Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Corporate Governance > Chapter 12- Risk > Flashcards

Chapter 12- Risk Flashcards

1
Q

Explain Principle O, and Provision 28 and 29 in relation to Risk and Internal controls.

A

Principle O: establish procedures to manage risk, oversee internal control, principal risks.

Provision 28: Robust assessment of the principal risks

Provision 29: Monitor the risk management and internal control systems- annually.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Define Principal Risks, Downside Risk, Upside Risk, Strategic Risk and Risk Appetitie/Tolerance.

A
  • Principal Risks: Risks that might threaten the entity’s business model, future performance, solvency or liquidity, or result in significant value erosion.
  • Downside risk: A risk that actual events will turn out worse than expected, measured in terms of the amount of profits which could be worse than expected- outcome is forecast/budget expectation.
  • Upside risk: A risk that actual events will turn out better than expected- provide unexpected profits.
  • Strategic Risk: Risk from unexpected events or developments in a business or in the business environment which are outside the control of management.
  • Risk appetite and risk tolerance- Risk appetite is the amount of risk an organisation is prepared to accept in order to achieve its financial objectives. Risk tolerance is the amount of risk an organisation is prepared to accept to achieve its financial objectives- expressed as a quantitative measure (VaR).
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Define an Internal Control System and Operational, Compliance Risk.

A
  • Compliance Risk: Risks of failure to comply with laws or regulations and the consequences of such a failure if discovered.
  • Internal Control System: Structures, policies, and procedures within an organisation related to the management of financial and operational and compliance risks- business risk. Preventative/Detective/Corrective.
  • Operational Risk: Risk of an error, deliberate or otherwise, in operating system design, the risk of failures due to weak organisational structure; or risks due to human error including inefficient management- H&S, environmental risk.
  • Operational Controls: Internal controls to prevent or detect errors resulting from operational risk.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is the FRC Guidance on Board Effectiveness in Relation to Risk?

A

FRC Guidance on Board Effectiveness- Risk

  • 11 and 12 – effective board
  • 24 – monitoring culture
  • 27 and 32 – decision-making
  • 59 – gathering views of workforce
  • 62 – board committees
  • 75 – role of NEDs
  • 113 – evaluation of performance
  • 117, 120, 121 and 122 – Audit, Risk and Internal Control (Section 4)
  • 123 and 126 b – viability statements

Board should establish procedures to manage risk, oversee the internal framework- determine nature and extent of the principal risks- risks taken to achieve LT objectives. Supported by provisions 28/29

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are the responsibilities of the Board in Risk Management according to the FRC Guidance on Risk Management, Internal Control and Related Financial and Business Reporting (2014).

A

Responsibilities of the board – The board should:

  • ensure ‘appropriate’ systems for identifying risks and make a ‘robust assessment’ of those risks;
  • determine nature and extent of principal risks and those risks company is willing to take to achieve strategic objectives (risk appetite);
  • ensure appropriate culture and reward systems are embedded throughout the company;
  • agree how to manage or mitigate principal risks to reduce probability and/or impact;
  • review effectiveness of risk management and internal control systems and take corrective action where necessary; and

ensure there are sound processes for internal and external communications on risk management and internal control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the Internal Audit Function, and what are some examples of Financial Risk, Operational Risk and Compliance Risk.

A

Internal Audit Function:

Work of internal audit is not prescribed by regulation – it is decided by management / board/ audit committee and may include:

  • reviewing internal control systems- system made up of all the of the structures, policies and procedures within an organization related to the management of financial/operational/compliance risk. Preventative/Detective/Corrective Controls.
  • special investigations;
  • examining financial and operational information;
  • Value for Money (VFM) audits (investigates whether an operation or activity is economical, efficient and effective);
  • reviewing compliance with particular laws or regulations;
  • risk assessment.

Financial Risk- Errors or fraud in Accounting systems or weak controls to protect financial assets.

  • Failure to record transactions
  • Failure to collect money owed
  • Failure to protect cash
  • Failure to impose stringent payment policies

Operational Risk: Risk of losses resulting from inadequate or failed internal processes, people and systems or external events. They include:

  • Risk of breakdown
  • Risk of losing information
  • Risk of terrorist attack
  • Losses arising from mistakes by staff

Compliance Risks- Failure to comply with laws or regulations resulting in fines or legal action

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is Business Risk and Governance Risk, Cyber Risk, Internal Control Risk, and Strategic Risk.

