Module 2

Question 1

ERM defines enterprise objectives in four categories

Answer 1

Strategic: high level goals designed to achieve
Operations: effective and efficient
Reporting: reliable and consistent reporting
Compliance:compliance with laws and regulations

Question 2

ERM’s eight components

Answer 2

Internal environment
Setting Objective (4 categories of objectives)
Event Identification (cRime)
Assessment Risk (cRime)
Risk Response (cRime)
Control Activities (crimE)
Information and communicaiton (crIme)
Monitoring (criMe)

IS EAR AIM

Question 3

Internal Environment (Is ear aim) is supported by the following key elements:

Answer 3

EBOCA + HRR

commitment to Ethical values and integrity
Board oversight
Organizational structure
commitment to Competence
assignment to Authority and responsibilty
Risk management philosophy
Human resources standards
Risk apetite

Question 4

Objective Setting (iS ear aim) is supported by the following key elements:

Answer 4

1 Strategic Objective - mission driven
2 Related Objective (Activity Level) = ORC: Operations, Reporting, and Compliance objectives
3 Selected objectives: should align with entity’s risk appetite
4 Risk appetite = level of risk entity + able to accpet
5 Risk tolerance -

Question 5

Event Identification (is Ear aim) is supported by the following key objectives:

Answer 5

1. Events
2. Influencing factors
3. Event identification “Techniques”
4. Event Interdependence - “how change IV affects DV (dependent variable)
5. Event categories
6. Distinguishing risk and oppurtunties

Question 6

Risk Assessment (is eAr aim) is supported by the following key elements:

Answer 6

1. Inherent and Residual risk
2. Establishing Likelihood and Impact
3. Data sources
4. Assessment Techniques
5. Event Relationships

Question 7

Risk Response (is eaR aim) is supported by the following key elements

Answer 7

Evaluating Possible responses:
  1. Avoidance (discontinue)
  2. Reduction (mitigate by investing)
  3. Sharing (transferring risk thru buying insurance)
  4. Acceptance (take no action)
Selected Responses
Portfolio view

Question 8

Control Activities (is ear Aim) supported by the following key elements

Answer 8

Integration with Risk Response
Types of Control Activities
- top level reviews (budget vs actual, variance analysis)
- direction function or activity managment (performance reports)
- information processing
- physical controls (secured location)
- performance indicators (material variances)
- segregation of duties
- policies and procedures

Question 9

Information and Communication (is ear aIm)

Answer 9

Information (obtain)
Information quality: appropriate, timely, accessible, current, accurate
Communication: internal & external

Question 10

Monitoring (is ear aiM)

Answer 10

SOD:
Separate evaluations
Ongoing monitoring activties
reporing Deficiencies

Question 11

5 components of internal control

Answer 11

Control Environment - (tone at the topic ethics)
Risk Assessment - (FS misstated, not efficient, breaking law)
Information and Communication - (Fair, Accurate,Complete,Timely)
Monitoring - (Effectiveness of control & report deficiencies)
(Existing) Control Activities - (Policies /procedures to mitigate risks

Question 12

5 principles related to Control Environment

Answer 12

“EBOCA”

commitment to Ethics & integrity - est. standards of conduct
Board independence & oversight - oversight responsibilities
Organizational structure - reporting lines, authority & responsibilities that are appropiate
Commitment to competence - hire, develop, retain competent employees
Accountability - establishing performance measures, incentives, & rewards