Lesson 9 Flashcards

1
Q

1.1 Define enterprise risk management

A

The culture, capabilities and practices integrated with strategy setting and its execution the entities rely on to manage risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

1.1 List 5 areas that enterprise risk management emphasizes

A

1) Recognizing culture and capabilities

2) Applying practices

3) Integrating with strategy setting and its execution

4) Manage risk to strategy and business objectives

5) Linking to creating, preservice and realizing value

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

1.2 Define culture in the context of enterprise risk management

A

Risk culture is defined as attitudes, behaviours, and understanding about risk, both positive and negative, that influence decisions and reflect the mission, vision and core values of the entity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

1.2 Define capability in the context of enterprise risk management

A

a core capability important to an entity in its pursuit of competitive advantages to create value.

Enterprise risk management helps the entity develop the skills it needs to execute the mission and vision to anticipate the challenges that may impede success

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

1.2 Define practices in the context of enterprise risk management

A

risk practices are the methods and approaches deployed within an entity related to managing risk.

Practices used in enterprise risk management are applied from the highest levels and flow down to decision making at all levels in the entity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

1.3 Outline the premises that underpin the benefits of taking an enterprisewide approach to risk management

A

Based on the premise that every entity exists to provide a value for its stakeholders.

A related premise is that all entities face uncertainty.

Effective enterprise risk management allows decision makers to balance exposure against opportunity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

1.4 define stakeholders and differentiate between external and internal

A

Stakeholders are parties that have a genuine or vested interest in an entity.

Internal are parties working within the entity such as employees, management and the board.

External stakeholders aren’t directly engaged in the entity’s operation but are directly impacted by it. Such as as group benefits plan, beneficiaries of plan members, plan service providers, regulatory bodies.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

1.5 explain how the value of an entity is influenced by management decisions (4)

A

1) Value is created when the value of deployed resources is less than the benefit derived from that deployment

2) Value is preserved when the value of resources deployed in day-to-day operations sustains created benefits

3) Value is realized when stakeholders derive benefits created by the entity. Benefits may be non monetary

4) Value is eroded when management implements strategies that don’t yield expected outcomes of fails to execute day-to-day tasks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

1.6 Explain how enterprise risk management interfaces with strategy

A

Strategy refers to an entity’s plan to achieve its mission and vision and apply its core values.

Enterprise risk management informs the entity on risks that may arise from a strategy and evaluates the assumptions that underlie a strategy and looks at sensitivity to changes in the assumptions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

1.7 Explain how enterprise risk management can influence an entity’s ability to adapt survive and prosper

A

Risks are always present and changing.

While it may not be possible to manage all potential outcomes of risk they can improve how they adapt to changing circumstances.

Focuses on managing risks to reduce likelihood of adverse events and manage outcomes if they do occur

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

1.8 Outline benefits of integrating enterprise risk management with strategy setting and performance management processes (5)

A

1) Expand the range of opportunities for creating value. Considering all reasonable possibilities, might surface opportunities

2) Identify and manage entity wide risks, brings data together to respond effectively

3) Reduce surprises and losses - have already identified risks and prepared responses

4) Reduce performance variability - in some organizations consistency is key

5) Improve resource deployment - allows for assessment of resource needs and enhanced resource allocation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

2.1 Explain how events, uncertainty and severity impact risk

A

An event is an occurrence or a set of occurrences.

Uncertainty is a state of not knowing and severity is the measurement of such considerations as the impact of the event and time to recover.

In the context of risk events are broad and uncertain

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

2.2 Explain why an event with a positive outcome can also pose a risk

A

The event that is beneficial to one objective may be detrimental to another.

For example higher than forecasted sales may produce supply chain issues

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

3.1 Outline 4 things that an entity is better positioned to understand when enterprise risk management, strategy setting and strategy execution are aligned

A

1) How mission, vision, and core values form the initial expression of acceptable types and amount of risk when setting strategy

2) Possibility of strategies and business objectives not aligning with the mission, vision, and core values

3) Types and amount of risk the entity potentially exposes itself to from the strategy that has been chosen

4) Types and amount of risk to executing its strategy and achieving business objectives

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

3.2 Define mission

A

Mission is the entity’s core purpose, which establishes what it wants to accomplish and why it exists

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

3.2 Define vision

A

The entity’s aspirations for its future state or what it hopes to achieve over time

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

3.2 Define core values

A

The entity’s beliefs and ideals about what is acceptable. This influences the behaviour of an entity and how it wants to conduct business

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

3.2 Explain how mission, vision and core values relate to an entity’s purpose

A

Together these elements communicate to stakeholders the entity’s purpose.

