Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Chapter 1 - What is Corporate Governance > Chapter 12 - Systems of risk management and internal control > Flashcards

Chapter 12 - Systems of risk management and internal control Flashcards

1
Q

What is risk appetite and risk tolerance?

A

Risk appetite is the level of risk that an organisation is willing to take in the pursuit of its objectives.

It should be set by the board who should review its level regularly as the business environment changes.

Risk tolerance is the amount of risk that an organisation is prepared to accept in order to achieve its financial objectives.

It is expressed as a quantitative measure. For example, in banks, the value at risk (VaR) for a portfolio.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the main categories of risk?

A
  1. financial risks
  2. operational risks
  3. compliance risks
  4. strategic risks:

– people risks
– marketplace risks
– ethical risks
– reputational risks
– suppliers/outsourcers risks
– environmental risks
– political risks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

List the responses to risk.

A
  1. avoidance
  2. reduction
    3 transfer
  3. acceptance
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

You are the company secretary of a clothing retail business and as the person responsible for risk, you have been asked to complete the risk register for the following risk, which has been related high. Propose a treatment and a method of measuring the effectiveness of the treatment: theft of clothes from the store.

A
  1. Treatment – security tags on each item.
  2. Monitoring – stock auditors carrying out regular audits
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are the benefits of risk management to an organisation? For operational performance:

A

For operational performance:

  1. Increases the likelihood of achieving business objectives.
  2. Uses incidents to highlight the risk environment and helps management to enhance risk awareness and develop performance indicators or risk indicators to improve business performance and processes.
  3. Facilitates monitoring and mitigation of risk in key projects and initiatives.
  4. Provides a platform for regulatory compliance and building goodwill.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are the benefits of risk management to an organisation? For financial performance:

A

For financial performance:

  1. Protects and enhances value by prioritising and focusing attention on managing risk across and organisation.
  2. Contributes to a better credit rating, as rating agencies are increasingly focusing on the risk management of organisations.
  3. Builds investor, stakeholder and regulator confidence and shareholder value.
  4. Reduces insurance premiums through demonstrating a structured approach to risk.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are the benefits of risk management to an organisation? For decision making:

A
  1. Shares risk information across the organisation, contributing to informed decisions.
  2. Facilitates assurance and transparency of risks at board level.
  3. Enables decisions to be made in the light of the impact of risks and the organisation’s risk appetite and tolerance.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

List four common failures of boards in relation to risk management.

A
  1. Failure to take responsibility for risk at the board level.
  2. Failure to see the importance of risk to the organisation as a whole.
  3. Failure to capture the major risks of the organisation.
  4. Failure to consider the integrated nature of risk.
  5. Failure to put in place the appropriate control or other mitigants for risk.
  6. Failure to manage reputational risk.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Why is risk becoming increasingly important?

A
  • The increased speed of change within the environments which companies were operating.
  • The increased transparency occasioned by social media, the internet and the insatiable needs of 24-hour traditional media
  • The change in the type of risks from tangible measurable risks to intangible risks, such as reputational and cyber risks.
  • Risks are becoming more interconnected
  • An increasing recognition that risk management is not just a compliance discipline. It is more about building relationships between different parts of the business and developing behaviours and a culture of risk management which require a different skill set.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Q1. List three important corporate governance roles with risk ?

A

DMIC

  1. Defining the risk that the organisation is prepared to take in delivering its strategy
  2. Ensuring that risks are managed and understood by management
  3. Ensuring that robust internal controls are in place to management risks
  4. Creating a risk culture.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

UKCG Code and Risk?

A

Principle O and provisions 28 & 29 and 25

Principle O, UKCG Code:

‘The board should establish procedures to manage risk, oversee the internal control framework, and determine the nature and extent of the principal risks it is willing to take in order to achieve its long-term strategic objectives.’

Provision 28, UKCG Code

‘The Board should carry out a robust assessment of the company’s emerging and principal risks. The board should confirm in the annual report that it has completed this assessment, including a description of its principal risks, what procedures are in place to identify emerging risks, and explanation of how these are being managed or mitigated.’

Provision 29, UKCG Code

‘The board should monitor the company’s risk management and internal control systems and, at least annually, carry out a review of their effectiveness and report on that review in the annual report. The monitoring and review should cover all material controls, including financial, operational and compliance controls.’

Provision 25, UKCG code

  • Reviewing the company’s internal financial controls and internal control and risk management systems, unless expressly addressed by a separate board risk committee composed of independent non-executive directors, or by the board itself
  • Monitoring and reviewing the effectiveness of the company’s internal audit function or, where there is not one, considering annually whether there is a need for one and making a recommendation to the board
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q
  1. What is business risk?
  2. What are the 4 types of Business Risks
A

Business risk is the possibility a company will have lower than anticipated profits, broken down into the following categories:

  1. Reputational risk: the risk of loss in customer loyalty or support due to an event that has damaged the company’s reputation.
  2. Competition risk: the risk that business performance will be affected because of the actions of the company’s competitors.
  3. Business environment risks: the risk that the business environment in which the company operates will change significantly. This may be due to political factors, regulatory factors, economic factors, social and environmental factors or technological factors.
  4. Liquidity risk: the risk that the company will have insufficient cash to settle all of its liabilities on time
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is Governance Risks and what does it cover?

