Chapter 9 - Risk Management And Corporate Governance Flashcards
What is the responsibility of the board of directors for risk?
The board has overall responsibility for risk management, and:
- decides risk appetite
- monitors the performance of management in managing within appetite
- monitors the risk management system for effectiveness
What is risk appetite and risk tolerance?
Appetite - the level of risk the company is willing to take in pursuing its objectives
Tolerance - amount of financial risk, expressed as a quantitative measure
What may be the consequences of failing to consider business risk strategy or establish an effective risk management system?
Companies may be hit by consequences that they did not expect, leading to negative impacts.
What is business risk?
Business risk is the combination of strategic risk and operating risk.
What is strategic risk?
Risk associated with the external business environment within which a company operates.
What is operating risk?
Risk of losses through ineffective internal controls.
What are the 5 categories of strategic risk?
1) Reputation risk
2) Competition risk
3) Business environment risks
4) Risks from eternal events
5) Liquidity risk
What is the difference between a risk committee of the board and a risk management committee?
A risk committee is a board committee responsible for high-level risk matter such as appetite. A risk management committee is an executive group of managers responsible for risk management.
What are the benefits of having a separate risk committee, rather than having the audit committee deal with risk?
- not distracted by none-risk work such as audit
- not constrained by composition rules of the UKCGC
What is the advice of the ICSA Guidance on ToR for the risk committee with regards to committee composition?
- majority NEDs
- chairman should be a NED
- CFO should be a member, or should regularly attend
- must be good communication with the audit committee
What are the responsibilities of the audit committee for business risk management?
At board level, responsibility for reviewing the effectiveness of the risk management system may be delegated to the audit committee.
What are the principles of the UK Code with regard to risk management?
- the board is responsible for determining the nature and extent of the principle risks it is willing to take.
- the board should maintain a sounds system of risk management and internal control.
What are the 8 elements of a business risk management system according to COSO?
1 Internal environment 2 Objective setting 3 Risk identification 4 Risk assessment 5 Risk response 6 Control activities 7 Information and communication 8 Monitoring
What is a risk register?
A record of risks, actions taken to investigate the risk, and measures taken to deal with it.
What is the purpose of stress testing?
Stress testing is a means of assessing a company’s ability to withstand severe shocks, allowing identification of measures to reduce risk.
