Extra Flashcards
Risk Control - Directive control vs Preventive control vs Detective control vs Corrective control
Directive – controls to ensure a particular aim is realised
Preventive – measures to stop a risk happening or an unwanted outcome arising
Detective – after the event measures to identify when an incident has happened
Corrective – measures to limit scope for loss and reduce any undesirable outcomes that have come about once the loss or damage has materialised
What is an insurance derivative
Part of alternative risk transfer
Insurance derivatives are a development of this concept. They are a contract to pay an
agreed amount of money once a certain level of loss incident is reached. Often that level of
loss is not one just within the organisation but a level dictated by an external agency.
What is comparative information
measured or judged by estimating the similarity or dissimilarity between one thing and another; relative
The amounts and disclosures included in the financial statements in respect of one or more prior periods in accordance with the applicable financial reporting framework.
A comparative statement is a document used to compare a particular financial statement with prior period statements. Previous financials are presented alongside the latest figures in side-by-side columns, enabling investors to identify trends, track a company’s progress and compare it with industry rivals.
What is COSO
The COSO framework classifies internal control objectives into three groups: operations, information, and compliance. Operational objectives include performance measures and safeguarding the organization’s assets against fraud. They focus on the effectiveness and efficiency of business transactions.
Sarbanes-Oxley corporate governance legislation
What is COSO
The COSO framework classifies internal control objectives into three groups: operations, information, and compliance. Operational objectives include performance measures and safeguarding the organization’s assets against fraud. They focus on the effectiveness and efficiency of business transactions.
Sarbanes-Oxley corporate governance legislation
What were the provisions of the (SOX) Sarbanes-Oxley Corporate Governance Legislation
Part of Corporate Governance
The Sarbanes-Oxley Act of 2002 was passed by Congress in response to widespread corporate fraud and failures. The act implemented new rules for corporations, such as setting new auditor standards to reduce conflicts of interest and transferring responsibility for the complete and accurate handling of financial reports.
ISO 3100
ISO 31000, Risk management – Guidelines, provides principles, a framework and a process for managing risk. It can be used by any organization regardless of its size, activity or sector
Benefits - Increase stakeholder confidence in your risk management techniques. Strengthen operational controls, including mandatory and voluntary reporting. Improve your business performance, crisis management and organizational resilience.
Business Continuity Management
Business continuity may be defined as “the capability of an organization to continue the delivery of products or services at pre-defined acceptable levels following a disruptive incident”,
When did the concept of measuring risks date?
17th century; Fermat and Pascal
What is the BASEL I accord?
System to regulate banks by controlling their capital reserves
Upgrading to the BASEL II/III with introduction of more capital calculation rules and capital controls
What is the Sarbanes - oxley act 2002?
USA’ governance and financial reporting regulations imposed on all companies in NYSE
What is a dread risk?
Risks people feel like they have little control and which have dreadful consequecnes i.e. Nuclear accidents
What are the components of the Renn and Rohrmann;s structured framework
Lvl 1 - comment sense (collective reasoning strategies)
Lvl 2 - Emotional (Knowledge of risk)
Lvl 3 - Media influence (social, economic and political culture)
Lvl 4 - Cultural influences (personal identity and views)
What is a strategic risk?
Assocaiton with vision, mission and long term objectives
What is failure to abide by GDPR an example of?
Operational risk
Who does GDPR apply to?
Controller’s (how and why data is processed) and processors (process data)
What is systematic risk
(Market risk); the risk of losses in trading positions due to movements of market prices
What is a business risk
Probability of loss inherent in an organisations operations and environment
What type of information helps us to make informed decisions and avoid unnecessary risks?
Comparative informartion
When did modern risk management ideas originate?
Middle 20th century
What is an insurance risk
Insurance risk associated with any one insurance contract is twofold; uncertainty that an insured event will occur, and uncertainty of the amount of any resulting claim.
For example, with life-related products, which are long-term contracts with individual policyholders provided by an appropriate insurer, there are inherent risks relating to mortality, morbidity or expenses variances.
ERM
The structure an organisation sets up to control risk management across the whole of its organisation is known as enterprise risk management (ERM).
Relationship between audit and risk management
According to the Institute of Internal Auditors (IIA) in its performance standards, the aim of internal audit is to evaluate and contribute to improvement of governance, risk management and control process using a systematic and disciplined approach.
