Enterprise Risk Management Frameworks

Question 1

COSO issued the Enterprise Risk Management Framework to do what?

Answer 1

To assist organizations in developing a comprehensive response to risk management

Question 2

What is “Risk” according to COSO?

Answer 2

The possibility that events will occur and affect the achievement of strategy and business objectives

Question 3

The underlying premise of ERM is:

Answer 3

Entities face risk in the pursuit of value for their stakeholders

Question 4

To develop value, management decisions must be made regarding the (4 things):

Answer 4

creation, preservation, erosion, and realization (of value)

Question 5

Value is created when:

Answer 5

Benefits exceed the cost of resources used (people, financial capital, technology, etc)

Question 6

Value preservation is:

Answer 6

When ongoing operations efficiently and effectively sustain created benefits

Question 7

Value erosion is:

Answer 7

When a faulty strategy and ineffective or inefficient operations cause value to decline

Question 8

Value realization is:

Answer 8

When benefits created by the organization are received by stakeholders in either monetary or non monetary forms (customer satisfaction, brand usage, leadership in industry, etc.)

Question 9

What is a Mission?

Answer 9

The core purpose of the entity. “Why” the company exists.

Question 10

What is a Vision?

Answer 10

The aspirations of a company. “What” the company hopes to achieve.

Question 11

What is the Core Values?

Answer 11

An organizations beliefs. “How” the company will achieve its vision.

Question 12

COSO’s definition of ERM is: (CCPIS)

Answer 12

The culture, capabilities, and practices integrated with strategy-setting and performance, that organizations rely on to manage risk in creating, preserving, and realizing value.

Question 13

What is a Risk Appetite?

Answer 13

A companies willingness to assume risk. It is expressed first in the mission and vision of the company. It varies between products, business lines, or over time and managing risks must be flexible.

Question 14

What are the five components of ERM?

GOPRO

Answer 14

1. Governance and Culture
2. Strategy and Objective-Setting
3. Performance
4. Review and Revision
5. Information, communication, and reporting (Ongoing)

Question 15

Governance and Culture is made up of what principles?

DOVES

Answer 15

Defines desired culture
Exercise board oversight
Demonstrates commitment to core values
Attracts, develops, and retains capable individuals (employees)
Establishes operating structure

Question 16

Strategy and Objective-Setting includes what principles?

SOAR

Answer 16

Evaluates alternative strategies
Formulates business objectives
Analyzes business context
Defines risk appetite

Question 17

Performance includes what principles?

VAPIR

Answer 17

Develops portfolio view
Assesses severity of risk
Prioritizes risk
Identifies risk (events)
Implements risk response

Question 18

Review and Revision includes what principles?

SIR

Answer 18

Assesses she substantial change
Pursues improvement in ERM
Reviews risk and performance

Question 19

Information, Communication, and Reporting (Ongoing) includes what principles?
(TIP)

Answer 19

Leverages information and technology
Communicates risk information
Reports on risk, culture, and performance

Question 20

Risk responses can be classified as: Accept, Avoid, Pursue, Reduce, and Share. Which is used when?

Answer 20

If high frequency and high severity: Avoid
If high frequency and low severity: Reduce
If low frequency and high severity: Share
If low frequency and low severity: Accept