ERM - Enterprise RISK Management

Question 1

ERM - Enterprise Risk Management FRAMEWORK

Answer 1

Balances Risk & Return

Has following THEMES:

Align Risk Appetite and Strategy
Enhance Risk Response Decisions
Reduce Operational Surprises & Losses
Identify & Manage Multiple & Cross-Enterprise Risks
Seize Opportunities
Improve Deployment of Capital

Question 2

ERM - Ent. Risk Mgmt. Objectives (4) SORC

Answer 2

S - Strategic-Hi level goals designed to achieve mission
O - Operations-Achieve objectives thru effective & efficient use of resources
R - Reporting-Reliable & Consistent reporting
C - Compliance-Ensuring compliance with laws and regulations

Question 3

COMPONENTS of ERM (Broader in Scope than just financial reporting objectives) remember “IS EAR AIM”

Answer 3

I - Internal environment (Tone at the top, C in “CRIME”
S-Setting Objectives (SORC)

E-Event ID
A-Assessment of Risk These are R in “CRIME”
R-Risk Response

A-Activities Control E in Crime (existing controls)
I-Information and Communications I in “CRIME”
M-Monitoring M in “CRIME”

Question 4

Inherent Risk

  vs.

Residual Risk

Answer 4

Inherent Risk - is the risk if you do NOTHING

Residual Risk - is the risk that exists AFTER take action

Question 5

Order of ERM

Answer 5

First Identify the Objects (SORC)

Then identify possible positive & negative events

Question 6

Residual risk is defined as

Answer 6

the risk that an organization incurs after management takes whatever actions are needed to mitigate the adverse impact of a given event

Question 7

Inherent risk is defined as

Answer 7

the risk to an organization that exists if management takes NO action.

Question 8

A situation where a company implements new technology and hires an individual to help document new policies and procedures and develop training is an example of

Answer 8

change management.

Question 9

ERM according to COSO is

Answer 9

“a process, effected by an entity’s board of directors, management, and other personnel.”

Question 10

According to COSO, the position or internal entity that is best suited, as part of the enterprise risk management process, to devise and execute risk procedures for a particular department is:

Answer 10

The manager of a given department has a greater understanding of the risks and challenges associated with that department than would any other member of executive leadership. As such, the manager should be the individual tasked with devising and executing risk procedures for that department.

Question 11

Criteria for evaluating Ent. Risk Mgmt.(ERM)

Answer 11

IS EAR AIM - The components of the enterprise risk management framework are the criteria used to evaluate its effectiveness. Each must be present & functioning.