A

Governance risk relates to the risks associated with the following:

  1. Structure – from boards and steering groups to business models and policy frameworks.
  2. Processes – from new product processes and communication channels to operations, strategic planning and risk appetite.
  3. Information – from financial performance and audit reporting to management, risk and compliance reporting.
  4. People and culture – from leadership at the top to accountability and transparency throughout the organisation, including relationships with regulators.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is an internal control system? and how can it be managed?

A

An internal control system is made up of all of the structures, policies and procedures within an organisation related to the management of financial, operational and compliance risks.

There are three main types:

  1. Preventative controls intended to prevent an adverse risk event from occurring, e.g. fraud by employees.
  2. Detective controls for detecting risk events when they occur, so that the appropriate person is alerted, and corrective action taken.
  3. Corrective controls for dealing with risk events that have occurred and their consequences.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What does an internal control and internal control system seek to provide?

A

Internal controls and the internal control system seek to provide ‘reasonable assurance’ regarding the achievement of objectives in the following categories:

  1. Effectiveness and efficiency of operations
  2. Reliability of financial reporting
  3. Compliance with applicable laws and regulations.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

How would you Developing a Risk Management System?

A

DARM-R

  1. Definition & Identification:

Reputational, competition, business environmental and liquidity risks.

  1. Assessment
  2. Response
  3. Monitoring
  4. Reporting
17
Q

What are the methods for identifying risks?

A
  1. Mind mapping: this is the simplest method and involves thinking of all the risks to the organisation. The drawback is that it is very random and not scientific and may miss important risks.
  2. Process mapping: this method involves mapping every process within an organisation to identify interdependent, critical and vulnerable functions and activities within the organisation.
  3. Stress testing: organisations assess their ability to withstand extreme ‘shocks’ or unexpected events in the business environment within which they operate.
  4. Use of internally generated documents to see if any risks can be identified. Examples of these types of documents are:
    - Business impact studies
    - Market research reports
    - Expert reports on areas such as health and safety, development,
18
Q

Risk Assessment

A

Once a risk has been identified, it should be assessed to see if it qualifies as a principal risk of the organisation. A procedure should be established to assess:

  • the likelihood or probability of the occurrence; and
  • the potential size of the impact of the occurrence.

In establishing the criteria for risk assessment, the board, on management’s recommendation, should consider the risk appetite and tolerance of the organisation.

  1. Risk appetite is the level of risk that an organisation is willing to take in the pursuit of its objectives. It should be set by the board, who should review its level regularly as the business environment changes.
  2. Risk tolerance is the amount of risk that an organisation is prepared to accept in order to achieve its financial objectives. It is expressed as a quantitative measure; for example, in banks, the value at risk (VaR) for a portfolio.
19
Q

What are the responses to Risk?

A

ARTA

  1. Avoidance: responses which reduce the likelihood of the risk occurring. This usually means that the organisation shuts down or sells that part of the business that is causing the risk.
  2. Reduction: responses that reduce the negative impact or take advantage of opportunities for positive impact.
  3. Transfer: responses that transfer the risk somewhere else.
  4. Acceptance: responses that retain the risk because it is deemed to be not a significant threat or the organisation has no control over it.
20
Q

What are the benefits of a risk management system?

A
  1. Increases the likelihood of achieving business objectives.
  2. Facilitates monitoring and mitigation of risk in key projects and initiatives.
  3. Provides a platform for regulatory compliance
  4. Protects and enhances value by prioritising and focusing attention on managing risk across an organisation.
  5. Contributes to a better credit rating, as rating agencies are increasingly focusing on the risk management of organisations.
  6. Builds investor, stakeholder and regulator confidence.
  7. Shares risk information across the organisation, contributing to informed decisions.
21
Q

Role of the company secretary in Risk?

A

DAM-C

  1. DEVELOP
  • Develop a set of strategic objectives for the company relating to risk
  • Identify the principal risks it is willing to take to achieve its strategic objectives and those that could threaten the company’s ‘business model, future performance, solvency and liquidity’.
  • Carry out a ‘robust’ assessment of the principal risks.
  1. ADVISE

Explain how the principal risks are being managed or mitigated.

  1. MONITOR
  • Monitor the risk management and internal control systems.
  • At least annually, carry out a review of the effectiveness of the risk management and internal control systems.
  • Annually carry out an assessment of the future viability of the company for a period to be determined by the board considering the organisation’s current position and the principal risks
  1. COMMUNCATE

Report on the above in the company’s annual report and accounts.

