ERM Components, Principles, and Terms Flashcards
COSO Risk Management Framework has 5 components, what are they?
- Governance and culture
- Strategy and Objective Setting
- Performance
- Review and Revision
- Information, Communication, and Reporting
What are the 5 principles for Governance and culture?
1) Exercise Board Risk Oversight- The board of directors provides oversight of the strategy and carries out governance responsibilities to support management in achieving strategy and business objectives
2) Establish Operating Structures- The organization establishes operating structures in the pursuit of strategy and business objectives
3) Define Desired Culture- The organization defines the desired behaviors that characterize the entity’s desire culture
4) Demonstrate Commitment to Core Values- The organization demonstrates a commitment to the entity’s core values
5) Attract, Develop, and Retain Capable Individuals- The organization is committed to building human capital in alignment with the strategy and business objectives
What are the 4 principles in strategy and objective setting?
1) Analyze Business Context- The organization considers potential effects of business context on risk profile
2) Define Risk Appetite- The organization defines risk appetite in the context of creating, preserving, and realizing value
3) Evaluate Alternative Strategies
4) Formulate business objectives
What are the 5 principles under risk and performance?
1) . Identify Risk
2) Assess Severity of Risk
3) Prioritize Risks
4) Implement Risk Responses
5) Develop Portfolio View
What are the three principles under review and revision?
1) Assess substantial change- Assesses changes that may substantially affect strategy and business objectives
2) Review Risk and Performance- The organization reviews entity performance and considers risk
3) Pursue Improvement in Enterprise Risk Management- The organization pursues improvement of enterprise risk management
What are the three principles under Information, Communicating, and Reporting?
1) Leverage Information Systems- Organization leverages the entity’s information and tech systems to support ERM
2) Communication Risk Information- The organization uses communication channels to support enterprise risk management
3) Report on Risk, Culture, and Performance- The organization reports on risk, culture, and performance at multiple levels and across the entity
Define business context:
The tends, events, and relationships and other factors that may influence, clarify, or change an entity’s current and future strategy and business objectives
Define culture:
An entity’s core values, including its attitudes, behaviors, and understanding about risk
Define governance:
The allocation of roles, authorities, and responsibilities among stakeholders, the board, and management. Some aspects of governance fall outside ERM (developing mission, core values, etc)
Define practices:
The methods and approaches delayed within an entity relating to managing risk
What is risk capacity
The maximum amount of risk that an entity can absorb in the pursuit of strategy and business objectives
What is the risk ceiling?
The maximum level of risk established by an entity
What is the risk floor?
The minus level of risk established by an entity
What is the target risk?
Desired level of risk
What is risk range?
Acceptable level of risk established by the organization