Relationship between compliance and risk management
Organisations whose existence depends on compliance with appropriate laws and regulations often create a separate compliance function specifically to identify and control threats that might lead to breaches of compliance.
Risk management vs compliance vs audit
Compliance activities are a subset of both audit and risk management activities, concentrating on a limited number of specific, but important risks.
Risk aware culture
Every organisation has its own way of doing things. If you become involved with several organisations you will immediately notice differences in the way people behave, in the attitudes of management and staff and the general approach to business performance achievement. Two similar hotels, for example, can have radically different standards of guest service even though their business objectives are ostensibly the same.
Risk maturity
Generally speaking, organisations with effective risk management processes can expect less unexpected losses and better selection of future opportunities. The more risk management principles become embedded in organisation culture, the more effective are the processes, leading to greater expected gains.
5 levels
1 - initial
2 - uncoordinated
3 - intermediate
4 - coordinated
5 - strategic
What is an internal fund
In large organisations, directors may decide to establish a designated fund from which subsidiaries and other units can claim to recover unexpected losses. This is known as an internal fund.
Self insure programs
Internal fund
Captive insurer
Reinsurance
Alternative risk transfer
The terms ‘Alternative Risk Transfer (ART)’ and ‘non-traditional risk transfer’ are used
loosely to embrace a range of instruments that enable an organisation to transfer financial risk to a professional risk carrier, other than by way of an insurance contract
Insurance derivates - They are a contract to pay an agreed amount of money once a certain level of loss incident is reached. Often that level of loss is not one just within the organisation but a level dictated by an external agency.
Catastrophe bonds - Catastrophe (cat) bonds, in their simplest form, are investment bonds that provide a return
to investors based on insurance type events rather than financial market developments
Loans
‘Put options’ - Organisations can buy a ‘put option’ from a financial institution. The option, or a contracted
right to act, will become effective following certain specified events, such as a catastrophic
loss. The damaged organisation then could use the contracted right to sell a pre-agreed level
and type of equity to the financial organisation that provided the option.
Catastrophe bonds
Part of alternative risk transfer
Catastrophe (cat) bonds, in their simplest form, are investment bonds that provide a return
to investors based on insurance type events rather than financial market developments. One
way in which they are valuable to the larg1e investor is that they can spread the risk of their
portfolios beyond the capital markets into an additional market of insurance events, mainly
catastrophes. Periods are usually from three to five years and they make payments on the
occurrence of one event or two events ha1Ppening during that period.
‘Put options’
Part of alternative risk transfer
Organisations can buy a ‘put option’ frorn a financial institution. The option, or a contracted
right to act, will become effective followin~I certain specified events, such as a catastrophic
loss. The damaged organisation then coulld use the contracted right to sell a pre-agreed level
and type of equity to the financial organisation that provided the option.
The equity to be sold could take the form ,of non-voting preference shares and thus not affect
balance sheet values.
Risk financing plan
The way a company finances risks?
We have seen that the risk professional of a large organisation has a wide range of options
available to finance risks their organisation is facing. Making the right choice is a case of
matching precise needs with available options.
Risk financing plans will have board approval and will be constructed to:
Risk management standards body’s
ISO 31000
FERMA
AIRMIC, Alarm, IRM:2010
COSO
ISO 31000 areas
Split into 3 risk management areas
- principles
- frameworks
- process
FERMA
The Federation of European Risk Management t,ssociations (FERMA) published a
European standard in 2003 that was based on the UK standard at that time, known as
AIRMIC, Alarm, IRM: 2002. AIRMIC (Association of Insurance and Risk Managers), Alarm
(the National Forum for Risk Management in the Public Sector) and the IRM (Institute of Risk
Management) are the three main professional risk management organisations in the UK.
AIRMIC, alarm, IRM: 2010
Following the publication of ISO 31000, a new document, A Structured Approach to
Enterprise Risk Management (ERM) and the Requirements of ISO 31000, was produced to
provide a practical guide for organisations. wanting to implement comprehensive risk
management systems to the latest best practice recommendations and standards. This
guide was first published in 2010 and provides structured approach to implementing risk
management in the context of the new ISO standard.
COSO
The Committee of Sponsoring Organizations of the Treadway Commission (COSO) is a
joint initiative of five private sector audit and accounting organisations in the USA. It provides
thought leadership through the development of frameworks and guidance on ERM, internal
control and fraud deterrence.
