Chapter 12+13. Risk management

Question 1

List four important corporate governance roles with risk

Answer 1

1. Defining the risk that the organization is prepared to take in delivering its strategy
2. Ensuring risks are managed are understood and managed
3. Ensuring that robust internal controls are in place to manage risks
4. Creating a risk culture

Question 2

List 4 Business Risks

Answer 2

1. Reputational risk: the risk of loss in customer loyalty or support due to an event that has damaged the company’s reputation.
2. Competition risk: the risk that business performance will be affected because of the actions of the company’s competitors.
3. Business environment risks: the risk that the business environment in which the company operates will change significantly. This may be due to political factors, regulatory factors, economic factors, social and environmental factors or technological factors.
4. Liquidity risk: the risk that the company will have insufficient cash to settle all of its liabilities on time.

Question 3

What are the three main types of Internal Controls?

Answer 3

1. Preventative controls intended to prevent an adverse risk event from occurring, e.g. fraud by employees.
2. Detective controls for detecting risk events when they occur, so that the appropriate person is alerted, and corrective action taken.
3. Corrective controls for dealing with risk events that have occurred and their consequences.

Question 4

What are the five stages for the development of a Risk Management System

Answer 4

1. Definition & Identification
2. Assessment
3. Response
4. Monitoring
5. Reporting

Question 5

List 4 roles of the company secretary in risk?

Answer 5

DEVELOP
1. Develop a set of strategic objectives for the company relating to risk

2. Identify the principal risks it is willing to take to achieve its strategic objectives and those that could threaten the company’s ‘business model, future performance, solvency and liquidity’.
3. Carry out a ‘robust’ assessment of the principal risks.

ADVISE
4. Explain how the principal risks are being managed or mitigated.

MONITOR
5. Monitor the risk management and internal control systems.

6. At least annually, carry out a review of the effectiveness of the risk management and internal control systems.
7. Annually carry out an assessment of the future viability of the company for a period to be determined by the board considering the organisation’s current position and the principal risks

COMMUNCATE
8. Report on the above in the company’s annual report and accounts.

Question 6

List 5 benefits of a company having a risk committee

Answer 6

1. Focused only on Risk
2. Audit Committee may not have the required skills and experience
3. The composition of the committee is not restricted by the requirements of the corporate governance code.
4. It can give the board advice and make specific recommendations on risk appetite, the organisation’s risk tolerance and strategies to manage risk.
5. It can provide input into strategy formulation by helping the board to understand the key risks facing the organisation and the opportunities available to the organisation by managing those risks.

Question 7

List five tasks of Internal Audit

Answer 7

1. Value for Money (VFM) audits. This is an investigation into an operation or activity to establish whether it is economical, efficient and effective.
2. Reviewing compliance by the organisation with particular laws or regulations. This is an investigation into the effectiveness of compliance controls.
3. Risk assessment Internal auditors might be asked to investigate aspects of risk management, and in particular the adequacy of the mechanisms for identifying, assessing and controlling significant risks to the organisation, from both internal and external sources.
4. Suitability of controls
5. Reports To Audit Committee/Risk Committee and Board

Question 8

What are the five benefits of an internal Audit function?

Answer 8

1. Understands the organisation, its culture, operations and risk profile and can add value to the organisation’s processes
2. Can build networks throughout the organisation, become integrated into the company’s business and as such become the ‘eyes and ears’ of the board
3. Provide assurance to stakeholders on the integrity of the organisation’s systems
4. Become an essential part of the checks and balances within the organisation
5. Could be a lower-cost option, depending on the make-up of the team.

Question 9

List areas of illicit activity whistleblowing policy designed to uncover

Answer 9

1. Fraud
2. A serious violation of a law or regulation by the company or by directors, managers or employees within the company
3. A miscarriage of justice
4. Bribery
5. Price-fixing
6. Danger to public health or safety, such as dumping toxic waste in the environment or supplying food that is unfit for consumption
7. Neglect of people in care
8. Waste or misuse of public funds
9. BULLYING

Question 10

What are the six principles of the Ministry of Justice Guidance on the UK Bribery Act 2010?

Answer 10

• Proportionate procedures
  The procedures of a commercial organisation to prevent bribery should be proportionate to the risk of bribery that it faces and the nature and scale of its commercial activities.
• Top-level commitment
  Top-level management should be committed to preventing bribery and should foster a culture in their organisation in which bribery is considered unacceptable.

* Risk assessment.
There should be periodic, informed and regular assessment by organisations of the nature and
extent of potential bribery by people associated with it.

• Due diligence
  There should be due diligence of third party intermediaries and local agents who will act on behalf of the organisation, with a view to identifying and mitigating bribery risk.
• Communication (including training)
  Commercial organisations should seek to ensure that policies against bribery are embedded and understood, by means of communication and training that is proportionate to the bribery risk that
  the organisation faces.
• Monitoring and review. There should be monitoring and review of the procedures designed to prevent bribery, and
  improvements should be made when weaknesses are detected.

Question 11

What are the three offences under The UK Bribery Act (2010)

Answer 11

• Offering bribes (active bribery) and receiving bribes (passive bribery).
• Bribery of foreign public officials for business benefit.
• Failure to prevent a bribe being paid on the organisation’s behalf

Question 12

What is a disaster recovery plan?
Examples and features

Answer 12

A plan of what needs to be done immediately after a disaster to recover from event

Fire, flood, IT disruption, terrorist attack

Needed if lengthty shutdown to operations is catastrophic (banking, airline)

Question 13

What should a disaster recovery plan do?

Answer 13

Specify which operations are essential

Identify and analyse potential threats

Identify reactions:
Back up systems
Teams to deal with internal/ external comma

Question 14

What are business continuity plans?

Answer 14

Go beyond procedures during emergency and establish in advance plan to continue services on the longer term

Developed from disaster recovery plan and risk management process

Board involved as critical to ongoing activity of business

May be part of annual review of effectiveness of internal controls