management strategy
• CULTURE of the organisation in relation to risk (and the behaviour the organisation expects from individuals with regard to risk-taking)
• responsibilities of managers for the application of risk management strategy
• reference should be made to the risk management SYSTEMS the company uses
• performance CRITERIA should be defined so that the effectiveness of risk management can be evaluated

Question 61

what 3 elements are included in the Institute of Risk Management’s risk management process?

Answer 61

1) risk assessment
2) risk reporting
3) risk treatment

Question 62

who controls the risk identification process?

Answer 62

a risk committee or risk management specialists

Question 63

what is a risk register?

Answer 63

list of all the risks that have been identified and the measures that have been taken to control each of them

management tool
takes days to produce and should be updated regularly, annually according to guidelines

Question 64

In the tabular format, what are the headings in a risk register?

Answer 64

1) the risk title
2) the likelihood of the risk
3) the impact of the risk should it arise (scale of 1-5)
4) the risk owner’s name
5) the date the risk was identified
6) the date risk was last considered
7) mitigation actions
8) overall risk rating
9) further actions
10) the action lead name will be detailed
11) a due date
12) risk level target

Question 65

what are some quantitative techniques used to measure risk?

Answer 65

EVs and SD
volatility
VaR
regression analysis
simulation analysis

Question 66

what is standard deviation?

Answer 66

measure of the dispersion of the possible values of a given factor from EV or mean

measure of volatility, higher value means greater risk involved

Question 67

what does VaR show?

Answer 67

allows investors to assess the scale of the likely loss in their portfolio at a defined level of probability

most widely used measure of financial risk as investors care mainly about the probability of a large loss

Question 68

what 3 components are needed for VaR?

Answer 68

a time period
a confidence level
a loss amount/percentage loss

Question 69

what is Basel II?

Answer 69

established rigorous risk and capital management requirements to ensure each bank holds reserves sufficient to guard against its risk exposure, given its lending and investment practices

regulators require banks to measure their market risk using a risk measurement model which is used to calculate the VaR

Question 70

what can a regression analysis be used to measure?

Answer 70

a company’s exposure to several risk factors at the same time

Question 71

how does regression analysis work?

Answer 71

regressing changes int he company’s cash flows against the risk factors

regression coefficient will indicate the sensitivities of the company’s cash flow to these risk factors

Question 72

what is the drawback of regression analysis?

Answer 72

based on historical factors which may no longer be predictors of the company in the future

Question 73

what is simulation analysis?

Answer 73

shoes sensitivity of values

mean and SD are then calculated from these results to give Ev and measure of risk

Question 74

what is the drawback of simulation analysis?

Answer 74

complex and time-consuming to carry out and limited to assumptions of the probability distributions

Question 75

what are some other methods of measuring or assessing the severity of an identified risk?

Answer 75

scenario planning
decision trees
sensitivity analysis - what if analysis

Question 76

what are the drawbacks fo the quantification of risk?

Answer 76

once a risk has been quantifies, there is a problem:does anyone know what it means?

Question 77

what is an assurance map?

Answer 77

a risk map

can help spot duplicates or burdensome assurance processes
helps prioritise risk

Question 78

who is involved in preparing a risk map?

Answer 78

the Board, the Risk Committee, the Audit Committee and senior management from various departments

Question 79

what are some risk treatment methods?

Answer 79

avoid risk
transfer risk e.g. insurance
pool risks e.g. centrally managed financial risk
diversification

Question 80

what are the objectives of risk response objectives?

Answer 80

exposure to severe risks is minimised
unnecessary risks are avoided
appropriate measures of control are taken
the balance between risk and return is appropriate

Question 81

what is backward integration?

Answer 81

development concerned with the inputs into the org

Question 82

what is forward integration?

Answer 82

development into activities that are concerned with the organisation’s outputs

Question 83

what is horizontal integration?

Answer 83

development into activities that compete with or directly complement an organisation’s present activities

Question 84

what are the problems with diversification?

Answer 84

• if diversification works, why are there so few conglomerates?
• specialising can give competitive advantage
• difficult to excel in diversified business
• many orgs diversify their operations
• relatively little advantage accrues to the shareholders from diversification

Question 85

what is hedging?

Answer 85

reducing risks by entering into transactions with opposite risk profiled to deliberately reduce the overall risks in a business operation or transaction

Question 86

what is risk sharing?

Answer 86

reduce risk in a new business operation by sharing the risk with another party e.g. joint venture

Question 87

how is risk viewed in the risk cube?

Answer 87

combination of threat, exploiting some vulnerability that could cause harm to an asset

Question 88

what is residual risk a combined function of?

Answer 88

• a threat less the effect of threat-reducing safeguards
• a vulnerability less the effect of vulnerability-reducing safeguards
• an asset less the effect of asset value-reducing safeguards

Question 89

how can risk be managed?

