Enterprise Risk Management Frameworks_M2

Question 1

Which risk are part of managements risk assessment according to ERM?

3 bullets

Answer 1

• Inherent risk is the risk to an entity in the absence of any direct or focused actions by management to alter its severity.
• Actual residual risk is the risk that remains after management has taken actions to reduce risk.
• Target residual risk is the amount of risk an entity prefers to assume in pursuing its goals and objectives
  OTHER RISK NOT CONSIDERED IN THE ASSESSMENT.
• Unknown risk random other risk not considered in the framework.
• Event risk is the risk that something unexpected occurs, which can cause losses for stakeholders.
• Economic risk is the risk that the present value of an organizationʹs cash flows will be negatively impacted by changes in the exchange rate.
• Risk inventory is all risk that could impact an entity.
• Risk profile is the composite view of the risk assumed at a particular level of the entity or aspect of the business that positions management to consider the types, severity, and interdependencies of risk and how they may affect performance relative to the strategy and business objectives.
• Risk capacity is the maximum amount of risk that an entity is able to absorb in the pursuit of strategy and business objectives.

Question 2

What are the risk responses?

Answer 2

• Accept no action taken to change the severity of the risk. Acceptable when risk is within the risk appetite
• Avoid action is taken to remove the risk maybe leave a line of businesses etc. Typical when managment cannot find a solution to mitigate the risk.
• Reduce action is taken to reduce the severitry of the risk. Management takes action to reduce the risk inline with target risk or risk appetite
• Pursue action is taken to pursue increased risk to achieve desired performance.
• Share action is taken to reduce the severity of the risk by outsourcing and insurance

Question 3

What are some examples of risk responses?

ARTS Phnemonic

Answer 3

Risk Acceptance

Risk Reduction

• Diversifying product offerings
• Reallocating capital among operating units
• Rebalancing the asset portfolio to reduce exposure to certain types of losses

Risk Transfer

Risk Sharing

• A syndication agreement in this context relates to an agreement by underwriters to sell a specific amount of stock securities to the marketplace by a period of time. Any securities that remain unsold
  represent a loss for the syndicate underwriter. This represents risk sharing because the issuing entity itself is sharing the risk of unsold securities with the underwriters in the agreement.
• Insurance

Question 4

When would be the best time to identify these risk?

Answer 4

Events/Risk can only be identified after the organizational objectives are identified. Events will either favorably or unfavorably impact the achievement of objectives. Risks (negative events) are only identifiable within the context of the objectives that they might impede.

Question 5

What are the 20 objectives to the 5 components of ERM?

Answer 5

Governance and Culture

• defines Desired culture. (risk tolerance or adverse)
• exercises board Oversight.
• demonstrates commitment to core Values.
• attracts, develops, and retains (Employees).
• establishes operating Structure.

Strategy and Objective-Setting

• evaluates alternative Strategy.
• formulates business Objectives.
• Analyzes business context.
• Risk appetite.

Performance

• developes portforlio View.
• Risk Assessment/evaluation.
• Prioritizes risk.
• risk/(event)Identification.
• risk Responses.

Review and Revision

• assess Substantial change.
• pursue continuous Improvement of ERM
• Reviews risk and performance.

Information, Communication, and Reporting (Ongoing)

• leverage information and Technology
• communication risk Information
• reports on risk culture and Performance

Question 6

What are some examples of ERM component principles?

Answer 6

Governance and Culture

• A commitment to core values comes from the top of the organization and serves as the foundation for how an organization will manage risk in the pursuit of its mission, its vision, and its strategic and business objectives.

Strategy and Objective-setting Component of ERM

• formulating business objectives: involves aligning business objectives to the overall strategy of the organization. Assessing performance relative to meeting objectives involves the establishment of a tolerance level, or acceptable variance in performance. The lower limit of 3 percent unfavorable material usage variance represents the entityʹs tolerance in regard to this objective.

Performance Component of ERM

• Identifying risk: involves looking at new and already established risks to understand the impact they may have on achieving strategic and business objectives.
• Assess the severity of the risk (rank the risk): likelyhood of risk x severity of loss amount for each risk than rank the loss from most to least.
  ex. Item 1: Cash register embezzlement: 8.3% × $20,235 = $1,679.51
  Item 2: Vendor kickbacks (collusion): 13.60% × $169,477 = $23,048.87
  Item 3: Server outage: 7.5% × $522,531 = $39,189.83
  Item 4: Financial statement earning restatement: 1.1% × $2,937,632 = $32,313.95
  The highest risk priority is Item 3, followed by Item 4, Item 2, and Item 1.
• Net Benefit Calculation:
  potential dollar-loss impact of $7 million has been
  discovered. The risk of loss to the identified threat is currently 10 percent . The following four proposed controls are under consideration to mitigate the risk of loss:
  Control Name Risk of Loss Implementation Cost
  W 8% $100,000
  X 6% 250,000
  Y 4% 350,000
  Z 2% 500,000
  Formula
  Control W: $7 million × (10% − 8%) = $140,000 benefit
  $140,000 benefit − $100,000 cost = $40,000 net benefit
• Control X: $7 million × (10% − 6%) = $280,000 benefit
  $280,000 benefit − $250,000 cost = $30,000 net benefit
• Control Y: $7 million × (10% − 4%) = $420,000 benefit
  $420,000 benefit − $350,000 cost = $70,000 net benefit
• Control Z: $7 million × (10% − 2%) = $560,000 benefit
  $560,000 benefit − $500,000 cost = $60,000 net benefit
  Of the options provided, Control Y provides the highest net benefit at $70,000.

Review and Revision

• Assessing substantial change is needed to understand what impact changes may have on strategic and business objectives.

Question 7

What are the factors used to determine if information is effective?

FACT

Answer 7

• Providing information in a timely manner is crucial to making information effective.
• Information must be relevant to the individual(s) receiving it.
• Information should be readily accessible in order to be effective

Question 8

What is the meaning of a organizations mission, vision, and culture

Answer 8

• The mission and vision of an organization most closely correlate with an entity’s strategy. An organization’s mission represents the purpose of an entity, and its vision represents the organization’s aspirations and what it hopes to achieve over time.
• Culture is most closely correlated with core values. It is the collective thinking of the people of the organization.

Question 9

What are core values of an organization?

Answer 9

• Core values most closely correlate with an organization’s culture.
• Core values represent an organization’s beliefs and ideals about what is good or bad, acceptable, and shape the development of an entity’s culture.

Question 10

What are the different types of value?

Answer 10

• Value is realized when benefits created by the organization are received by stakeholders in either monetary or nonmonetary form.
• Value is eroded when faulty strategy and inefficient
  and/or ineffective operations cause value to decline.
• Value is created when benefits of value exceed the cost of resources used.
• Value is preserved when ongoing operations
  efficiently and effectively sustain created benefits

Question 11

What is variance analysis used for?

Answer 11

• To compare budgeted numbers to actual numbers; in particular, for financial measures.
• Comparing actual operating results to preestablished standards.
• To compare actual performances year over year.

Question 12

What is Organization Sustainability?

Answer 12

The ability of an entity to withstand the impact of large-scale events.

Question 13

How to calculate the risks?

Answer 13

• Residual Risks: The risk that remains after mgmt intervenes
• Inherent Risks: is the risk to an entity in the absence of any actions management might take to alter either the risk’s likelihood or impact.