Chapter 2 - Risk Management Flashcards
Risk management can be seen as the dual combination of…
Conformance - controlling threats
Performance - maximising returns
Enterprise Risk Management is
A holistic and integrated approach to risk
Whole business
Everybody is responsible
Led by senior management
The Coso Cube is made up of 3 parts
Objectives
Organisation levels
Components
Coso organisation levels
Subsidiary
Business unit
Division
Entity
Coso Objectives
Strategic
Operating
Reporting
Compliance
Coso 8 components
Internal environment Objective setting Event identification Risk assessment Risk response Control activity Communication of information Monitoring
Risk and NPV
Static NPV of existing business (risk mgt protects this)
ADD
Value of future options (risk mgt maxes this)
Why is ERM good?
Better structured decision making
Focus on risks
Common language
Financial rewards
Coso Helix
Mission
Strategy development
Objective formulation
Performance
Enhanced value
Risk appetite
How much risk will we accept
Risk capacity
Ho much risk can we absorb
Risk attitude
Are we risky or safe?
Features of a risk strategy
- Statement of risk attitude
- Risk appetite defined
- Risk management objectives
- Risk culture
- Responsibilities
- Control systems
- Review criteria
Risk identification comes from
Pro-active and Reactive - swot vs complaints
Internal and external - internal audit vs audit
Value at risk
Standard deviation x Z score
Standard deviation is the amount x volatility
Value at risk over days
Square root of the number of days
Risk responses
Avoid
Transfer
Pool
Diversify
Transfer
Avoid
Reduce
Accept
Risk Reporting in Stat Accounts
Risk forecast annually
Strategy
Monitoring
Significant business change
Audit work
Risk Management Roles
Board of Directors - responsible, set risk appetite
Audit committee - review controls, audit
Risk committee - delegated responsibility
Risk mgt group - identify, report, monitor
Internal audit
