DOMAIN I: Organizational Governance Related to Risk Management

Question 1

Define Risk?

Answer 1

The possibility of an event occurring that will impact objectives.

Question 2

Define Risk Severity?

Answer 2

The product of likelihood and impact.

Question 3

Are all risks damaging?

Answer 3

No - negative impacts are known as “risks” or “downsides” and positive impacts are known as “opportunities”.

Question 4

Risk management should be aligned with what?

Answer 4

Strategic priorities of an organization

Question 5

What is 1st step in risk management process?

Answer 5

Must consider how well those processes support organizational aims.

Question 6

The 4 main processes of risk management are what?

Answer 6

1. Analysis
2. Risk Response
3. Monitoring
4. Reporting

Question 7

1. Describe Risk Analysis

Answer 7

all current and emergent risks must be identified and assessed for relevance to the organization - this leads to the determination of key risks that need management’s urgent attention.

Question 8

2. Describe Risk Response

Answer 8

There are many ways to respond to risks, depending o risk appetite, available resources, and perceived priorities.

Question 9

3. Describe Monitoring Risk

Answer 9

Potential for change requires routine monitoring over

1. System of internal controls (control objectives) remain relevant
2. Changes to internal or external environment that may alter the risk profile
3. Adjustments to strategy of organization, causing objectives and risks to change.

Question 10

4. Describe Report on Risk

Answer 10

Management and the board (directly or via audit committee or other body such as risk committee) require updates and assurance on risk profile of organization and its state of preparedness with respect to internal controls.

Question 11

What are the Risk Management Processes described in COSO?

Answer 11

1. Aligning risk appetite and strategy
2. Enhancing risk response decisions
3. Reducing operational surprises and losses
4. Identifying and managing multiple and cross-enterprise risks
5. Seizing opportunities
6. Improving deployment of capital

Question 12

Define Enterprise Risk Management (ERM) by COSO?

Answer 12

Process, effected by an entity’s board of directors, management, and other personnel, across enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.

Question 13

Define Risk Management Framework?

Answer 13

The sum total of all elements of risk management.

Question 14

What does a Risk Management Framework help determine?

Answer 14

• Risk Appetite
• Responses to particular risks
• Overall risk culture of organization, enabling it to be progressively more risk mature

Question 15

The effectiveness of risk management framework and processes is often reflected in terms of an organizations what?

Answer 15

Overall risk maturity

Question 16

Risk management objectives should be closely aligned with what?

Answer 16

Organizational objectives

Question 17

ERM is interrelated with corporate governance by providing information to the board of directors on what?

Answer 17

Most significant risks and how they are being managed.

Question 18

Because risks and opportunities may arise in all areas of activity, risk management should be what?

Answer 18

Enterprise-wide

Question 19

Benefit of risk management?

Answer 19

It increases the probability of success and reduces both the probability of failure and the level of uncertainty associated with achieving the objectives of the organization.

Question 20

Risk Management calls for what?

Answer 20

A coordinated and consistent set of processes to ensure that its contribution is maximized.

Question 21

(ISO 31000) A systematic, timely, and structured approach to risk management contributes to what?

Answer 21

Efficiency and to consistent, comparable and reliable results.

Question 22

If there is no reason to accept a risk or to incur the costs associated with controls, the risk should be what?

Answer 22

Minimized or removed.

Question 23

Requirements for effective risk management

Answer 23

• Risk management exists to serve the organization, not vice versa.
• It needs to be enterprise wide.
• It requires a coordinated and consistent framework.
• It is not designed to be a brake on ambition.
• It needs to be cyclical and iterative.

Question 24

Define risk culture of organization

Answer 24

Overall attitude and approach to dealing with risks either more or less mature or risk adverse.

Question 25

Define risk maturity

Answer 25

A measure of the level of risk culture

Question 26

Define risk appetite

Answer 26

An expression of how much risk the organization is prepared to accept or tolerate. BROAD

Question 27

Define risk capacity

Answer 27

Ability to accept risk as a consequence of skills and resources at the orgs disposal.

Question 28

Levels of risk maturity from least to most

Answer 28

• Risk naive
• Risk aware
• Risk defined
• Risk managed
• Risk enabled

Question 29

Who is responsible for setting the risk appetite?

Answer 29

Board of Directors or equivalent body

Question 30

Define risk tolerance

Answer 30

Relates to risk appetite - represents the application of risk appetite to specific objectives. TACTICAL and PRACTICAL

Question 31

Risk tolerance guide operating units as they implement risk appetite within their operation.

Answer 31

Risk tolerance guide operating units as they implement risk appetite within their operation.

Question 32

A complete risk management framework should do what?

Answer 32

Assess a risk as both inherent and residual.

Question 33

Define inherent risk

Answer 33

Represents impact and likelihood of a risk event if no responses have been applied to manage the risk.

Question 34

Define residual risk

Answer 34

Impact and likelihood of a risk event after responses have been applied