Certificate in IRM Module 2 (all)

Question 1

Coca Cola - what did they say?

Answer 1

The world is changing all around us. To continue to thrive as a business over the next 10 years and beyond, we must look ahead. Understanding the trends and forces that will shape our business in the future and moving swiftly will prepare us for what’s to come.

Question 2

Generic and Industry Specific KRI examples

Answer 2

Generic: Staff T/over, Accident Rates, IT downtime
Specific: % of incorrect sales, % of food contamination indidents

Question 3

Risk Emphasis

Answer 3

e.g. PLCs = profit. Local Authority = delivery of services

This feature of risk management is often referred to as the ‘risk emphasis’ of an organisation

The nature of the business or objectives drives the primary thinking in regard to the way risks are addressed. A major retailer will have brand management as its focal point for risk management, whereas a pharmaceutical firm will have product efficacy and safety as the key risk emphasis for their risk control efforts.

Question 4

Materiality - definition

Answer 4

Materiality of business environment changes varies in tune with the organisation’s size, resources, operations and objectives

Question 5

What would a medium sized housing construction company in the UK be interested in from a Materiality perspective

Answer 5

medium-sized housing construction company operating in the UK will have a strong interest in:

1) economic environment as it affects employment, confidence in the strength of the market,
2) availability of funds to lend to prospective purchases and;
3) the cost of construction materials.

Question 6

State-funded hospital - Materiality for them?

Answer 6

State-funded hospital would naturally monitor:

1) Government’s monetary policy,
2) political developments and;
3) any austerity measures that are introduced.

Question 7

Body Shop - vision? Why high risk?

Answer 7

The Body Shop has been successful even though the vision was unproven in the retail market and the market’s acceptance of the branding style and concept uncertain.

Question 8

Banks - what is their most valuable asset to protect?

Answer 8

Business with banks, in particular, is based on trust and banks will naturally protect their reputation as their most valuable asset.

Question 9

‘risk emphasis’ - major retailer

Answer 9

Brand Management

Question 10

‘risk emphasis’ - pharmaceutical firm

Answer 10

Product efficacy and safety

as the key risk emphasis for their risk control efforts.

Question 11

Risk Emphasis - Regulatory Developments - applicable to who?

Answer 11

Regulatory developments could be sector-specific to certain industries only.

Question 12

Risk Emphasis - Geographical Issues?

Answer 12

geographical issues may be related to such matters as the physical exposures to an organisation by, for example, earthquake or hurricane/typhoon.

Question 13

Risk Emphasis - Hotel Sector?

Answer 13

Brand Recognition

Question 14

RASP - What is the most important part?

Answer 14

‘The Risk Management Policy Statement’ - sets out the overall strategy of the organisation to Risk Management

p.239

Question 15

What types of Risk Documentation will need to be kept?

Answer 15

• Admin records
• Risk response and imporvement plans
• Event reports and recommendations
• Performance and monitoring reports

AND .. the Risk Register

Question 16

Where does the interaction b/.w Risk Mngmt & Internal Audit get documented?

Answer 16

Within the RASP

Question 17

RASP - where does the Risk Management Strategy get recorded / set out?

Answer 17

In the ‘risk Management Policy Statement’

Should ensure that there is Risk Management input into ‘STOC’ - Strategy Tactics Operations Compliance

p.243

Question 18

What is something that the Risk Management Strategy will include?

Answer 18

‘what the organisation is seeking to achieve wrt Risk Management’

Question 19

RASP - Protocols … what are they?

Answer 19

Risk Procedures and Guidelines
Procedures and Protocols
Frequency and nature of risk reports
Reviewed annually and kept up to date
what activities must be undertaken

Protocols: ‘seen as the Standing Instructions relating to Risk Management in an organisation

Question 20

What aspects of risk should have clear statements of responsibilities

Answer 20

• Setting of required Risk Standards
• Implementing Risk Standards
• Monitoring Risk Performance

Question 21

ISO Guide 73 definition of a Risk Owner

Answer 21

a ‘person with authority & accountability to make the decision to treat, or not to treat a risk’.

Question 22

What is a downside of having the Risk Mngmt Committee (RMC) report into the Audit Committee

Answer 22

Could impair the work of the RMC through extra bureaucracy and unhelpful emphasis on audit and compliance.

Question 23

How do organisations largely structure their risk management activities?

Answer 23

according to the prevailing management style that applies within the wider organisation.

Question 24

What is a key feature of risk architecture

Answer 24

The roles and responsibilities of key staff and indeed all individual employees

Question 25

What does the risk framework take account of

Answer 25

the risk framework takes account of

1) the overall risk management operations,
2) reporting requirements; and
3) assurance arrangements,

Question 26

What are typical components of a Risk Framework

Answer 26

Risk policy – the high level statement of the organisation’s philosophy on risk and the foundation of the organisation’s risk strategy.

Terms of reference for the risk committee and the head of risk management.

Risk appetite and tolerance statement – for organisations that are groups, there may be a group statement and divisional statements.

Risk register – again there may be local registers and a centralised, consolidated register.

Key risk indicators and a risk dashboard for reporting and monitoring purposes.

Risk models – algorithms designed to model potential risk outcomes.

Issues and events log – to record and learn from actual events and breaches of controls.

Question 27

Examples of Risk Protocols

Answer 27

• The techniques used in risk identification.
• The format and content of the organisation’s risk register, how it is to be completed and the requirements for regular updates.
• Requirements on entering risk events into the issues and events log and the upward notification of events according to their materiality.
• Detailed reporting requirements – such as weekly or monthly reports and risk analysis, performance against key risk indicators.
• Approval processes for expenditure on risk improvement actions.
• Control and sign-off processes for entering into new (or renewal) contracts.
• Template documents for risk assessments and, where required, certification.

Question 28

COSO 2017 expectations for information, communication and reportng

Answer 28

Information, Communication, and Reporting:

Enterprise risk management requires a continual process of obtaining and sharing necessary information, from both internal and external sources, which flows up, down, and across the organisation.