Module 1 - Unit 3: Enterprise risk management COPY Flashcards

1
Q

List 6 features of an ERM approach

A
  1. Covers all areas of orgs risk exposure
  2. Sees risks as interrelated
  3. Evaluates risk in the context of internal and external contexts, systems and stakeholders
  4. Provides a structured process for the management of all risks
  5. Constructs a means of communicating on risk issues so there is a common understanding
  6. Views effective management of risk as contributing to the achievement of business and strategic objectives.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Compare and contrast ERM with traditional forms of risk management

A

Tbc

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Use a sentence to define “internal environment”

A

People’s attitudes, entity’s risk management philosophy and risk appetite.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Use a sentence to describe “objective setting”

A

Establishing what the org is setting out to achieve in order to identify events that could obstruct this.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Use a sentence to describe “event identification”

A

Identifying internal and external events or circumstances that could impact the achievement of the org’s objectives.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Use a sentence to describe “risk assessment”

A

Assessing the inherent and residual risk levels of a potential event based on likelihood and impact in order to plan how it is managed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Use a sentence to describe “risk response”

A

The decision to either avoid, accept, reduce or share risk. Actions aligned to tolerance and appetite of the organisation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Use a sentence to describe “control activities”

A

Policies and procedures to ensure risk responses are effectively carried out.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Use a sentence to describe “information and communication/monitoring”

A

Relevant information identified and communicated in a form and timeframe that enables people to carry out their responsibilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Explain why the first element on the side face of the COSO ERM Cube is described as “Entity-Level”

A

ERM begins at entity level (where tolerance, appetite and objectives are agreed) and is cascaded through the organisation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Full implementation of ERM across a large org is likely to be measured a) up to 6 months b) 6 months to 1 year c) 1-3 years d) more than 3 years

A

More than three years.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

List 4 ways in which an organisation can benefit from an ERM approach

A

FIRM

F - inancial e.g. Reduced cost of capital, increased profitability

I - nfrastructure e.g. Reduced disruption, efficiency, reduced operating costs

R- eputational e.g. Regulators satisfied, enhanced shareholder value, improved perception of organisation

M - arketplace e.g. Commercial opportunities maximised, better presence, higher ratio of business success, low ratio of disasters

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Identify one method you could use to assess the benefits of an investment in ERM

A

Identify performance measurements aligned to the FIRM scorecard

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Provide four difficulties or barriers with the implementation of the ERM approach. Try to provide solutions!

A
  1. Lack of support/commitment from senior management 🅰 identify a sponsor on the main board and confirm shared and common priorities. 2. Not seen as a core part of b/s activity, too time consuming 🅰 align with core processes and achievement of the objectives of the org 3. Approach too complicated and over-analytical 🅰 establish appropriate level of sophistication for framework and undertaking of risk assessments 4. Risk Management seen as static, not required for a dynamic org 🅰 - align with objectives and business decision making activities
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Briefly describe the three levels of context for risk management

A
  1. Internal Context - mission, culture, processes, environment, capacity 2. External Context - product, market forces, social and political circumstances, legal & regulatory 3. Risk Management Context - the aim of risk management within the org, who is responsible, resources available
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Define ERM

A

Identifying and evaluating significant and interdependent risks, assigning ownership and responding in line with the orgs risk appetite in order to produce useful information for decision making and assurance of achieving objectives.

17
Q

What 8 elements appear on the front face of the COSO ERM cube and describe the risk management process?

A

Internal environment

Objective setting

Event identification

Risk assessment

Risk response

Control activities

Information and communication

Monitoring and review

18
Q

What are the 4 types of objectives that make up the top of the COSO ERM cube?

A

Strategic Operations Reporting Compliance

19
Q

What 4 levels of implementation appear on the side of the COSO ERM cube?

A

Cascading from the front:

Entity level

Division

Business unit

Subsidiary

20
Q

Which of the following definitions best describes the term ‘control activities’ in the COSO ERM cube?

A) Ways to identify internal and external events that could affect the achievement of objectives

B) The means to analyse risks, their likelihood and impact

C) The ways in which compliance with policies and procedures can be checked

A

C) The ways in which compliance with policies and procedures can be checked

21
Q

Which of these is part of the risk management context, as opposed to the external or internal contexts?

A) The regulatory framework

B) The organisational structure

C) The risk management strategy

A

C) The risk management strategy