Enterprise Risk Management Frameworks Flashcards
The COSO ERM model has 5 components.
The 5 components are:
● Governance and culture
● strategy and Objective-setting
● Performance
● Review and revision
● Ongoing -information, communication, and reporting
Remember GOPRO
4 Principles associated with Risk Assessment according to COSO are:
- Specify objectives
- Identify and Analyze risks
- Consider potential for fraud
- Identify and assess changes
The ERM model is geared to achieving 4 main categories of objectives, which are:
● Strategic: high-level goals that align with and support the mission of the entity
● Operations: effective and efficient use of the entity’s resources
● Reporting: reliable reporting
● Compliance: compliance with applicable laws and regulations
5 limitations of COSO ERM model are:
● Human judgment and human error
● Cost vs benefits limitations
● Simple errors can lead to big mistakes
● Circumvention of controls or processes due to collusion
● Management override
What is the composite view of the risk assumed at a particular level of the entity or aspect of the business that positions mgmt to consider the types, severity an interdependencies of risks and how they affect performance relative to strategy and business objectives.
RISK PROFILE
The max amount if risk that an entity is able to absorb in the pursuit of strategy and business objectives is:
Risk capacity
The ability of an entity to withstand the impact of large-scale events is:
Organizational Sustainability
True or False. Decreasing risk appetite is a component of ERM.
FALSE
True or False
Enhancing risk response decisions is a component of ERM.
TRUE. This is a critical component of the ERM framework.
What are the 5 principles of Governance:
DESIRED culture
excercizes board OVERSIGHT
demonstrates commitment to core VALUES
attracts capable EMPLOYEES
establishes operating STRUCTURE
HINT: remember DOVES
_______________ is responsible for developing and implementing the ERM framework and process.
Management
What are the 4 principles of Strategy and objective setting
STRATEGIES
formulated business OBJECTIVES
ANALYZES business context
defines RISK appetite
hint: remember SOAR
5 Principles for the performance component of COSO ERM are:
VIEW
ASSESSES severity of risk
PRIORITIZES risk
IDENTIFIES risks
implements risk RESPONSES
hint: remember VAPIR
3 Principles of the review and revision component of COSO ERM:
SUBSTANTIAL change
pursues IMPROVEMENT in enterprise risk mgmt
REVIEWS risk and performance
HINT: SIR mnemonic
Define “Residual Risk”
The risk that remains after management has taken actions to mitigate negative events.
