Chapter 7 Flashcards
Provide a one-sentence explanation for each of the following:
* risk identification
* risk assessment
* risk monitoring
* risk control.
- Risk identification: activities associated with identifying the actual risks to which an organisation is exposed.
- Risk assessment: activities concerned with assessing and prioritising an organisation’s exposure to identified risks,
in terms of probability and impact. - Risk monitoring: activities used to monitor and report on potential changes in risk exposure or the effectiveness of
risk controls and risk-management activities in general. - Risk control: application of tools and techniques to manipulate specific risk exposures, in terms of probability and or
impact.
7.3: Explain the purpose of drafting an ERM policy
An ERM policy is needed to ensure that risks are managed in a consistent manner across an organisation and that risk
exposures are kept within the organisation’s exposure to risk. An ERM policy will also be needed to make clear roles and
responsibilities for risk management, at an organisation-wide and a local business-unit or subsidiary level.
7.4: Compare the role of the company secretary or governance professional with the internal audit function in relation to risk management
The role of the internal audit function in relation to risk management is clear – to provide assurance on the
effectiveness of the design and implementation of an organisation’s risk-management process and associated policies,
procedures and activities.
The role of the company secretary or governance professional may vary. In some organisations the company secretary or governance professional will have direct responsibility for risk management. In others they will play more of a supporting role.
Where company secretaries have direct responsibility for risk management, they will be involved in the oversight of
risk-management activities across the organisation. In contrast, internal audit has an assurance role.
Where the company secretary or governance professional is not directly responsible for risk management, their role
will move closer to that of audit. However, the company secretary or governance professional will be focused on the role of the board in relation to risk management and ensuring that the board fulfils its risk-management responsibilities. This might include conducting board effectiveness reviews, reviews of board member skills and experience in terms of
risk management, and advising the board on its risk-management responsibilities
7.5: Contrast the role of the risk function and the finance function in relation to risk management.
The role of the risk function is to oversee, co-ordinate and facilitate risk-management activity across an organisation. In fulfilling its role, the risk function will help to write risk-management policies and procedures, produce risk reports and provide training and advice to other organisational functions.
The role of the finance function in relation to risk management is to ensure that it manages the risks associated with its activities in a manner that is consistent with an organisation’s risk-management policy and procedures. It must
also ensure that these risks are managed within the organisation’s risk appetite. In addition, the finance function will normally provide a range of financial information to the risk function to support risk monitoring and reporting