22
Q

The UK Corporate Governance Code requires a long-term viability statement to be included in a company’s annual report. Explain how a Board should comply in practice with this requirement.

A
  • The FRC’s Guidance on Risk Management, Internal Control and Related Financial and Business Reporting (FRC Guidance), page 19, appendix B provides guidance on how companies should
    approach the long-term viability statement required by the Code.
  • Taking account of the company’s current position and principal risks, the Board should explain in the annual report how it has assessed the prospects of the company, over what period it has done so and why it considers that period to be appropriate.
  • The FRC’s Guidance on Risk Management, Internal Control and Related Financial and Business Reporting, says that the factors that the Board should take into account, when deciding on the period of assessment, include the nature of the business and its investment and planning periods.
  • The assessment period is expected to be significantly longer than 12 months.
  • The most common period chosen by listed companies is 3 years.
  • The Board should state whether it has a reasonable expectation that the company will be able to continue in operation and meet its liabilities as they fall due over the period of their
    assessment.
  • Reasonable expectation is not certainty, so the Board does not have to produce a detailed justification for its assessment. (1) But the Board needs to be reasonably satisfied that the company will be able to continue in operation and remain viable over the period of their assessment.
23
Q

Explain the responsibilities of the directors and the auditor of a company in complying with the requirement in the Companies Act 2006 that a company’s annual accounts should show a ‘true and fair’ view.

A
  • Under the Companies Act 2006 (Act), it is the responsibility of all of the directors of the company to approve the annual report and accounts and for those accounts to show a ‘true and fair’ view.
  • The requirement for the accounts to show a ‘true and fair’ view means that the directors must only approve the accounts if they are satisfied that the accounts show a true and fair view of the assets, liabilities, and financial position of the company.
  • Breach of this provision is a criminal offence by the directors.
  • audit report of the company’s auditor must state whether in the auditor’s opinion the financial statements of the company set out in the annual report give a true and fair view of the financial position of the company.
  • But it is not the auditor’s responsibility to comply with the true and fair view requirement in the Act.
  • The auditor relies on the directors of the company to comply with the requirement in the Act and will receive a letter of representation from the directors confirming that they have complied with this requirement.
  • If the auditor is unable to confirm that the financial statements show a true and fair view, then it must provide a modified audit report which states this.
24
Q

Q1. List three important corporate governance roles with risk (3 marks)

A
  1. Defining the risk that the organization is prepared to take in delivering its strategy
  2. Ensuring risks are managed are understood and managed
  3. Ensuring that robust internal controls are in place to manage risks
  4. Creating a risk culture
25
Q

List 3 benefits of a company having a risk committee (3 marks)

A
  1. Focused only on Risk
  2. Audit Committee may not have the required skills and experience
  3. The composition of the committee is not restricted by the requirements of the corporate governance code.
  4. It can give the board advice and make specific recommendations on risk appetite, the organisation’s risk tolerance and strategies to manage risk.
  5. It can provide input into strategy formulation by helping the board to understand the key risks facing the organisation and the opportunities available to the organisation by managing those risks.
26
Q

Q8. List four tasks of Internal Audit (4 marks)

A
  1. Value for Money (VFM) audits. This is an investigation into an operation or activity to establish whether it is economical, efficient and effective.
  2. Reviewing compliance by the organisation with particular laws or regulations. This is an investigation into the effectiveness of compliance controls.
  3. Risk assessment Internal auditors might be asked to investigate aspects of risk management, and in particular the adequacy of the mechanisms for identifying, assessing and controlling significant risks to the organisation, from both internal and external sources.
  4. Suitability of controls
  5. Reports To Audit Committee/Risk Committee and Board
27
Q

Q9. What are four benefits of an internal Audit function (4 marks)

A
  1. Understands the organisation, its culture, operations and risk profile and can add value to the organisation’s processes
  2. Can build networks throughout the organisation, become integrated into the company’s business and as such become the ‘eyes and ears’ of the board
  3. Provide assurance to stakeholders on the integrity of the organisation’s systems
  4. Become an essential part of the checks and balances within the organisation
  5. could be a lower-cost option, depending on the make-up of the team.
28
Q

Q10. List five areas of illicit activity is a whistleblowing policy designed to uncover? (5 marks)

A
  1. Fraud
  2. A serious violation of a law or regulation by the company or by directors, managers or employees within the company
  3. A miscarriage of justice
  4. Bribery
  5. Price-fixing
  6. Danger to public health or safety, such as dumping toxic waste in the environment or supplying food that is unfit for consumption
  7. Neglect of people in care
  8. Waste or misuse of public funds
  9. BULLYING

Chapter 1 - What is Corporate Governance (23 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions