Module 2 - Unit 1 - The Global Business Environment Flashcards
How can risks be classified?
Risks can be classified according to:
- The nature of the impact (FIRM) and/or likely magnitude of the risk
- The timescale of impact after the event occurs
- The source of the risk. In this case, a risk may be classified according to its origin, such as counterparty or credit risk.
- the component or feature of the organization that will be impacted (people, premises, processes or products)
What are the four elements of STOC? How does risk management help each area?
- Strategy, because the risks associated with different strategic options will be fully analysed and better strategic decisions will be reached.
- Tactics, because consideration will have been given to selection of the tactics and the risks involved in the alternatives that may be available.
- Operations, because events that can cause disruption will be identified in advance and actions taken to reduce the likelihood of these events occurring, limit the damage caused by these events and contain the cost of the events.
- Compliance will be enhanced because the risks associated with failure to achieve compliance with statutory and customer obligations will be recognized
What are the options for attachment of risks?
Risks can be attached to: • Corporate objectives • Stakeholder expectations • Core processes • Key dependencies
What are the features of an enterprise risk management approach?
1 Encompasses all areas of organizational exposure to risk (financial, operational, reporting, compliance, governance, strategic, reputational, etc).
2 Prioritizes and manages those exposures as an interrelated risk portfolio rather than as individual ‘silos’ of risk.
3 Evaluates the risk portfolio in the context of all significant internal and external contexts, systems, circumstances and stakeholders.
4 Recognizes that individual risks across the organization are interrelated and can create a combined exposure that differs from the sum of the individual risks.
5 Provides a structured process for the management of all risks, whether those risks are primarily quantitative or qualitative in nature.
6 Seeks to embed risk management as a component in all critical decisions throughout the organization.
7 Provides a means for the organization to identify the risks that it is willing to take in order to achieve strategic objectives.
8 Constructs a means of communicating on risk issues, so that there is a common understanding of the risks faced by the organization, and their importance.
9 Supports the activities of internal audit by providing a structure for the provision of assurance to the board and audit committee.
10 Views the effective management of risk as a competitive advantage that contributes to the achievement of business and strategic objectives.
What are the COSO ERM (2017) components?
- Governance and culture: Governance sets the tone for the organization and establishes oversight responsibilities for ERM. Culture relates to ethical values, desired behaviors and understanding of risk.
- Strategy and objective setting: ERM, strategy and objective setting work together in the strategic planning process. Risk appetite should be aligned with strategy and business objectives to
successfully implement strategy. - Performance: Risks that can impact achievement of strategy and business objectives need to be identified, assessed and prioritized by severity in the context of risk appetite, so that risk responses can be selected.
- Review and revision: By reviewing entity performance, an organization can consider how well the ERM components are functioning over time and following substantial changes, and what revisions are necessary.
- Information, communication and reporting: ERM requires a continual process of obtaining and sharing necessary information, from both internal and external sources, which flows up, down, and across the organization.
Give some examples of Key Risk Indicators?
Staff turnover IT downtime Accident rates Mis-sold services Contamination incidents Interruption of supply lasting more than 30 minutes
