Enterprise Risk Management Flashcards
risk appetite
overall level of risk an entity is willing to accept in reaching its goals
risk tolerance
refers to a specific level or range of variation that is acceptable in reaching particular objectives (94-98%)
integrity of information examples
Verifying accuracy of asset valuation
Reviewing reliability of operating information
safeguarding assets examples
Verifying existence of assets
four categories of risk identified by the IMA’s Statement on Management Accounting: Enterprise Risk Management: Frameworks, Elements and Integration
Strategic objectives
financial objectives
operational objectives
and hazard objectives.
Value at risk
provides a confidence interval which provides a range of results with a percentage chance that the result will be within the range.
Risk ranking is the
process of prioritizing risk so the higher risk items can be dealt with.
Residual risk is the
risk that remains even after controls are implemented.
When the risk is high and the likelihood is high, the best course of action is
probably to avoid the risk
Detection risk
risk that material misstatements will go undetected
Event risk
possibility of a negative impact resulting from an unexpected event.
Inherent risk
natural level of risk prior to any mitigation or reduction efforts.
Internal Auditors
evaluate and report on the effectiveness of enterprise risk management.
According to COSO who is ultimately responsible for Internal controls and should assume ownership
CEO
According to COSO Managers
support the entity’s risk management philosophy
promote compliance with its risk appetite
and manage risks within their departments consistent with risk tolerances.
