Enterprise Risk Management

Question 1

what is an enterprise risk?

Answer 1

is the risk of an event occurring that may reduce the likelihood that the organization will achieve its objective.

Question 2

ERM Chart

Answer 2

Identification&raquo_space; Assessment&raquo_space; Risk Response&raquo_space; Internal control activities&raquo_space; information and communication&raquo_space; Monitoring

Question 3

How to write a ERM memo?

Answer 3

1. identify the risks
2. Prioritize them
3. develop a plan including risk response and internal control activities

Question 4

what are the main examples of risks that an enterprise may face?

Answer 4

• Strategic Risk: the risk associated with ineffective strategic decisions, improper application of decisions made by management, or lack of responsiveness by management
• operational risk - resulting from ineffective operations, failed practices, large swings in the rate of returns, and inadequate allocation of resources
• Reporting risk - associated with misleading or inaccurate information being reported
• compliance risk - resulting from the failure to comply with current or changing laws and regulations

Question 5

what are the main methods of assessment of risks and prioritize?

Answer 5

• benchmarking: external comparison to industry peers or other industries
• probabilistic models: using past data to make predictions about future performance
• sensitivity model: surveying the results of a number of variables to study the uncertainty of those inputs
• scenario analysis: it describes the estimated outcome if a certain situation were to take place (what if analysis)

Question 6

factors to prioritize risks?

Answer 6

Impact & Likelihood
1/ high-high > red zone
2/ high-low > yellow zone
3/ low-low > green zone

Question 7

what would be the form of risk response analysis?

Answer 7

cost-benefit analysis

Question 8

what are the possible responses to assessed risks?

Answer 8

• avoidance : does not take on the risk and forfeits the potential benefits
• reduction: this is done by introducing controls or processes
• transferring: accept the risk but share the risk with other including insurance, hedge transactions or outsourcing
• acceptance: no action on risks

Question 9

what is contingency planning?

Answer 9

as part of the response to risk, a formal planning process for understanding and mitigating events/risks that may have a detrimental impact on the operation of the business.

Question 10

what is the process of contingency planning?

Answer 10

identify the risk&raquo_space; prioritize the risks&raquo_space; develop a plan&raquo_space; Maintain the plan

Question 11

what is the relationship between inherent risk and residual risk?

Answer 11

inherent risk presents the total amount of risk in the absence of management actions. residual risk is the amount of risk left over after management takes actions to alter either likelihood or the impact of a risk.