Module 2 - Unit 5: Risk Assurance & Reporting Flashcards

1
Q

What do we mean by the ‘control environment’?

A

The whole range and interaction of controls that address risks and support the achievement of objectives including resources, systems, processes, culture, structure and tasks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Describe the ‘three lines of defence’ used to provide assurance of good risk management

A
  1. Business managers (responsible for applying the risk man. framework)
  2. Risk management function (responsible for supporting and challenging the RM activities and designing the RMF)
  3. Internal audit (responsible for providing independent and objective assurance on the robustness of the RMF and the effectiveness of internal control
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

How do the Institute of Internal Auditors define internal auditing?

A

Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organisation’s operations.

It helps an organisation accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

How does internal audit fit into the “three lines of defence” model?

A

Internal audit represents the third line of defence.

Its role is to provide assurance over the effectiveness of the control environment and it also assesses the operation of the risk management strategy and activities in the organisation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are the four overarching responsibilities of an audit committee?

A
  1. External audit
  2. Internal audit
  3. Financial reporting
  4. Regulatory reports
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What information on risk are companies required to disclose in their annual report and accounts?

A

Companies are required to disclose their principal risks and uncertainties in their annual report and accounts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Why do many organisations not regard “reputation” as a risk category?

A

Most organisations regard damage to reputation as a consequence of the occurrence of risk events, rather than a risk in itself

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

The Nolan principles of public life underpin governance activities within government departments, agencies or authorities. List all 7.

A
Selflessness 
Integrity
Objectivity
Accountability 
Openness 
Honesty
Leadership
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

When did the Financial Reporting Council (FRC) publish its “Guidance on Risk Management, Internal Control and Related Financial and Business Reporting”?

A

September 2014

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

According to the FRC’s “Guidance on Risk Management, Internal Control and Related Financial and Business Reporting”, what are the Board’s (6) main responsibilities towards Risk Management and Internal Control?

A
  1. Ensuring the design/implementation of appropriate RM and IC systems that (1) identify the company’s risks and (2) enable the Board to make an assessment of the principal risks.
  2. Determine the nature/extent of the risks faced, and which the org. is willing to take to achieve its objectives (its Risk Appetite).
  3. Ensure appropriate culture and reward systems are embedded.
  4. Agree on how principals risks should be managed/mitigated.
  5. Monitor/Review the RM and IC systems,
  6. Ensure sound internal/external communication.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Give 3 features of the system of Internal Control

A

The system of IC should:

  • Be embedded in the company’s operations and form part of its culture.
  • Be capable of responding quickly to evolving risks, both internal and external.
  • Include procedures for reporting immediately any significant control failings or weaknesses, plus details of corrective actions.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Taking the example of fraud by employees, what may the control environment include?

A
  • Pre-employment checks, e.g. references/criminal background.
  • Accounting and asset protection measures to prevent fraudulent use/theft
  • Policy of legal prosecution against guilty employees
  • Periodic audit of finances/stocks
  • Regular refresher tests for staff
  • Standard operating process, e.g., insisting all staff take at least 2 weeks holiday per year
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

List the types of risk management documentation that may be required

A

Risk management administration
Risk response and improvement plans
event reports and recommendations
risk performance and certification reports

(Hopkin, p. 414)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Define the four components of the business model as listed by Hopkin

A

CORR

Customer - segments, recruitment and retention
Offering - customer value proposition
Resources - data, capabilities and assets of the organisation
Resilience - reputational and financial resilience

(Hopkin, p.228)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

The business model represents the existing ________ for the delivery of the ________ _________ and provides a description of ________ and ________ activities.

A

The business model represents the existing mechanisms for the delivery of the customer offering and provides a description of operational and compliance activities.

(Hopkin, p. 228)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Define what the business model delivers according to Hopkin.

A

The business model represents how the organisation fulfils its vision and mission statement, as well as its aims and objectives.

(Hopkin, p. 229)

17
Q

What is at the heart of the business model, according to Hopkin?

A

The customer offering

Hopkin, p. 229

18
Q

Describe the EM3 model (Hopkin)

A

EM3 =

Embrace strategic risks
Manage Tactical risks
Mitigate Operational risks
Minimize Compliance risks

(Hopkin, p. 230)

19
Q

List some of the benefits to an organisation of achieving good standards of corporate social responsibility

A

Protect/enhance reputation, brand and trust
Attract, motivate and retain talent
Manage and mitigate risk
Improve operational & cost efficiency
Give the business a licence to operate
Develop new business opportunities
Create a more secure and prosperous operating environment

20
Q

Give a definition of CSR (Corporate Social Responsibility)

A

The EU definition is:

“CSR is the concept that an enterprise is accountable for its impact on all relevant stakeholders.

It is the continuing commitment by business to behave fairly and responsibly and contribute to economic development, while improving the quality of life of the workforce and their families, as well as of the local community and society at large.”

(Hopkin, p. 231)

21
Q

List the scope of issues covered by CSR (Corporate Social Responsibility)

A
Health & Safety
Employees
Customers
Environment
Suppliers
Community
Products/Services

(Hopkin, table 20.1)

22
Q

List the key groups that are stakeholders in the CSR agenda of an organisation.

A

Employees
Customers
Suppliers
The General community

(Hopkin, p. 233)

23
Q

List the areas where unethical trading can result in damage to reputation, loss of future profitability and a refusal on the part of customers and suppliers to deal with the orgnisation

A

Failure to comply with rules and regulations
Trading with undesirable overseas governments
Excessive payments to political parties
Tax evasion or dubious tax arrangements
inappropriate criticism of competitors
false allegations against competitors
Unethical alliances with competitors

24
Q

List the four main components of reputation

A

CASE

Capabilities, including purpose and resources
Activities, including processes and finances
Standards, including services/products and support
Ethics, including values and integrity

25
Q

Describe the three types of emerging risks

A

New risks that have emerged in the external environment, but are associated with the existing strategy of the organisation - new risks in known context

Existing risks that were already known to the organisation, but have developed or changed circumstances have triggered the risk - known risks in new context

Risks that were not previously faced by the organisation, because the risks are associated with changed core processes - new risks in new context

(Hopkin, p. 105)

26
Q

List some emerging risks that are not within the control of an individual or organisation

A

Climate change
Sovereign debt
National security
Changing demographics

27
Q

Give a definition of resilience

A

“the capacity of an organisation to consistently achieve a desired state following a change in circumstances” (Hopkin, p. 107)

28
Q

List the headings that are normally used to evaluate the risk-aware culture within an organisation, using the CoCo approach

A

Purpose, vision and mission;
commitment to integrity and ethical values;
capability, authority and responsibilities;
learning and development of competence

(Hopkin, p. 109)

29
Q

What is the role of Internal Audit, according to the IIA?

A

The role of internal audit is to provide independent assurance that an organisation’s risk management, governance and internal control processes are operating effectively.

(https://www.iia.org.uk/about-us/what-is-internal-audit)