ERM Framework

Question 1

Demanding higher performance usually requires accepting more

Answer 1

Risk

Question 2

ERM of a more risk aggressive entity demands

Answer 2

Greater Integration (must be able to access quickly)

Question 3

5 components of ERM

Answer 3

Governance and Culture
Strategy and objectives
Performance
Review and Revision
Information, Communication, Reporting

Question 4

Governance and Culture

Answer 4

1. Exercises Board Risk Oversight
2. Establishes Operating Structures
3. Defines Desired Culture
4. Demonstrates Commitment to Core Values
5. Attracts, Develops, and Retains Capable Individuals

Question 5

Strategy and Objective-Setting

Answer 5

6. Analyzes Business Context
7. Defines Risk Appetite
8. Evaluates Alternative Strategies
9. Formulates Business Objectives

Question 6

Performance

Answer 6

110. Identifies Risk
111. Assesses Severity of Risk
112. Prioritizes Risks
113. Implements Risk Responses
114. Develops Portfolio View

Question 7

Monitoring, Review & Revision

Answer 7

15. Assesses Substantial Charge
16. Reviews Risk and Performance
17. Pursues Improvements in Enterprise Risk Management

Question 8

Information, Communication, and Reporting:

Answer 8

18. Leverages Information Systems
19. Communicates Risk Information
20. Reports on Risk, Culture, and Performance

Question 9

dual board of directors’ structure

Answer 9

The management board oversees operations while the governing board oversees strategy.

Question 10

6 categories of external business context

Answer 10

PESTLE
Political
economic
social
technical
legal
environmental

Question 11

Tolerance

Answer 11

acceptable range of variation in performance

Question 12

Cognitive computing

Answer 12

use of AI methods of data mining and analysis to support risk identification

Question 13

heat map

Answer 13

likelihood rating Y axis

impact ratings X axis

Question 14

Hedging is what type of risk response?

Answer 14

Risk Sharing

Question 15

Risk statement should include

Answer 15

1. statement of the risk

2. impact of the risk

Question 16

Risk Owner

Answer 16

responsible for effectively managing identified risks

Question 17

3 Objectives of Internal Control (COSO Cube top)

Answer 17

1. Operations (efficient and effective use of resources)
2. Reporting (reliable info)
3. Compliance (laws)

Question 18

COSO Cube - 5 Components (front of cube)

Answer 18

1. Control Environment
2. Risk Assessment
3. Information and Communication
4. Monitoring
5. Control Activities

Question 19

Where do we have IC? (Cube side)

Answer 19

1. Entity
2. Division
3. Operating Unit
4. Function

Question 20

Control Environment

Answer 20

Management’s philosophy. Foundation of any system of internal control.

Question 21

Risk Assessment

Answer 21

Process if identifying, analyzing and managing risks associated with achieving objectives

Question 22

Information and Communication

Answer 22

enable people to identify, process and exchange info needed to manage and control operations

Question 23

Monitoring

Answer 23

must monitor and test the system and its data to ensure reliability of info

Question 24

Control Activities

Answer 24

Policies and procedures that ensure that actions are taken to address risks related to achieving objectives

Question 25

SOX requires that which part of Board is independent?

Answer 25

Audit Commitee

Question 26

SOX requires CEO and CFO to certify

Answer 26

they are responsible for establishing and maintaining internal controls

Question 27

Audit firms must audit clients’

Answer 27

Fin State and Internal Controls

Question 28

SOX requires of audit committee

Answer 28

1 financial expert