Block 11

Question 1

Business decision categories

CBD Or First Letter

Answer 1

• Big-bet decisions
• Cross-cutting decision
• Delegated decision

Question 2

Conditions for decision making

CUR

Answer 2

Certainty
Risk
Uncertainty

Question 3

Conditions for decision making

CUR

Certainty

Answer 3

Information is sufficient to predict the results of each alternative in advance of implementation

Question 4

Conditions for decision making

CUR

Risk

Answer 4

Lack of complete certainty regarding various courses of action, but can assign probabilities to occurrences

Question 5

Conditions for decision making

CUR

Uncertainty

Answer 5

So little information that they cannot even assign probabilities to various alternatives and possible results

Question 6

Risk

Answer 6

The possibility that the event will occur and adversely affect the achievement of objectives

• Generally viewed as negative
• Anything that threatens a company’s ability to achieve its goals

Question 7

Risk management

Answer 7

Coordinated activities to direct and control an organization with regards to risk

Process of identifying, monitoring managing, forecasting and evaluating risks and finding procedures to avoid or minimize their impact

Question 8

Types of Risk

Big Furry Hamsters

Answer 8

Business
Financial
Hazard

Question 9

Types of Risk

Big Furry Hamsters

Business

Answer 9

Will/won’t compete successfully in its operations

Question 10

Types of Risk

Big Furry Hamsters

Financial

Answer 10

Will/won’t have adequate funds for its operations

Question 11

Types of Risk

Big Furry Hamsters

Hazard

Answer 11

Exposures that can cause loss without the possibility of gain

Question 12

Role of risk management in strategy performance

Answer 12

• Organisation regularly engage in strategic planning but they often don’t forsee all the risks that could derailed the effective execution of intended strategies

• Strategic management is dependent on how well an organization can determine and manage risk

• Necessary to ensure effective and efficient operations

• Essential for business continuity and the creation and protection of value

Question 13

Enterprise Risk Management (ERM) definition

Pizza And Alcohol Every Rainy Afternoon

Answer 13

• Process
• Affected by BOD, management and personnel
• Applied in strategy setting and across the enterprise
• Designed to identify potential events that may affect the entity and
• and manage risk within its risk appetite
• to provide reasonable assurance regarding the achievement of entity objectives

Question 14

COSO ERM Framework
(Definition)

Answer 14

Framework for designing, implementing and evaluating internal control organizations, providing enterprise risk management

Question 15

COSO ERM Framework
(2 Types)

Answer 15

1. COSO ERM - Integrated Framework (Cube) 2004
2. COSO ERM - Integrated with Strategy and Performance (Ribbon) 2017

Question 16

COSO ERM Framework (Top)
Name the 4 Objectives/Risks

Smart Owls Read Carefully

Answer 16

Strategic
Operating
Reporting
Compliance

Question 17

COSO ERM Framework (Top)
Describe the 4 Objectives/Risks

Smart Owls Read Carefully

Answer 17

1. Strategic: High level and aligned with an entity’s mission
2. Operating: Effective and efficient use of resources
3. Reporting: Need for reliable Reporting
4. Compliance: Comply with applicable laws and regulations

Question 18

COSO ERM Framework (Front)
Name the 8 Components

Invisible Octupus Mindlessly Eats Real Rainbow Ice Cream

Answer 18

Internal environment
Objective setting
Monitoring
Event identification
Risk assessment
Risk response
Information and Communication
Control activities

Question 19

COSO ERM Framework (Front)
Describe 8 Components: Internal Environment

Invisible

Answer 19

Internal environment:
Encompasses the tone ‘at the top’ of the enterprise and influences the organisation’s governance process and the risk and control consciousness of its people

Question 20

COSO ERM Framework (Front)
Describe the 8 Components: Objective setting

**Octupus*

Answer 20

Objective setting:
Process to set objectives
Objectives support and aligh with the entity’s strategy and are consistent with risk philosophy and appetite

Objectives drive event identification, risk assessment and risk response

Question 21

COSO ERM Framework (Front)
Describe the 8 Components: Monitoring

Mindlessly

Answer 21

Monitoring: Ongoing tracking and evaluating to access the presense and functioning of ERM components and the quality of performance over time

Question 22

COSO ERM Framework (Front)
Describe the 8 Components: Monitoring

Mindlessly

Answer 22

Monitoring: Ongoing tracking and evaluating to access the presense and functioning of ERM components and the quality of performance over time