For most entities these remain stable and are reaffirmed over time. Though they may evolve as stakeholder expectations change

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

3.2 Explain the significance of alignment among strategy, mission, vision, and values to enterprise risk management

A

Mission and vision help to establish boundaries for strategy and bring focus to understanding how decisions may affect strategy.

Mission, vision, and core value statements guide in determining the types and amount of risk an entity is likely to encounter and accept

If these are not aligned the ability to realize the mission and vision may be reduced

20
Q

3.4 Describe the focus of enterprise risk management in the context of strategy execution. Provide an example

A

The focus of risk management is on understanding the strategy and the risks to its relevance and viability. There is always a risk to executing strategy

For example a health care provider has a goal of providing quality care. The provider considers EE capability, treatment options, legislative requirements. If one option is risky, understaffing for example,

21
Q

3.5 Explain the roles of the governance and operating models in enterprise risk management

A

An entity’s governance model defines and establishes authority, responsibility, and accountability.

It aligns the roles and responsibilities to the operating model at all levels - from the board of directors to management, division, operating units and functions

Operating model describes how management organizes and executes its day-to-day operations. It is typically aligned with the legal structure and management structure.

Both models influence the ability to identify, assess, and respond to risks to the achievement of strategy

22
Q

3.6 Explain the significance of an entity’s legal structure in risk management

A

How an entity is structured legally influences how it operates. A variety of factors, including size of the entity and any relevant regulatory, taxation or shareholder structures influence the suitability of different legal structures.

A small entity may operate as a single legal entity and risks can be aggregated across the entity.

For large entities consisting of several district legal entities. risks may be segregated.

23
Q

4.1 Explain the relationship between performance targets and level of uncertainty

A

Performance describes how actions are carried out as measured against a preset target.

The level of uncertainty varies with the level of performance desired.

For example airlines have a certain amount of uncertainty about their ability to operate 100% of flights on schedule. They are less uncertain that they can operate 90% of scheduled flights

24
Q

4.2 Explain the concept of risk profile in the context of enterprise risk management (define + 4 points needed to develop one)

A

A risk profile is a composite view o the risks for an entity as a whole or as a division, project or initiative

To develop a risk profile requires an understanding of:

1) Strategy or relevant business objectives

2) Performance target and acceptable variations in performance

3) Capacity and appetite for risk

4) Severity of the risk to the achievement of the strategy and business objectives

25
Q

4.3 describe a risk profile

A

varies, could be displayed as a chart with risk on the Y axis and performance on the x-axis. Looking at how performance increases or decreases in relation to risk

26
Q

4.4 Explain the concept of risk appetite and its relationship to strategy setting

A

Risk appetite means the type and amount of risk an entity is willing to accept in its pursuit of value. Knowing the risk appetite is essential to enterprise risk management

The risk appetite may affect the strategy and visa versa

27
Q

4.5 Compare risk capacity to risk appetite

A

Risk capacity is the maximum amount of risk that an entity is able to absorb in the pursuit of strategy and business objectives.

Risk capacity must be considered when setting risk appetite

28
Q

5.1 Explain the premise of the COSO framework

A

The premise is that the entity’s mission, vision and core values drive the development of strategy and objectives which in turn impact the performance.

29
Q

5.1 What are the 5 interrelated components of the COSO framework

A

1) Risk governance and culture

2) Risk, strategy and objective setting

3) Risk in execution

4) Risk information, communication and reporting

5) Monitoring enterprise risk management performance

30
Q

5.2 In the context of enterprise risk management outline: risk governance and culture

A

Form a basis for other components of risk management

Governance sets the company’s tone and culture pertains to ethical values, desired behaviour and understanding of risk in the entity

31
Q

5.2 In the context of enterprise risk management outline: Risk, strategy and objective setting

A

These integrate into the strategic plan. With an understanding of the business context the entity can gain insight into internal and external factors and their impact to risk. An entity sets its risk appetite in conjunction with strategy setting.

The business objectives allow this to be put into the context of day-to-day operations

32
Q

5.2 In the context of enterprise risk management outline: Risk in execution

A

Prioritizes risks according to the severity and risk appetite.

The entity selects a risk response and monitors performance for change. It develops a portfolio view of the amount of risk the entity has assumed in pursuing its strategy and business objectives

33
Q

5.2 In the context of enterprise risk management outline: Risk information, Communication and Reporting

A

Communication is the continual process of gathering and sharing information.

Relevant and quality information from both internal and external sources is used to support risk management.

