Module 4 - Quiz 2

Question 1

2017 COSO ERM Framework

Answer 1

1. mission, vision, and core values = governance and culture
2. strategy development = strategy & objective setting
3. business objective formulation = performance
4. implementation and performance = review and revision
5. enhanced value = information, communication, and reporting

Question 2

Four Principles of strategy & objective setting

Answer 2

6. Analyze Business Context
7. Define Risk Appetite
8. Evaluate Alternative Strategies
9. Formulate Business Objectives

Question 2

By integrating ERM into the strategy-setting phase

Answer 2

you gain insights into the risk profile associated with each strategy and business objective

Question 3

COSO ERM: Component 2

Answer 3

Strategy & Objective Setting

Question 4

Five Principles of governance and culture

Answer 4

1. Board exercises risk oversight
2. Establishes operating structures
3. Defines desired culture
4. Commitment to core values
5. Attracts, develops and retains capable individual

Question 5

Five Principles of performance

Answer 5

10. Identifies Risk
11. Assesses Severity of Risk
12. Prioritizes Risks
13. Implements Risk Responses
14. Develops Portfolio View

Question 6

Three Principles of review and revision

Answer 6

15. Assesses Substantial Change
16. Reviews Risk and Performance
17. Pursues improvement in Enterprise Risk Management

Question 7

Three Principles of information, communication, and reporting

Answer 7

18. Leverages Information and Technology
19. Communicates Risk Information
20. Reports on Risk, Culture, and Performance

Question 8

COSO ERM: Component 1

Answer 8

Governance & Culture

Question 9

What is the “business context”?

Answer 9

Factors that influence current and future strategy and business objectives

Question 10

What are examples of “business context”?

Answer 10

Trends, political landscape, customers, suppliers

Question 11

How should it “business context” be viewed?

Answer 11

In three stages: Past, Present & Future

Question 12

When should “business context” be considered?

Answer 12

In all five components of the COSO ERM Framework

Question 13

State of the World (Reality)

Answer 13

VUCA – Volatility, Uncertainty, Complexity, Ambiguity [ascending order of risk]

Question 14

Aspects of business context

Answer 14

✓ Dynamic: Risks can emerge at any time
✓ Complex: Interconnected / interdependent
✓ Unpredictable: Changes happen quickly / can be unanticipated

Question 15

Two types of business contexts

Answer 15

External Environment & Internal Enviornment

Question 16

CATEGORIES OF EXTERNAL BUSINESS
ENVIRONMENT

Answer 16

PESTLE
- Political
- Economic
- Social
- Technological
- Legal
- Environment

Question 17

CATEGORIES OF INTERNAL BUSINESS
ENVIRONMENT

Answer 17

• Capital
• People
• Process
• Technology

Question 18

Principle 7

Answer 18

Define Risk Appetite

Question 19

Principle 6

Answer 19

Analyze Business Context

Question 20

How is “Risk Appetite” defined?

Answer 20

The types and amount of risk, on a broad level, an organization is willing to accept in pursuit of value

Question 21

Risk appetite is expressed in a form of

Answer 21

a risk appetite statement

Question 22

Risk Capacity

Answer 22

Maximum amount of risk entity is able to absorb in pursuit of strategy and business objectives

Question 23

Risk Profile

Answer 23

Composite view of the risks assumed by the entity at a particular time

Question 24

ERM capabilities & maturity

Answer 24

Strength of ERM practices within the entity

Question 25

How is Risk Appetite governed?

Answer 25

• Management with Board input (sometimes) develops risk appetite; Board approves
• Management is responsible for communicating
  & disseminating
• Management, with Board oversight, continuously
  monitors risk appetite and makes changes, when needed
• Mission, vision, and prior strategies provide significant inputs into risk appetite development

Question 26

Can strategy and risk appetite be developed in
parallel?

Answer 26

Yes

Question 27

The approaches used to communicate risk appetite

Answer 27

1. Create an overall risk appetite statement
2. Communicate risk appetite for each major class of organizational objectives
3. Communicate risk appetite for different categories of risk

Question 28

Steps in Defining Risk Appetite

Answer 28

1. Develop Risk Appetite
2. Communicate Risk Appetite
3. Monitor & Update Risk Appetite