Chapter 2 - Managing Risks Flashcards

1
Q

Role of directors in implementing strategy in a risk approach

A
  1. Responsibility for determining risk management strategy and monitoring risk and internal controls
  2. Considers:
    * Control environment = Management approach to risk, attitudes and culture, philosophy and org structure
    * Internal control procedures = Policies and procedures established to achieve specific objectives
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Role of risk committee in implementing strategy in a risk approach

A
  • Set up by the board if board does not wish to take responsibility for risk management
    1. Ensure system exists
    2. Set risk policy
    3. Assess risks
    4. Review internal audit work
    5. Review risk register
    6. Advise board
  • If there is no risk committee, audit committee may take responsibility for risk management instead
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Role of risk manager (chief risk officer) in implementing strategy in a risk approach

A
  • Supports board’s risk responsibilities and combines technical skills in managing risks with leadership and persuasive skills
    1. Leadership of enterprise risk management
    2. Establishing and promoting enterprise risk management
    3. Developing common risk management policies
    4. Establishing a common risk language
    5. Dealing with insurance companies
    6. Implementing risk indicators
    7. Allocation of resources based on risk
    8. Reporting to the CEO/board/risk committee as appropriate
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

UK corporate governance code compromises:

A
  1. Description of work of audit committee
  2. Explanation of boards responsibilities
  3. Confirmation that board has assessed comp’s emerging and principal risks, description of these risks and how they were identified and managed
  4. How board reviewed effectiveness of risk management and internal control systems
  5. Assessment of comp’s going concern status and whether material uncertainties exist
  6. Explanation of comp’s prospects
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Sarbanes-Oxley Act requires comp’s to:

A
  • Report on entity’s internal controls, assessment of their effectiveness
  • Need to be independently verified
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Limitations on risk disclosures:

A
  1. Board may be less wiling to disclose info due to commercial confidentiality
  2. Directors may also fear that disclosures about certain risks will be misinterpreted
  3. Directors may be motivated to include matters included in reports of competitors or those identified as best practice to demonstrate how they are managing the risks
  4. Risks may also materialise or change over the year – have control systems been developed to meet changes
  5. Reputation risks – disclosures may focus on threats to reputation that may have large impact on business (particularly product safety)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is risk appetite?

A
  • Org’s willingness to accept risk in pursuit of value

* Range org chooses to actively pursue

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is risk universe?

A

All possible performance outcomes that org will experience from its current strategy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is risk tolerance?

A
  • Range of tolerable risks within extremes of risk universe

* Measure of what org does not wish to go beyond

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is risk capacity?

A

Collection of tangible and intangible assets at an org’s disposal that allows it to take risks and absorb losses

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Attitudes toward risk:

A
  1. Risk aversion:
    * Focuses on risk level
    * Org’s are willing to tolerate risk up to a point provided they receive acceptable return or risk is two-way or symmetrical (both positive and negative outcomes)
  2. Risk seeking:
    * Focuses on return level
    * Activity should be undertaken if it results in higher returns
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

How can we identifying conditions that leads to risk?

A
  1. Physical inspection
  2. Enquiries (e.g. about extent of product quality controls)
  3. Monitoring changes in legislation/ regulation
  4. Checking a copy of every letter + memo issued for early indication of major changes and new projects
  5. Brainstorming with representatives of different departments
  6. Checklists ensuring risk areas are not missed
  7. Benchmarking internally and externally
  8. Human reliability analysis
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

TARA Model:

A

Low frequency, High severity = Transfer
Low frequency, Low severity = Accept
High frequency, Low severity = Control/ reduce
High frequency, High severity = Avoid/ abandon

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Risk Transfer:

A
  • Insure risk or implement contingency plans.
  • Risks can be transferred to internal departments, suppliers, customers or insurers
  • Reduction of severity of risk will minimise insurance premiums

Risk sharing = partly held by org, partly transferred to someone else (insurance policy)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Risk avoidance:

A
  • Take immediate action
  • Change major suppliers
  • Abandon activities
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Risk reduction:

