Enterprise Risk Management

Question 1

COSO Issued Enterprise Risk Management to

Answer 1

assist companies in developing a Comprehensive response to Risk Management

Question 2

Strategy of ERM

Answer 2

Balance Risk and Return

Question 3

Intent of ERM is to allow management to deal with

Answer 3

uncertainty, evaluate risk acceptance and build value (share price appreciation)

Question 4

ERM Definition

Answer 4

Identify potential events that may effect the entity and manages risk to be within it’s risk appetite to provide reasonable assurance to achieve objectives

Question 5

ERM themes

Answer 5

Align risk appetite and strategy

Enhance risk response decisions

Reduce operational surprises and losses

Identify and management multiple and cross-enterprise risks

Seize opportunities

Improve deployment of capital

Question 6

Objectives of ERM

Answer 6

Strategic -goals to achieve company’s mission

Operations

Reporting

Compliance

Question 7

Components of ERM (IS EAR AIM)

Answer 7

Internal Environment (C)
Setting Objectives (SORC)
Event Identification (R)
Assessment of Risk (R)
Risk Response (R)
Control Activities (E)
Information and Communication (i)
Monitoring (M)

Question 8

Internal Environment (EBOCA + RHR)

Answer 8

Commitment to Ethics and Integrity
Board Independence and Oversight
Organizational Structure
Commitment to Competence 
Assignment of Authority and Responsibility
Risk Management Philosophy 
Human Resource Standards
Risk Appetite

Question 9

Setting Objectives

Answer 9

Strategic -goals to achieve company’s mission

Operations

Reporting

Compliance

Question 10

Event Identification -

Answer 10

Events can be

External or Internal

Positive (Opportunities) or Negative (Risks)

Question 11

External vs Internal examples

Answer 11

External: Economic, Natural Environment, Political, Social, Technological

Internal: Infrastructure, Personnel, Process, Technology

Question 12

Assessment of Risk

Answer 12

Inherent vs Risidual
Likelihood and Impact
Assessment techniques

Question 13

Types of assessment techniques

Answer 13

Benchmark (best practices)

Probabilistic (Statistics, range, Data)

Non-probabilistic (Opinions, subjective assumptions) (ex outcome of lawsuit)

Question 14

Risk Response

Answer 14

Avoid

Reduce

Share

Accept - inherent

Question 15

Examples of sharing risk reponse

Answer 15

Insurance

Hedging

Outsourcing

Question 16

Risks should be considered entity wide using

Answer 16

the Portfolio Perspective

Question 17

Control Activities types

Answer 17

Top Level Reviews (Budget vs Actual)(Variance)

Direct Function or Activity Management (Performance Reports)

Physical Controls (Safeguarding)

Performance indicators (compare financial or operational to determine Red Flags)

Segregration of Duties - Authorizing, Record Keeping, Custodial

Question 18

Information and Communication

Answer 18

FACT for both internal and external

Fair
Accurate
Complete
Timely

Question 19

Efficient and Effective operations

Answer 19

ERM must be present and functioning

No Material weaknesses in ERM

Question 20

Measuring Effectiveness in ERM

Answer 20

Reasonable Assurance

Subject to human judgement (principles based)

Question 21

Change Management example

Answer 21

Implement new technology and hires someone to help document new policies and procedures and develop training