Enterprise risk management

Question 1

Describe the 10 features of ERM

Answer 1

1. Encompasses all areas of risk exposure
2. Prioritises and manages these risks as an interrelated portfolio
3. Evaluates portfolio in context of all internal & external contexts, systems, circumstances and stakeholders
4. Individual risks can create combined exposure greater than the sum of individual risks
5. Provides a structured approach to management of both quantitative and qualitative risks
6. Seeks to be embed RM as a component in all critical decisions
7. Provides means for an org to identify the risks it is willing to take to achieve objectives
8. Constructs a means of communicating risk issues to ensure there is a common understanding of what they are and their importance
9. Provides structure for provision of assurance to the board and audit committee
10. Views effective RM as a competitive advantage that facilitates achievement of objectives

Question 2

What three components must a definition of ERM include?

Answer 2

Process, outputs of the process, impact (or benefits) that arise from the outputs.

Question 3

What is the COSO definition of ERM?

Answer 3

“A process effected by and entity’s board of directors, management and other personnel applied in a strategy setting across the enterprise, designed to identify potential events that may affect the entity, manage risks to be within its appetite and to provide reasonable assurance regarding the achievement of its objectives”

Question 4

What is the IIA definition of ERM?

Answer 4

“A rigorous co-ordinated approach to assessing and responding to all risks that affect the achievement of an org’s strategic and financial objectives”

Question 5

What is the HM Treasury definition of ERM?

Answer 5

“All the processes involved in identifying, assessing and judging risks, assigning ownership, taking actions to mitigate or anticipate them, and monitoring and reviewing progress”

Question 6

Give a comprehensive definition of the PROCESS component of ERM

Answer 6

“Identification & evaluation of significant risks, assignment of ownership, implementation & monitoring of actions to manage these risks within the appetite of the org”

Question 7

Give a comprehensive definition of the OUTPUT component of ERM

Answer 7

“Provision of info to management to improve business decisions, reduce uncertainty and provide reasonable assurance regarding achievement of objectives”

Question 8

Give a comprehensive definition of the IMPACT component of ERM

Answer 8

“Improved efficiency and delivery of services, improve allocation of resources (capital) to business improvement, creation of shareholder value and enhanced risk reporting to stakeholders”

Question 9

What acronym describes the outputs of ERM?

Answer 9

MADE2 – Mandatory obligations fulfilled, Assurance obtained, Decision making enhanced, Efficient and Effective core processes

Question 10

ERM is compatible with the PACED principles of RM. What does PACED stand for?

Answer 10

Proportionate, Aligned to objectives, Comprehensive, Embedded and Dynamic

Question 11

How senior should the Risk Manager role be?

Answer 11

Should be proportionate to the level of risk. Finance and Energy companies are likely to have board level risk director (Chief Risk Officer - CRO)

Question 12

Describe the FIRM benefits of ERM.

Answer 12

F – Reduced cost of funding/capital, better control of cap-ex approvals, greater profitability, accurate financial risk reporting, improved governance

I – Efficiency and competitive advantage, reduced disruption, increased supplier and staff morale, targeted risk and cost reduction, reduced operating costs

R – Regulators satisfied, greater brand value, shareholder value, reputation and publicity

M – Commercial opportunities maximised, greater marketplace presence and customer spend/satisfaction, better ratio of business successes and fewer disasters

Question 13

Describe how business continuity management (BCM) ties into ERM

Answer 13

Business impact analysis is closely connected to risk assessment. BCM is concerned with maintaining the key dependencies that underpin core processes AFTER a risk has materialised.

Question 14

How does ERM seek to improve shareholder value in Energy and Finance sectors?

Answer 14

Objective basis for allocation of resources. Exploitation of hedges and portfolio effects

Good financial decisions, identifying areas of high adverse impact and risk-based advantage

Investor confidence through stable results, fewer disturbances and risk stewardship

Question 15

How is energy sector ERM similar to treasury risk management?

Answer 15

Employs specialist expertise of hedging against currency/barrels of oil

Question 16

What are the key drivers for RM in the finance sector?

Answer 16

The regulatory environment puts an obligation on measuring exposure to risks e.g. Basel 2 (banking) and Solvency II (European insurance)

Question 17

What is a key feature of operational risk management (ORM)?

Answer 17

Used to calculate the capital that should be held in reserve to cover the consequences of risks materialising (exposure).

Question 18

In what way did poorly applied ORM contribute to the financial crisis of 2008?

Answer 18

Poor measurement of risk vs reward (sought high rewards without balanced view of risk)

Risks not properly quantified – risk aggressive attitude so high impact risks ignored

Question 19

What is the preferred ERM framework for the Sarbanes-Oxley Act?

Answer 19

COSO ERM Cube. Subsidiaries of US orgs are increasingly adopting the act.

Question 20

What acronym is used to describe how ERM is embedded?

Answer 20

LILAC: Leadership, Involvement, Learning, Accountability, Communication

Question 21

What ISO standard points to the emergence of resilience, business continuity and crisis management?

Answer 21

ISO22300