A

Business Risk: The possibility of a company having lower than anticipated profits or experience a loss

  • Reputational risk- risk of loss in customer loyalty, due to a damaging event
  • Competition risk- risk that business performance affected by a competitor’s actions
  • Business environment risks- regulatory/political/environmental changes
  • Liquidity risks- risk that the company will have insufficient cash to settle all its liabilities.

Governance Risk:

  • Structure- risk associated with boards/policy frameworks
  • Processes- new product processes and communication channels
  • Information- audit reporting, management risk and compliance reporting
  • People and culture- leadership/accountability transparency
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What does the Turnbull Report Recommend? What are the UK and USA Systems of Risk Management?

A

The Turnbull Report: Recommends that there should be financial, operational and compliance controls to deal with risks in each of these areas.

  • Financial – internal controls to provide reasonable assurance around transactions, access to assets and keeping proper records
  • Operational – internal controls that help to reduce risks or identify failures in operational systems. Designed to prevent, detect and/or correct operational failures
  • Compliance – concerned with making sure that organization complies with all requirements of relevant legislation and regulations

UK: The Turnbull Report/Guidance (now replaced by FRC Guidance). Considers risk management and internal controls jointly

USA: Committee of Sponsoring Organisations (COSO). Considers risk management and internal controls as two separate systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the ERM Model and the COSO Framework? Identify the 5 elements to a system of internal control.

A

Consistent with the ERM Model, the COSO Framework (2013) identifies 5 elements to a system of internal control:

  • The control environment- set of standards, processes, and structures that provide the basis for carrying out internal control across the organization.
  • Risk assessment- identifying and analyzing risks to achieve the Company’s objectives
  • Control activities- performed at all levels, actions established by the policies and procedures- management directives to mitigate risks.
  • Information and communication- internal and external- information is necessary for the organization to carry out its internal controls function.
  • Monitoring activities - evaluations and communication of deficiencies of the internal control system.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are the Elements of an effective Risk Management System (COSO Enterprise Risk Management (ERM) Model, 2017):

A
  • Governance and culture- Governance sets the organization’s tone on oversight responsibilities and culture pertains to ethical values, desired behaviors and understanding of risk
  • Strategy and objective-setting- Process for setting objectives for the company that are consistent with the organization’s aims and the board’s risk appetite
  • Performance- Risks that may impact the achievement of strategy and business objectives need to be identified and assessed
  • Review and revision- By reviewing performance an organization can consider how well the risk management components are functioning and what revision are needed over time
  • Information and communication- Continual process of obtaining and sharing necessary information from internal and external sources, and flowing up, down and across the organization
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are the steps taken in developing a Risk Management System? What is Risk Reporting?

A
  • Risk identification- board has ultimate responsibility in determining the nature and extent of the principal risks. Mind Mapping/Process Mapping/Stress Testing/Internally generated Documents.
  • Risk categories – Strategic (external risks), (Internal) Financial/Operational/Compliance- Internal control system will manage COSO.
  • Risk assessment: does the risk qualify as a principal risk of the organization? What is likelihood or probability of occurrence; and what is the potential size of the impact of the occurrence?
  • Risk response – avoid/reduce/transfer(insurance/outsourcing) /accept
  • Risk monitoring- Monitoring the effectiveness of the responses, Stress Testing/Internal Audit.
  • Risk reporting- Board needs information from management on the principal risks and the effectiveness of how they’ve been managed.

Risk Register-

  • Recording Risks that have been identified
  • Actions taken to identify the risks
  • The outcome of the investigation and assessment of risks
  • Identifying the person with management responsibility for the risk
  • Recording measures taken to deal with the risk
  • Recording the effects of control measures to assess whether control is effective or new measures required
  • Recording regular reviews of risk to determine whether it is becoming more significant or less significant
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What should the Strategic Report, and DTR Disclosure contain in relation to Risks.

A

Strategic Report- Must contain a description of the principal risks and uncertainties facing the company, how they are to be managed/mitigated. PIE (Large public interest entities)- Company’s business relationships/products/services likely to cause adverse impacts on principal risks.

DTR- Disclosure of internal control weaknesses- The board of a listed company has an obligation under the DTR to report significant internal control weaknesses, when the occur if the company’s financial performance/position will be badly affected as a result

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are the benefits of Risk Management?

