Chapter 5 Flashcards
Enterprise-wide risk management (ERM) considers the global array of risks that affect an organization, which can be represented by a three-dimensional depiction of attributes. These attributes are
resources, events, and impacts
The Committee of Sponsoring Organizations of the Treadway Commission (COSO) published what is referred to as COSO II. COSO II, a risk management framework,
Focuses on threats to the organization and application of controls.
At a minimum, in the enterprise-wide risk management (ERM) process, an organization should identify ______ of its top risks for consideration of their likelihood, to target them for treatment and monitoring
5
ERM also considers the risk that the organization will outperform its strategic goals, which is referred to as
Upside Risk
Sub-frameworks exist that are not considered to be enterprise-wide risk management (ERM) frameworks, but that provide specific industries and sectors with guidance. One example is
Space Systems Risk Management
The chief risk officer helps the enterprise create a risk culture in which individual department heads and project managers are identified as
Risk Owners
A strong ERM program encourages the buy-in of an organization’s stakeholders by establishing management strategies that
protect the organization’s reputation and assets.
Enterprise-wide risk management (ERM) will generally result in
management by consensus
The first step in integrating enterprise-wide risk management (ERM) with strategic planning is to
Consider goals for ERM as part of the organization’s business model.
ISO 31000:2009 is not compulsary unless
contractually required by a client or customer
COSO II provides an effective mechanism for initiating dialogue with an organization’s board and senior executives about establishing
enterprise-wide risk management (ERM) goals as part of the strategic management process
The Federation of European Risk Management Associations (FERMA) consists of
national risk management associations, individual risk managers from Central European countries, and representatives from health organizations, educational sectors and public sectors.
An organization that has adopted an ERM approach monitors risks, threats, and opportunities that arise from a variety of sources. The two important benefits provided by this approach verses traditional risk management are
improved risk communication and enhanced decision making