Module 2 - Past Paper (November 2017) Flashcards
Draw a diagram, which shows the risk architecture for either (i) a large corporation or (ii) a charity.
- 1 From Hopkin 4th Ed p264 or p 266 – this shows p264
* Marks awarded based on closeness to this diagram; correct labelling and arrows are also important. The details within the boxes are not necessary for obtaining the marks and other variations are acceptable if they seem to be justifiable.*
Correct the following statement – “the organization’s risk priorities for the present year form part of the protocols of the risk management framework”.
“the organization’s risk priorities for the present year form part of the strategy of the risk management framework”
- Mark awarded for the error corrected. ‘risk strategy’ or ‘strategies’ or ‘risk policy’ would be acceptable alternative terms.*
- 2.1 Hopkin 4th Ed p245 Table 21.1*
Identify four risk management roles of a risk management committee.
2.2 Hopkin 4th Ed p264, p266, Table 22.3 p268, Study Guide 2017 Ed p31
From p268
- To advise the board on risk management and to foster a culture that emphasizes and demonstrates the benefits of a risk-based approach to risk management
- To make appropriate recommendations to the board on all significant matters relating to the risk strategy and policies of the company
- To monitor the performance of the risk management systems and review reports prepared by relevant parties
- To keep under review the effectiveness of the risk management infrastructure of the company, including:
- assessment of risk management procedures in accordance with changes in the operating environment
- consideration of risk audit reports on the key business areas to assess the level of business risk exposure
- consideration of any major findings of any risk management reviews and the response of management
- assessment of the risks of new ventures and other strategic, project and operational initiatives
- To review the risk exposure of the company in relation to the risk appetite of the board and the risk capacity of the company
- To consider the development of risk management and make appropriate recommendations to the board
- To consider whether disclosure of information regarding risk management policies and key risk exposures is in accordance with financial reporting standards
From p266:
- Provide assurance to the board that risks to achieving excellence in governance are being effectively understood, managed and mitigated
- Identify significant risks that the board needs to consider in detail
- Identify that the risk management strategy and policy is implemented consistently across the organization
- Monitor and ensure the effectiveness of risk management governance systems
- Ensure that the risk register is fit for purpose and meets requirements sufficient for the board to discharge statutory functions
From p264 and Study Guide 2017 p31
- Formulation of strategy and policy
- Compile group risk register
- Receive reports from divisions
- Track RM activity in the divisions
Marks awarded for each correct role. Other roles, which seem reasonable to the examination team, can be accepted.
Correct the errors underlined in the following definition, taken from the IRM’s risk culture guide: “Risk culture is a term describing the appetite, beliefs, practice and morality about risk shared by a group of people with conflicting objectives, in particular the employees of an organisation or of teams or groups within an organisation.”
Risk culture is a term describing the values, beliefs, knowledge and understanding about risk shared by a group of people with a common purpose, in particular the employees of an organisation or of teams or groups within an organisation.’
- Marks awarded for each accurate correction: exact word for word corrections are not vital to score the marks, It’s more important that candidates have the broad understanding of the correct version.*
- 3.1 Study Guide 2017 p34, Risk Culture Guide p7*
Describe four characteristics of a risk aware culture.
(LILAC)
Leadership - Strong leadership within the organization in relation to strategy, projects and operations
Involvement - Involvement of all stakeholders in all stages of the risk management process
Learning - Emphasis on training in risk management procedures and learning from events
Accountability - Absence of an automatic blame culture, but appropriate accountability for actions
Communication - Communication and openness on all risk management issues and the lessons learnt
- Marks awarded for each reasonably close situation. Others if they seem reasonable can also be awarded.*
- 3.1 Hopkin 4th Ed Table 24.3 p293*
Draw a suitably labelled risk matrix, which shows the optimal risk appetite, risk exposure and risk capacity.
- Marks awarded for likelihood impact labelling, for optimal exposure, for ultimate risk capacity, for the correct zones. Marks can be awarded in the unlikely event that the candidate presents a matrix from a different source, which appears to be correct.*
- 3.4 Hopkin 4th Ed Fig 25.1 p 304*
List four steps that will help you achieve the successful ERM in your organisation.
- Engage senior management and board of directors to provide organizational support and resources.
- Establish an independent ERM function reporting directly to a board member.
- Establish the risk architecture at executive and board levels, supported by internal audit.
- Develop the ERM framework that incorporates an appropriate risk classification system.
- Develop a risk aware culture fostered by a common language, training and education.
- Provide written procedures with a clear statement of the risk appetite of the organization.
- Agree monitoring and reporting against established objectives for risk management.
- Undertake risk assessments to identify accumulations and interdependencies of risk.
- Integrate ERM into strategic planning, business processes and operational success.
- Contribute to the success of the organization by delivering measurable benefits.
- Marks awarded for each reasonably close step, If student suggests LILAC, this does have some validity and is the right area, but is not strictly correct; so minimum marks available.*
- 6.2 Hopkin 4th Ed Table 24.1 p290*
Describe four barriers that can occur when an organization seeks to implement enterprise risk management, and state one action to overcome each barrier that you identify.
- Marks available for each correctly identified and described barrier + others if they seem reasonable.*
- 6.2 Hopkin 4th Ed p292 Table 24.2*
Summarise four roles of a non-executive director.
- Strategy - constructively challenge and help develop proposals on strategy
- Performance - scrutinize the performance of management
- Risk - challenge the integrity of the financial information
- Controls - seek assurance that financial controls and systems of risk
- management are robust and defensible
- People - determine the appropriate level of remuneration for the executive directors and have a prime role in succession planning
- Confidence - seek to establish and maintain confidence in the conduct of the company
2.2 Hopkin 4th Ed p261
The Chartered Institute of Management Accountants (2010) report shows that Birmingham City Council and Tesco linked risk management with performance targets. Identify four advantages of using this approach.
- The performance information provides feedback for the risk management process. This has the advantage of helping to prioritise actions.
- Linking risk management to performance standards is key in ensuring risk management is embedded in the organisation.
- Performance standards that fall short of expectations or target can indicate the effect of risk events or slowly operating control failures.
- Performance measures can be seen as representations of objectives, thus an organization which links the idea of risks to objectives goes to the heart of what risks and risk management is all about.
6.1 CIMA study and Study guide 2017 p86-87 with similar Qp87 and suggested answer p91
