B1 Flashcards
M1 M2
___ considers the manner in which management monitors and authorizes changes to a variety of information technology matters
Change control
which COSO framework component is designated to ensure internal controls operate effectively
Monitoring
Common risks identified using the COSO framework
- Material omission
- Fraud
- Mgt. Override of controls
- Illegal acts
How to develop Value under ERM
CPER
- Value Creation: Benefits > resource costs
- V. Preservation: Sustainable operating profits - ongoing
- V. Erosion: Costs > Benefits
- V. Realization: Dividends/SP > Cost “capital gain”
5 components of Enterprise risk management
GO PRO
- Governance and Culture: tone at the top
- Strategy and Objective setting: Mission/vision & defining risk appetite
- Performance: Evaluate ID & Respond to risk using ARTS
- Review and Revision - assess substantial changes, pursue improvements
- Information communication and reporting (ongoing)
Principles of Governance and Culture Component of ERM
DOVES (similar to control environment as it sets tone at the top)
- Defines Desired Culture - how conservative/aggressive do we want to be
- Exercise Board Oversight -
- Demonstrates commitment to core Values - adopt code of conduct
- Attracts, Develops, and retains capable individuals (employees)
- Establishes operating structute
Principles of Strategy and Objective Setting Component of ERM
SOAR
- Evaluate alternative strategies - what is the vision
- formulates business objectives - why do we exist (mission)
- Analyzes business context
- defines risk appeitite
Principles of Performance Component of ERM
VAPIR (Similar to R in risk assessment) all about
- Develops portfolio view
- Assesses severity of risk
- Prioritizes risk - interest rate risk, currency risk, competition
- Identifies risk
- Implements risk responses -ARTS
Principles of Review and Revision component of ERM
SIR
- Assess substantial change - internally w/ officers external with substitute products
- Pursues improvements in ERM
- Reviews risk and performance - how did we do with managing risk? was the hedge successful
Principles of Info, communication and reporting (Ongoing) component of ERM
TIP
- Leverages info and tech - think OIE & FACT
- Communications risk info - MDA
- reports on risk culture and Performance - MDA
the risk to an entity in the absence of any direct or focused actions by management to alter its severity
inherent risk
amount of risk that an entity prefers to assume in the pursuit of its strategy
target residual risk
the risk remaining after management has taken action
actual residual risk
Title III of SOX is
corporate responsibility. establishes audit committee and CEO/CFO representations
title IV of SOX
enhanced financial disclosures for internal controls and audit committee