Answer 89

reduce the threat
reduce the vulnerability
reducing the asset value

Question 90

what is ISO 31000?

Answer 90

a group of standards designed to provide guidance on risk management

comes from the International Organisation for Standardisation

Question 91

what is the International Organisation for Standardisation?

Answer 91

independent non-government group

develops voluntary international standards which help facilitate international trade by providing confidence that an overseas organisation is working to an appropriate level

standards are related to a wide range of areas from quality, safety, reliability to cyber security and risk management i.e. open standards

Question 92

what are the seven ways an organisation may choose to deal with risk according to the ISO31000 Standards?

Answer 92

similar to TARA but more detail:

Transfer
-sharing the risk

Avoid
-avoiding the risk

Reduce

• changing the probability
• changing the outcome
• removing the risk source

Accept

• accepting the risk
• retaining the risk

Question 93

what does a risk reporting system include?

Answer 93

• a systematic review of the risk forecast
• a review of the risk strategy and responses to significant risks
• a monitoring and feedback loop on action taken and assessments of significant risks
• a system indicating material change to business circumstances to provide an ‘early warning’
• the incorporation of audit work as part of the monitoring and information gathering process

Question 94

what type of risks do risk reports show?

Answer 94

gross risk

net risk

Question 95

what is gross risk?

Answer 95

assessment of risk before the application of any controls, transfer or management responses

Question 96

what is net (residual) risk?

Answer 96

assessment of risk, taking into account the controls, transfer and a management responses

Question 97

if the residual risk is considered to be too great then the company will need to…

Answer 97

• not expose itself to the risk situation

- put in place better controls over the risk

Question 98

what is an approach to assessing the ability to bear a risk?

Answer 98

consider its financial consequences in relation to:

• the organisation’s profits
• return on capital employed
• the organisation’s expenditure budget

Question 99

how do we know when the strategy has been successful?

Answer 99

targets included in risk management strategy met

risk strategy objectives have been achieved

Question 100

do the benefits of a risk management strategy outweigh the costs?

Answer 100

• perform CBA of controls
• benefits from risk controls should preferably be measured and quantified, although some benefits (such as protecting the company’s reputation) might have to be assessed qualitatively
• the evaluation process should be based on the principle that the costs of a control measure should not exceed the benefits that it provides

Question 101

how do risks interact?

Answer 101

identification is important because risks are often interrelated ie one risk is more likely or will have a more significant impact for an organisation

Question 102

what are specific responsibilities of a board of directors in risk management?

Answer 102

ultimate responsibility for risk management

define risk appetite

Question 103

what are specific responsibilities of an audit committee in risk management?

Answer 103

responsible for reviewing internal control systems

working with external/internal auditors

Question 104

what are specific responsibilities of a risk committee in risk management?

Answer 104

direct responsibility for risk management

Question 105

what are specific responsibilities of a risk management group in risk management?

Answer 105

report to the Board via audit/risk committees
group of senior and middle management with operational responsibility for carrying out the risk management process
identification of risks

Question 106

what are specific responsibilities of an internal audit in risk management?

Answer 106

review of internal controls

support management in risk management process

Question 107

risk officer role?

Answer 107

assigned to each division who will help to identify and manage tactical and operational level risks

Question 108

what are the main aims of a risk committee?

Answer 108

• raising risk awareness
• establishing policies for risk management
• ensuring that adequate and efficient processes are in place to identify, report and monitor risks

Question 109

what are the secondary aims of the risk committee?

Answer 109

• advise board on risk profile and appetite
• acting on behalf of the board
• continual review of the risk policy
• ensuring that there are appropriate communication of risks
• ensuring that there are adequate training arrangements in place
• obtaining appropriate external advice to ensure that risk management processes are up to date
• ensuring that best practices in risk management are used by the company

Question 110

what are the typical activities of the risk committee?

Answer 110

• provision of overall leadership for rm team
• identification and evaluation of risks
• implementation or risk mitigation strategies
• seeking opportunities to improve risk management
• monitoring the status of risk mitigation
• developing, implementing and managing risk management programmes
• maintaining good working relationships with the board
• ensuring compliance with any laws and regulations
• implementing a set of risk indicators and reports
• liaising with insurance companies
• depending on specific laws of the jurisdiction in which the organisation is based, working with external auditors
• depending on jurisdiction, abiding by SOX for stat reports

Question 111

what are general responsibilities of all employees?

Answer 111

be aware of risks

be audible

Question 112

how was Northern Rock a case of failure in risk management?

Answer 112

failed to have enough reserves to cover liabilities

bank run (first in over 150 years in UK) lead to government providing 'lender of last resort' funding
fall in share price and credit rating

had a formal approach to risk management
however they assumed managers had unimpeded access to funds, causing more risk taking

shows need to move beyond tick-box approach to compliance and good governance required a more insightful approach to risk management and internal control