Introduction to COSO Enterprise Risk

Question 1

What is Enterprise Risk Management (ERM)?

Answer 1

Culture, capabilities, and practices to create, preserve, and realize value

Integrated with strategy setting –> Plan

Linked to organization performance –> Outcomes

Question 2

How does COSO define RISK?

Answer 2

Uncertain event that will influence the organization in its strategic objectives

• Could be negative (accounting software fails) or positive risk (server fails because it cannot keep up with demand)

Question 3

What is managing ERM- Focus?

Answer 3

Entity culture (what people say and do)

Developing capabilities

Adapting and integrating ERM Practices

Integrating with strategy-setting and performance

Question 4

What is are some misconceptions of ERM

Answer 4

• Not a list, it is an integrated process
• Not just for a big corporations
• Not the same as internal controls
• Cannot be “add on” activity/must be integrated into and throughout entity

Question 5

Why is ERM important?

Answer 5

• Expanding opportunities
• Identify positive and reducing negative outcomes
• Reducing performance variability
• Better deploying assets (and Human Resources)

Increasing enterprise resilience (ability to survive)

Question 6

What is the Board of Directors role in ERM?

Answer 6

Work with management on:

• Proposed strategy and risk appetite
• Aligning strategy and objectives with mission and core values
• Major business decisions
• Respond to significant fluctuations
• Respond to deviations from core values
• Approving management incentives and compensation
• Managing investor and stockholder relations
• Creating and sustaining organization culture

Question 7

Define risk appetite?

Answer 7

The types and amounts of risk that an organization assumes

Question 8

Define uncertainty

Answer 8

Not knowing how or if potential events may occur

Question 9

Define severity

Answer 9

Likelihood and impact of events. May refer to time required to recover from events.

Question 10

Define organizational sustainability:

Answer 10

The ability of an entity to withstand the impact of large-scale events (survivability or grit)

Question 11

Define Performance Management?

Answer 11

The measurement of efforts to achieve or exceed the strategy and business objectives

Question 12

Define portfolio view?

Answer 12

Composite view of the entity’s risk

Question 13

Define a risk profile?

Answer 13

A composite view of the risk assumed at a level of entity (risk at HR department or manufacturing unit or Asia operations)

Question 14

Define reasonable expectation?

Answer 14

The amount of risk of achieving strategy and business objective that is appropriate for an entity, recognizing that risk cannot be predicted precisely or perfectly.

Question 15

Define mission?

Answer 15

Why the entity exists

Question 16

Define vision

Answer 16

The entity’s aspirations, what organization wants to be known for

Question 17

Define core values?

Answer 17

The entity’s beliefs about morality

Question 18

Define strategy?

Answer 18

The organizations plan to achieve the mission and vision

Question 19

What are the three risks in strategy selection?

Answer 19

1) Misalignment- Does the strategy align with our mission, vision, and core values
2) Implications - Do we understand the risk implications of our chosen strategy?
3) Risks to success- Will we achieve our business objectives?

Question 20

What are some emerging issues and opportunities in ERM?

Answer 20

• Integrating big data into ERM
• Integrating artificial intelligence (AI) into ERM
• Managing ERM costs