34
Q

5.2 In the context of enterprise risk management outline: Monitoring Enterprise Risk Management Performance

A

An entity considers how well the enterprise risk management components are functioning over time and during times of substantial change

35
Q

5.3 Outline 5 criteria an entity may consider for assessing the overall effectiveness of enterprise risk management

A

1) Whether components and principles relating to enterprise risk management are present and functioning

2) Whether components relating to enterprise risk management are operating together in an integrated manner

3) Whether controls necessary to effect principles are present and functioning

4) Whether components relevant principles and controls to effect those principles that are functioning continue to operate to achieve strategy and business objectives

5) Whether components, relevant principles and controls to effect those principles that are present exist in the design and implementation of enterprise risk management to achieve strategy and business objectives

36
Q

6.1 Outline factors that impact the establishment of roles and accountability for enterprise risk management in an entity (5)

A

1)Size
2) strategy
3) Business objectives
4) culture
5) external stakeholders

the roles, responsibilities and accountabilities are defined to allow for the clear ownership of strategy and risk that fits within the governance structure, reporting lines and culture.

37
Q

6.1 Who in a company is ultimately responsible for enterprise risk management

A

The leader (CEO or president)

They should have a deep understanding of the entity’s strategy and business objectives

38
Q

6.2 Outline oversight practices for the Risk Governance and Culture component of the COSO Framework (9)

A

1) Assessing the appropriateness of the entity’s strategy; alignment to the mission vision and core values and the risk inherent in that strategy

2) Defining the board risk governance role and structure, including subcommittees

3) Engaging with management to define the suitability of enterprise risk management

4) Overseeing evaluations of the culture and ensuring that management remediates any gaps

5) Promoting risk aware mindset that aligns the maturity of the entity with its culture

6) Challenging the potential biases and tendencies of management and fulfilling its independent and unbiased oversight rule

7) Understanding the strategy, operating model, industry and issues and challenges affecting the entity

8) Overseeing the alignment of business performance, risk taking and incentives/ compensation to balance short term and long term strategy achievement

9) Understanding how risk is monitored by management

39
Q

6.3 Outline oversight practices for the risk, strategy and objective setting component of the COSO framework (5)

A

1) Setting expectations for integration if ERM into strategic planning

2) Discussing and understanding risk appetite and considering whether it aligns with its expectations

3) Engaging in discussion with management to understand the changes to business context that may impact the strategy and its linkage to new, emerging or manifesting risks

4) Encouraging management to think about the risks inherent in the strategy and underlying business assumptions

5) Requiring management to demonstrate an understanding of the risk capacity of the entity to withstand large unexpected events

40
Q

6.4 Outline oversight practices for risk in the Execution component of the COSO framework (5)

A

1) Reviewing strategy and underlying assumptions

2) Setting expectations for risk reporting, including metrics and external disclosures

3) Understanding how management identifies and communicates the most severe risks

4) Reviewing and understanding the most significant risks and response scenarios

5) Understanding the plausible scenarios that could change the portfolio view

41
Q

What are the 5 components of the COSO framework

A

1) Control environment

2) Risk assessment and management

3) Control Activities

4) Information and Communication

5) Monitoring

41
Q

What are the 5 components of the COSO framework

A

1) Control environment

2) Risk assessment and management

3) Control Activities (Execution’s)

4) Information and Communication

5) Monitoring

42
Q

6.5 Outline oversight practices for the Risk Information Communication and reporting component of the COSO framework (3)

A

1) Establishing the information underlying data and formats to execute board oversight

2) Accessing internal and external information and insights conducive to effective risk oversight

3) Obtaining input from internal audit, external auditors and other independent parties regarding management perceptions and assumptions

43
Q

6.6 Outline oversight practices for the Monitoring ERM performance component of the COSO framework

A

1) Asking management about any risk manifesting in actual performance (both positive and negative)

2) Asking management about the enterprise risk management processes and challenges and asking management to demonstrate the suitability and functioning of those processes

44
Q

7.1 Describe the 3 tiers of indicators used by OSFI to detect risks that impact federally regulated pension plans. Provide examples of each

A

Tier 1 - Detect issues that require immediate attention and may have a significant impact on both the current state and future risk within the plan. e.g. Non-remittance of contributions, contribution holidays in excess of surplus or a plan sponsor facing serious financial issues

Tier 2 - Identify potential risks with the pension plan that may lead to more serious issues. e.g. Investment returns that don’t meet benchmarks, large changes in membership, high proportion of liabilities relating to retired members

Tier 3 - Capture situations that may require greater diligence or controls on the part of the plan administrator but may not have significant impact on risk within the plan if properly managed.
e.g. Whether a plan’s provisions contain benefits that are subject to the plan administrator’s discretion or if there has been a history of late filings for the plan