Module 1 - Unit 3: Enterprise risk management Flashcards
List 6 features of an ERM approach
- Covers all areas of orgs risk exposure
- Sees risks as interrelated
- Evaluates risk in the context of internal and external contexts, systems and stakeholders
- Provides a structured process for the management of all risks
- Constructs a means of communicating on risk issues so there is a common understanding
- Views effective management of risk as contributing to the achievement of business and strategic objectives.
Compare and contrast ERM with traditional forms of risk management
Tbc
Use a sentence to define “internal environment”
People’s attitudes, entity’s risk management philosophy and risk appetite.
Use a sentence to describe “objective setting”
Establishing what the org is setting out to achieve in order to identify events that could obstruct this.
Use a sentence to describe “event identification”
Identifying internal and external events or circumstances that could impact the achievement of the org’s objectives.
Use a sentence to describe “risk assessment”
Assessing the inherent and residual risk levels of a potential event based on likelihood and impact in order to plan how it is managed.
Use a sentence to describe “risk response”
The decision to either avoid, accept, reduce or share risk. Actions aligned to tolerance and appetite of the organisation.
Use a sentence to describe “control activities”
Policies and procedures to ensure risk responses are effectively carried out.
Use a sentence to describe “information and communication/monitoring”
Relevant information identified and communicated in a form and timeframe that enables people to carry out their responsibilities.
Explain why the first element on the side face of the COSO ERM Cube is described as “Entity-Level”
ERM begins at entity level (where tolerance, appetite and objectives are agreed) and is cascaded through the organisation
Full implementation of ERM across a large org is likely to be measured a) up to 6 months b) 6 months to 1 year c) 1-3 years d) more than 3 years
More than three years.
List 4 ways in which an organisation can benefit from an ERM approach
FIRM
F - inancial e.g. Reduced cost of capital, increased profitability
I - nfrastructure e.g. Reduced disruption, efficiency, reduced operating costs
R- eputational e.g. Regulators satisfied, enhanced shareholder value, improved perception of organisation
M - arketplace e.g. Commercial opportunities maximised, better presence, higher ratio of business success, low ratio of disasters
Identify one method you could use to assess the benefits of an investment in ERM
Identify performance measurements aligned to the FIRM scorecard
Provide four difficulties or barriers with the implementation of the ERM approach. Try to provide solutions!
- Lack of support/commitment from senior management 🅰 identify a sponsor on the main board and confirm shared and common priorities. 2. Not seen as a core part of b/s activity, too time consuming 🅰 align with core processes and achievement of the objectives of the org 3. Approach too complicated and over-analytical 🅰 establish appropriate level of sophistication for framework and undertaking of risk assessments 4. Risk Management seen as static, not required for a dynamic org 🅰 - align with objectives and business decision making activities
Briefly describe the three levels of context for risk management
- Internal Context - mission, culture, processes, environment, capacity 2. External Context - product, market forces, social and political circumstances, legal & regulatory 3. Risk Management Context - the aim of risk management within the org, who is responsible, resources available