A

Benefits of Risk Management-

  • Operational Performance- increases the likelihood of achieving business objectives, uses incidents to highlight the risk environment- enhance risk awareness- develop performance indicators or risk indicators to improve business performance and processes. Facilitates monitoring and mitigation of risk- provides a platform for regulatory compliance and building goodwill.
  • Financial Performance- Protects and enhances value, contributes to a better credit rating, builds investor, stakeholder and regulator confidence and shareholder value. Reduces insurance premiums.
  • Decision Making- Informed decisions are made, facilitates assurance and transparency of risks at board level, enables decisions to be made in light of risk appetite/tolerance risk impact.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are the Common Risk Failures of the Board, and how should they be prevented?

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is the Risk Committee? What are its benefits? What are the disadvantages of forming a Risk committee?

A

The Risk Committee- Focus exclusively on risk issues - No Restriction on composition, but according to ICSA guidance note:

  • Should consist of a majority of NEDs and the Chairman should be a NED
  • Finance Director should be a member or attend regularly
  • Chief Risk Officer should attend
  • CEO may be asked to attend the meetings
  • Good Communication between the Risk Committee and the Audit Committee

Para 120 FRC Guidance on Board Effectiveness:

  • Companies in some sectors may be required to create a separate risk committee with responsibility for ensuring risk is effectively managed. Where this is not a requirement, the board may wish to consider having a separate risk committee, particularly if it has concerns about whether the audit committee has sufficient time to deal with both issues or whether the composition of the audit committee is suitable.

Risk committee has benefits as it can focus solely on reviewing the organisations risk management, give specific advice to the board on risk appetite/tolerance/management- composition is not restricted by the Code- can have non-board members and Executive directors.

  • Risks associated with forming a risk committee- conflict between the audit and risk committee- roles will have to be clearly defined and outlined, regular reports from the Committee meetings.
  • Danger of overlooking some risks- as each committee might think the other is looking at the risk- effective communication is required, the chair of each Committee should be the member of the other- AC should retain responsibility for monitoring financial risks as well as effectiveness of internal control/ as they have responsibility for audit and financial reporting.
  • A message is sent to senior management that risk is no longer their responsibility – to ensure this does not happen an organisation should have a risk manual roles/responsibility of the board clearly listed.
  • Having sufficient directors with required skills, source directors with relevant experience- source non board members to sit on the Committee- CFO/Advisor.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is the role of the Risk Committee in an organisations Risk Management framework?

A

RC - Advise the board on the company’s overall risk appetite, tolerance and strategy. Oversee and advise the board on the current risk exposures of the company and future risk strategy

In relation to risk assessment and subject to overlap with the audit committee:

  • keep under review the company’s overall risk assessment processes that inform the board’s decision making, ensuring both qualitative and quantitative metrics are used;
  • review regularly and approve the parameters used in these measures and the methodology adopted; and
  • set a standard for the accurate and timely monitoring of large exposures and certain risk types of critical importance.

Review the company’s capability to identify and manage new risk types [in conjunction with the audit committee].

Before a decision to proceed is taken by the board, advise the board on proposed strategic transactions including acquisitions or disposals, ensuring that a due diligence appraisal of the proposition is undertaken, focusing in particular on risk aspects and implications for the risk appetite and tolerance of the company, and taking independent external advice where appropriate and available.

  • Review reports on any material breaches of risk limits and the adequacy of proposed action.
  • Keep under review the effectiveness of the company’s internal financial controls and internal controls and risk management systems and review and approve the statements to be included in the annual report concerning internal controls and risk management.
  • Provide qualitative and quantitative advice to the remuneration committee on risk weightings to be applied to performance objectives incorporated in executive remuneration.
  • Review the adequacy and security of the company’s arrangements for its employees and contractors to raise concerns
  • Review the company’s procedures for detecting fraud.
  • Review the company’s procedures for the prevention of bribery.
  • Consider and approve the remit of the risk management function and ensure it has adequate resources and appropriate access to information to enable it to perform its function effectively
17
Q

What is the Long-term Viability Statement according to provision 31? What is the Audit Committee, and what does the Code say in relation?

A

Long -term viability statement- Provision 31- reasonable expectation that the company will be able to continue in operation and meet its liabilities- taking into account principal risks.

Audit Committee- listed Companies and Financial institutions are required to have an Audit Committee, the board should consider the level of discussion and monitoring required on risk management and internal controls- in deciding whether an audit committee is appropriate.

Provision 25- audit committee should review the Company’s financial controls, internal control system and risk management systems.

Provision 24- audit committee should comprise of at least 3 ID, small 2- at least 1 with financial experience. Chair should not be a member- competencies relation to the sector.

18
Q
A

Corporate Governance (4 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions