B1-M2 Enterprise Risk Management Frameworks Flashcards
what are the 4 values?
- Value creation: benefits of value exceed the costs of resources used. Ex: successful and profitable launch of a new product
- value preservation: ongoing operations efficiently and effectively sustain created benefits
- value erosion: faulty strategy and inefficient and/or ineffective operations cause value to decline
- value realization: benefits created by the organization are received by stakeholders in either monetary or nonmonetary form
what is the definition of ERM?
It is the culture, capabilities, and practices, integrated with strategy-setting and performance, that organizations rely on to manage risk in creating, preserving, and realizing value.
what are the 5 components of ERM?
GO PRO
- Governance and culture
- Strategy and Objective-setting
- Performance
- Review and revision
- (Ongoing) information, communication, and reporting
what are the 20 principles of ERM?
- Governance and culture: DOVES
1. define Desired culture
2. exercise board Oversight
3. demonstrate commitment to core Values
4. attract, develop, and retain capable individuals (Employees)
5. establish operating Structure - Strategy and Objective-setting: SOAR
1. evaluate alternative Strategies
2. formulate business Objectives
3. Analyzes business context
4. defines Risk appetite - Performance: VAPIR
1. develop portfolio View
2. Assess severity of risks
3. Prioritize risk
4. Identify risks
5. implement risk Responses - Review and revision: SIR
1. assess Substantial change
2. pursue Improvements in ERM
3. Review risks and performance - Information and communication (ongoing): TIP
1. leverage information and Technology
2. communicate risk Information
3. report on risk, culture, and Performance
what does core values correlated with?
culture
what does mission and vision correlate with?
strategy and business objectives
what is residual risk?
it represent the risk that remains after management has taken actions to mitigate negative events
what are the 5 risk responses?
- accept: no action is taken to change the severity of risk
- avoid: action is taken to remove the risk
- pursue: action is taken that accepts increased risk to achieve improved performance
- reduce: action is taken to reduce the severity of the risk. Ex: diversification of product offerings reduce severity to aligned with target risk profile and risk appetite
- share: action is taken to reduce the severity of the risk by shifting to another party. Ex: outsourcing and insurance lower residual risk in alignment with risk appetite -> risk is now shifted to another party
what are the 3 concepts of risk assessments?
- Inherent risk: risk to an entity in the absence of any direct or focused actions by management to alter its severity. in other words, inherent risk is the risk to an organization if the management does nothing to alter the likelihood or impact of a negative event.
- Target residual risk: the amount of risk that entity prefers to assume in the pursuit of its strategy and business objectives
- Actual residual risk: remaining risk after management has taken action
Residual risk = inherent risk - impact of management actions
what is definition of ERM?
ERM is CCPIS to manage risk and create value
CCPIS: create, capabilities, and practices, integrated with strategy-setting and performance
what is risk appetite?
it serves to balance entity’s willingness to accept risk with return/growth the entity wants to achieve