DOMAIN I: Organizational Governance Related to Risk Management Flashcards
Define Risk?
The possibility of an event occurring that will impact objectives.
Define Risk Severity?
The product of likelihood and impact.
Are all risks damaging?
No - negative impacts are known as “risks” or “downsides” and positive impacts are known as “opportunities”.
Risk management should be aligned with what?
Strategic priorities of an organization
What is 1st step in risk management process?
Must consider how well those processes support organizational aims.
The 4 main processes of risk management are what?
- Analysis
- Risk Response
- Monitoring
- Reporting
- Describe Risk Analysis
all current and emergent risks must be identified and assessed for relevance to the organization - this leads to the determination of key risks that need management’s urgent attention.
- Describe Risk Response
There are many ways to respond to risks, depending o risk appetite, available resources, and perceived priorities.
- Describe Monitoring Risk
Potential for change requires routine monitoring over
- System of internal controls (control objectives) remain relevant
- Changes to internal or external environment that may alter the risk profile
- Adjustments to strategy of organization, causing objectives and risks to change.
- Describe Report on Risk
Management and the board (directly or via audit committee or other body such as risk committee) require updates and assurance on risk profile of organization and its state of preparedness with respect to internal controls.
What are the Risk Management Processes described in COSO?
- Aligning risk appetite and strategy
- Enhancing risk response decisions
- Reducing operational surprises and losses
- Identifying and managing multiple and cross-enterprise risks
- Seizing opportunities
- Improving deployment of capital
Define Enterprise Risk Management (ERM) by COSO?
Process, effected by an entity’s board of directors, management, and other personnel, across enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.
Define Risk Management Framework?
The sum total of all elements of risk management.
What does a Risk Management Framework help determine?
- Risk Appetite
- Responses to particular risks
- Overall risk culture of organization, enabling it to be progressively more risk mature
The effectiveness of risk management framework and processes is often reflected in terms of an organizations what?
Overall risk maturity
Risk management objectives should be closely aligned with what?
Organizational objectives
ERM is interrelated with corporate governance by providing information to the board of directors on what?
Most significant risks and how they are being managed.
Because risks and opportunities may arise in all areas of activity, risk management should be what?
Enterprise-wide
Benefit of risk management?
It increases the probability of success and reduces both the probability of failure and the level of uncertainty associated with achieving the objectives of the organization.
Risk Management calls for what?
A coordinated and consistent set of processes to ensure that its contribution is maximized.
(ISO 31000) A systematic, timely, and structured approach to risk management contributes to what?
Efficiency and to consistent, comparable and reliable results.
If there is no reason to accept a risk or to incur the costs associated with controls, the risk should be what?
Minimized or removed.
Requirements for effective risk management
- Risk management exists to serve the organization, not vice versa.
- It needs to be enterprise wide.
- It requires a coordinated and consistent framework.
- It is not designed to be a brake on ambition.
- It needs to be cyclical and iterative.
Define risk culture of organization
Overall attitude and approach to dealing with risks either more or less mature or risk adverse.