Question 23

COSO ERM Framework (Front)
Describe the 8 Components: Event identification

Eats

Answer 23

Event identification:
Identify potential (positive or negative) events (from internal or external sources) affecting achievement of objectives

Negative events represent risks
Positive event represent risk upside/opportunity

Question 24

COSO ERM Framework (Front)
Describe the 8 Components: Risk assessment

Real

Answer 24

Risk assessment:
Qualitative and quantitative methods to evaluate the likelihood and impact of potential events over given time horizon

Question 25

COSO ERM Framework (Front)
Describe the 8 Components: Risk response

Rainbow

Answer 25

Risk response:
Alternative risk response options and their effect on likelihood and impact

Resulting cost versus benefits

Question 26

COSO ERM Framework (Front)
Describe the 8 Components: Information and communication

Ice

Answer 26

Information and communication:
Communicate relevant information (from internal and external sources) in a form and timeframe that enables personnel to carry out their responsibilities

Question 27

COSO ERM Framework (Front)
Describe the 8 Components: Control activities

Cream

Answer 27

Control activities:
Policies and procedures implemented throughout the organization to help ensure that risk responses are properly executed

Question 28

COSO ERM Framework (Side)
Name the 4 Units/parts of the Organisation

Silly Bunnies Dance Everywhere

Answer 28

Subsidiary
Business Unit
Division
Entity-level

Question 29

COSO ERM - S&P (ribbon) * 2017
Name the 5 components

Giant Snakes Play Rugby Intensely

Answer 29

1.Governance and Culture
2. Strategy and objective setting
3. Performance
4. Review and Revision
5. Information, communication and Reporting

Question 30

COSO ERM - S&P (ribbon) * 2017

Component: Giants Governance and Culture
5 Principles: SOVIC

Answer 30

Governance and Culture:
Governance sets tone for the organization and establishes oversight responsibilities for ERM
Culture relates to ethical values desired behaviors and understanding of risk

Principles:
• Exercise broad risk oversight
• Establish operating structures
• Defines desired culture
• Demonstrates commitment to core values
• attract, develop and retain capable individuals

Question 31

COSO ERM - S&P (ribbon) * 2017

Component: Snakes Strategy and Objective Setting
4 Principles: CASO

Answer 31

Strategy and Objective Setting:
Focuses on strategic planning and how the organization can understand the effect of internal and external factors on risk

Principles:
• Analyze business context
• Define risk appetite
• Evaluate alternative strategies
• Formulate business objectives

Question 32

COSO ERM - S&P (ribbon) * 2017

Component Play:Performance
5 Principles: RPSPR

Answer 32

Performance

Principles:
• Identifies risks
• Assesses severity of risk
• Prioritizes risk
• Implements risk responses
• Develops portfolio view

Question 33

COSO ERM - S&P (ribbon) * 2017

Component Rugby: Review and Revision
3 Principles: RIC

Answer 33

Reviews and revision:
How well ERM components of functioning, over time and substantial change, and what revisions are necessary

Principles:
• Assessess substantial change
• Reviews risk and performance
• Pursue improvements in ERM

Question 34

COSO ERM - S&P (ribbon) * 2017

Component Intensely: Information, Communication and Reporting
3 Principles: LRC

Answer 34

Information, communication and Reporting:
Continuous process of obtaining and sharing necessary information (internal & external sources, flows all directions)

Principles:
• Leverages information and technology
• Communicates risk information
• Reports on risk, culture and Performance

Question 35

ISO 3100
Definition

Answer 35

• International standard associated with risk management
• Provides principles and guidelines for effective risk management
• Outlines a generic approach to risk management
• Can apply to different types of risks and used by any type of organization

Question 36

ISO 31000 Risk management framework

D3IE

Answer 36

• design
• integration
• implementation
• improvement
• evaluation

Question 37

ISO 31000 risk management principles

BID HICCS

Answer 37

• best available information
• integrated
• dynamic
• human and cultural factors
• inclusive
• customized
• continual improvement
• structured and comprehensive

Question 38

ISO 31000 risk management process

CRM Criteria 5Risk (TEAIA)

Answer 38

• communication and consultation
• recording and reporting
• monitoring and review
• scope, context, criteria
• risk assessment
• risk identification
• risk analysis
• risk evaluation
• risk treatment