A
  • Take some action
  • Risks cannot be avoided altogether, simply reduced to acceptable level
  • Enhanced control systems to detect problems
  • Contingency plans to reduce impact
  • Risk mitigation through risk diversification + hedging
17
Q

Other risk reduction strategies:

A
  1. Contingency planning:
    * Information = gathered in advance
    * Responsibilities = what is to be done and by whom
    * Practice = simulations as realistic as possible and taken seriously by all involved and results should be monitored
  2. Loss control:
    * Physical devices = sprinklers, fire extinguishers
    * Psychological factors = awareness + commitment
  3. Procedural approach:
    * Rules + regulations = statute & corporate governance guidance
    * Codes = professional + ethical codes
    * Detailed authorisation or operating procedures
  4. Risk pooling + diversification
    * Use portfolio theory to reduce overall risk levels
    * Geographical diversification across countries at different stages in trade cycle
    * Diversifying product base at different stages of product life cycle
    * Expand portfolio of business activities by taking over businesses operating at other stages of supply chain
18
Q

COSO Enterprise Risk Management Framework

A
  • COSO believes that it is important to consider risk as part of strategy setting
  1. Governance & culture
  2. Strategy & objective setting
  3. Performance
  4. Review & revision
  5. Info, communication and reporting
19
Q

What is the aim of ISO 31000 Risk Management?

A
  • Aims to create and protect value
20
Q

ISO 31000 - Risk Management Policies:

A

Design: (PACED)
* Proportionate to the level of risk faced
* Aligned with all other activities
* Comprehensive
* Embedded within the org
* Dynamic and responsive to emerging trends
Operation:
* Limitations in available info actively considered
* Influence of human and cultural factors
* Continual improvement through learning and experience

21
Q

ISO 31000 - Risk Management Framework:

A
  • Guidance on how to implement the principles
  • Guidance on allocating roles, responsibilities and resources
  • Guidance on establishing the org’s commitment to risk management
  • The framework requires = design, implementation, evaluation and improvement
22
Q

ISO 31000 - Risk Management Process:

A
  • Process may have to be repeated to achieve org’s objectives as some risks may not stay managed
  • Start of process = orgs scope, context and criteria for factors such as culture, attitudes, skills and objectives
  • Process continues by assessing risks (identification, analysis + evaluation)
  • Concludes with risk treatment
  • Process supporting activities = communication and consultation, monitoring + review, recording and reporting
23
Q

Three lines of defence:

A
  1. First line of defence:
    * Management controls
    * Internal control measures
  2. Second line of defence:
    * Financial control, Security, Risk management
    * Quality, Inspection, Compliance
  • The first and second line of defence is under the control + direction of senior management
  1. Third line of defence:
    * Internal audit
    * The third line of defence is outside scope of management – reports primarily to the board
24
Q

What is the risk register and what is its function?

A
  1. Lists + prioritises the main risks, a monetary value should be allocated to each risk and interdependencies with other risks noted
  2. Also details who is responsible for dealing with risks and the actions taken
  3. Risk register is used for risk reporting and in allocating responsibility for managing, monitoring and reporting
  4. Reports should show risk levels before controls are implemented and residual risk after controls are taken into account
  5. Need to include comparisons of actual risks against predicted risks and feedback on action taken
25
Q

Internal risk reporting:

A
  • Covers all stages of the risk management system
  • Needs to be carried out on a systematic, regular basis
  • Reporting of high impact likelihood risks may occur daily
  • Needs to ensure that significant changes in risk profile is notified quickly to snr management
  • Reporting system should indicate significant changes in business environment
26
Q

Evaluating dilemmas in a question:

A
  1. Identify key facts
  2. Identify relevant ethical issues and fundamental principles
  3. Consider alternatives and their consequences
  4. Make a recommendation
  5. Justify recommendation
  • Public interest = collective well-being of the community an accountant serves
  • Social (people) and environmental (planet) issues are affected by risk management
  • Whistleblowing = raising concerns over alleged bribery and corruption within an org
  • Need to consider all stakeholders in any dilemma faced