Lesson 10 Flashcards
1.1 Explain why culture is an integral component of the enterprise risk management framework
Culture reflects an entity’s ethics, values, belief, attitudes, desired behaviours and understanding of risk.
ERM helps people understand risk and a risk aware culture stresses the importance of managing risk and encourages transparent and timely flow of risk information
1.2 Explain the significance of the board’s role in ERM
The board has the responsibility for risk oversight and in many countries has a fiduciary responsibility to its stakeholders including conducting reviews of the ERM practices
1.2 Explain the significance of board member independence in ERM
Independence allows directors to be objective and evaluate the performance and well being of the entity without any conflict of interest or undue influence of interested parties.
The board should serve as a check and balance
1.3 Provide 7 examples of things that may impede a board member’s independence
Independence may be impeded if a board member:
1) Holds a substantial financial interest in the entity
2) Is currently or has recently ben employed in an executive role by the entity
3) Has recently advised the board of directors of the entity in a material way
4) Has a material business relationship with the entity (supplier/customer)
5) Has donated a significant financial amount to the entity
6) Has business or personal relationships with key stakeholders within the entity
7) Sits as a board member of other entities that represent potential conflicts of interest
1.4 Explain how the concept of suitability of enterprise risk management influences an entity’s decision about its risk management approach
Suitability of ERM refers to an entity’s ability to manage risk to an acceptable amount.
The ERM capability needed for a given entity is influenced by the complexity of the entity which in turn influences its needs and the benefits it wants or expects from ERM
2.1 Explain how an entity’s choice of governance and operating model influences its risk management practies
Risk governance sets the tone, reinforcing ERM and establishing oversight responsibilities.
Different operating models may result in different perspectives of a risk profile.
For example assessing risk within a decentralized model may indicate few risks whereas a centralized model may indicate a concentration of risk - perhaps relating to a certain customer type, foreign exchange or tax exposure
2.2 Outline factors that influence an entity’s choice of operating model (6)
1) The entity’s strategy and business objectives
2) Nature, size and geographic distribution of the entity’s business
3) Risks related to the entity’s strategy and business objectives
4) Assignment of authority, accountability, and responsibility in all levels of the entity
5) Type of reporting lines (direct/solid line vs secondary reporting) and communication channels
6) Financial, tax, regulatory and other reporting requirements
2.3 Outline the role and characteristics of risk management oversight structures and explain how these structures differ by type of entity
Entities may delegate the responsibility to an oversight committee that gathers information on how risk associated with the strategy occurs across the entity.
Entities with complex legal structures may have several committees with some overlapping members. This committee structure should be aligned with the entity’s reporting structure to allow decisions to be made with full awareness of the risks of those decisions
In smaller entities the structure may be less formal with management more involved in day-to-day execution of the ERM strategy
3.1 Explain the role of culture in risk aware decision making
Culture influences how risk is identified, what risks are accepted and how they are managed.
A culture in which people do the right thing at the right time is critical to an entity being able to pursue opportunities and minimize risk in achieving the strategy and business objectives
3.2 Explain the concept of culture spectrum and provide an example of how it works in ERM
The culture spectrum goes from Risk averse to risk aggressive. The higher on the spectrum the greater the propensity for and acceptance of the amount of risk necessary to achieve goals
For example a hedge fund is likely a risk aggressive entity.
3.3 Outline factors that influence where an entity falls on the culture spectrum (4 internal 3 external)
Internal:
- how EEs interact with one another and managers
- the standards and rules of conduct
- the physical layout of the workplace
- rewards system
External
- regulatory requirements
- expectations of customers
- expectations of investors
3.4 Describe strategies for fostering a risk aware culture (7)
1) Maintaining strong leadership
2) Employing a participative management style
3) Enforcing accountability for all actions
4) Embedding risk in decision making
5) Having open and honest discussions about the risks facing the entity
6) Encouraging risk awareness across the entity
Employees should know what the entity stands for and the boundaries in which they can operate.
4.1 Define organizational “tone” and “tone in the middle”
Tone is defined by the operating style and personal conduct of both management and the board. Lead by example
Tone in the middle is a view o tone taken in larger entities that from time to time different markets and challenges may put pressure on different levels of the entity resulting in a change in tone
The more tone can remain consistent throughout the entity the more consistent the performance of ERM strategies will be.
4.2 Explain the role of standards of conduct in ERM (3 reasons + overall purpose)
3 reasons for establishing a code of conduct are:
1) Establishing what is acceptable and unacceptable
2) Providing guidance for navigating what lies between acceptable and unacceptable
3) Reflecting laws, regulations, standards and other expectations that the entity’s stakeholders may have, such as corporate social responsibility
The purpose of a code of conduct is to communicate the entity’s expectations of ethics and desired behaviours, including behaviours relating to ERM and decision making.
4.3 Explain why responding to deviations in standards of conduct is critical to ERM
Appropriate responses ensure that the entity’s culture is not undermined.