Module 3

Question 1

Business risk

Answer 1

The threat that an action or event will adversely affect an organisation’s ability to achieve its objectives

Question 2

Business objectives - three categories

Answer 2

• Operational (market, organisational, financial)
• Reliable financial reporting
• Compliance (social + environmental, legal + regulatory)

Question 3

Four sources of risk

Answer 3

• Objectives that conflict
• Strategies
• External forces
• Internal forces

Question 4

Organisation’s overall approach to risk management is down to

Answer 4

The Board

Question 5

Objectives of risk management and internal control system (3)

Answer 5

• Reduce the likelihood of risky events occurring
• Minimise the impact if risky events do occur
• Improve the awareness of the risks faced by the business and the consequences of risky activities

Question 6

Formal risk management process incorporates DASTRAW

Answer 6

• Documented process
• Approach being followed by each department
• Standardised method
• Training
• Regular basis
• Accountability
• Weaknesses identified and actions followed up

Question 7

Benefits of risk management (8)

Answer 7

• Consistent approach
• Informed decisions
• Better information
• Increased understanding
• Formal documentation of risks
• Improved accountability
• Reduced fraud
• Reduced internal/ external audit costs

Question 8

Four risk control strategies

Answer 8

• Risk avoidance
• Risk acceptance
• Risk transfer/ sharing
• Risk reduction

Question 9

Board responsibility for overall approach to RMIC - 6 steps

Answer 9

1) Identify and assess principle risks
2) Determine risk appetite of organisation
3) Ensure appropriate culture and reward systems are embedded
4) Agree how principle risks should be managers/ mitigated
5) Monitor and review effectiveness of systems
6) Ensure sound internal and external information and communications

Question 10

In order to carry out its role effectively, the board must consider whether it and any groups whom it delegates responsibility for RMIC have the necessary (5)

Answer 10

• Skills
• Knowledge
• Experience
• Authority
• Support

Question 11

RMIC systems includes (5 components)

Answer 11

• Control environment
• Risk assessment process
• Information and communication systems
• Control acitivities
• Monitoring and review

Question 12

Principle risks should be focussed on by board, these are

Answer 12

Risks that could threaten the company’s business model, future performance, solvency or liquidity

Question 13

Committee of Sponsoring Organisations of the Treadway Commission (COSO) 1992

Answer 13

Provides framework for designing, implementing and assessing internal control systems

Question 14

Entity level controls

Answer 14

Those that help establish the tone and culture of the organisation (overarching controls)

Question 15

Matters for the board to consider (6)

Answer 15

• What assurance they require
• Delegation required
• Flow of information
• Skills, knowledge and experience
• How to ensure adequate discussion
• The culture it wishes to embed

Question 16

RMIC encompasses (6)

Answer 16

• Policies, culture, organisation, behaviours, processes and systems

Question 17

Risk assessment process (5 steps)

Answer 17

1) Identify risks in org
2) Assess the impact of risks
3) Assess likelihood of risk occurring
4) Prioritise risks, assessing principle risks
5) Identify whether controls can be put in place to mitigate