Lesson 9 Flashcards
1.1 Define enterprise risk management
The culture, capabilities and practices integrated with strategy setting and its execution the entities rely on to manage risk
1.1 List 5 areas that enterprise risk management emphasizes
1) Recognizing culture and capabilities
2) Applying practices
3) Integrating with strategy setting and its execution
4) Manage risk to strategy and business objectives
5) Linking to creating, preservice and realizing value
1.2 Define culture in the context of enterprise risk management
Risk culture is defined as attitudes, behaviours, and understanding about risk, both positive and negative, that influence decisions and reflect the mission, vision and core values of the entity
1.2 Define capability in the context of enterprise risk management
a core capability important to an entity in its pursuit of competitive advantages to create value.
Enterprise risk management helps the entity develop the skills it needs to execute the mission and vision to anticipate the challenges that may impede success
1.2 Define practices in the context of enterprise risk management
risk practices are the methods and approaches deployed within an entity related to managing risk.
Practices used in enterprise risk management are applied from the highest levels and flow down to decision making at all levels in the entity
1.3 Outline the premises that underpin the benefits of taking an enterprisewide approach to risk management
Based on the premise that every entity exists to provide a value for its stakeholders.
A related premise is that all entities face uncertainty.
Effective enterprise risk management allows decision makers to balance exposure against opportunity
1.4 define stakeholders and differentiate between external and internal
Stakeholders are parties that have a genuine or vested interest in an entity.
Internal are parties working within the entity such as employees, management and the board.
External stakeholders aren’t directly engaged in the entity’s operation but are directly impacted by it. Such as as group benefits plan, beneficiaries of plan members, plan service providers, regulatory bodies.
1.5 explain how the value of an entity is influenced by management decisions (4)
1) Value is created when the value of deployed resources is less than the benefit derived from that deployment
2) Value is preserved when the value of resources deployed in day-to-day operations sustains created benefits
3) Value is realized when stakeholders derive benefits created by the entity. Benefits may be non monetary
4) Value is eroded when management implements strategies that don’t yield expected outcomes of fails to execute day-to-day tasks
1.6 Explain how enterprise risk management interfaces with strategy
Strategy refers to an entity’s plan to achieve its mission and vision and apply its core values.
Enterprise risk management informs the entity on risks that may arise from a strategy and evaluates the assumptions that underlie a strategy and looks at sensitivity to changes in the assumptions
1.7 Explain how enterprise risk management can influence an entity’s ability to adapt survive and prosper
Risks are always present and changing.
While it may not be possible to manage all potential outcomes of risk they can improve how they adapt to changing circumstances.
Focuses on managing risks to reduce likelihood of adverse events and manage outcomes if they do occur
1.8 Outline benefits of integrating enterprise risk management with strategy setting and performance management processes (5)
1) Expand the range of opportunities for creating value. Considering all reasonable possibilities, might surface opportunities
2) Identify and manage entity wide risks, brings data together to respond effectively
3) Reduce surprises and losses - have already identified risks and prepared responses
4) Reduce performance variability - in some organizations consistency is key
5) Improve resource deployment - allows for assessment of resource needs and enhanced resource allocation
2.1 Explain how events, uncertainty and severity impact risk
An event is an occurrence or a set of occurrences.
Uncertainty is a state of not knowing and severity is the measurement of such considerations as the impact of the event and time to recover.
In the context of risk events are broad and uncertain
2.2 Explain why an event with a positive outcome can also pose a risk
The event that is beneficial to one objective may be detrimental to another.
For example higher than forecasted sales may produce supply chain issues
3.1 Outline 4 things that an entity is better positioned to understand when enterprise risk management, strategy setting and strategy execution are aligned
1) How mission, vision, and core values form the initial expression of acceptable types and amount of risk when setting strategy
2) Possibility of strategies and business objectives not aligning with the mission, vision, and core values
3) Types and amount of risk the entity potentially exposes itself to from the strategy that has been chosen
4) Types and amount of risk to executing its strategy and achieving business objectives
3.2 Define mission
Mission is the entity’s core purpose, which establishes what it wants to accomplish and why it exists
3.2 Define vision
The entity’s aspirations for its future state or what it hopes to achieve over time
3.2 Define core values
The entity’s beliefs and ideals about what is acceptable. This influences the behaviour of an entity and how it wants to conduct business
3.2 Explain how mission, vision and core values relate to an entity’s purpose
Together these elements communicate to stakeholders the entity’s purpose.
For most entities these remain stable and are reaffirmed over time. Though they may evolve as stakeholder expectations change