Anagrams

Question 1

COSO Objectives (ORC)

Answer 1

O-operating objectives (effectiveness and efficiency)
R-reporting objectives (reliability, timeliness, transparency)
C-compliance objectives (adhering to laws and regulations)

Question 2

COSO Components

Answer 2

1. Control Environment
2. Risk Assessment
3. Control Activities
4. Information and Communication
5. Monitoring

Question 3

Control Environment (EBOCA)

Answer 3

Ethics
Board independence and oversight
Org. structure
Commitment to competence
Accountability

Question 4

Risk Assesment (SAFR)

Answer 4

Specify objectives
Assess and identify changes
Fraud potential
Risk (analyzed)

Question 5

Information and Communication (OIE)

Answer 5

Obtain and use information
Internally communicate information
External parties communication

Question 6

Monitoring (So D)

Answer 6

Separate/ongoing evaluations
Deficiencies communicated

Question 7

Existing Control Activities (CA T P)

Answer 7

Control Activities
Technology controls
Policies and procedures

Question 8

5 Components of ERM (GO PRO)

Answer 8

G-governance and culture
O-objective setting/strategy
P-performance
R-review and revision
O-ongoing information, communication, and reporting

Question 9

Governance & Culture (“DOVES”)

Answer 9

D-desired culture
O-oversight from board
V-values commitment
E-employees (capable)
S-structure established

Question 10

Objective setting/strategy (SOAR)

Answer 10

S-strategies (alternative)
O-objectives (business)
A-analyzes business context
R-defines risk appetite

Question 11

Performance (VAPIR)

Answer 11

V-view (portfolio)
A-assesses severity of risk
P-prioritizes risk
I-identifies risks (events)
R-responses to risk implemented

Question 12

Review and revision (SIR)

Answer 12

S-substantial change
I-improvement in ERM
R-reviews risk and performance

Question 13

Ongoing information, communication, reporting (TIP)

Answer 13

T-technology and information leveraged
I-information risk communicated
P-performance and risk culture reports