Module 4 - Quiz 2 (pt2) Flashcards
Risk Appetite should be reviewed in relation to
how the organization operates
Once risk appetite is communicated, management, with Board support, needs to
revisit and reinforce it
Risk appetite cannot be set once and then left alone (true or false)
true
Management should not monitor activities for consistency with risk appetite (true or false)
false - Management should monitor activities for consistency with risk appetite
Risk Appetite Statement examples
- “Company ABC has a low risk appetite relating to safety and compliance objectives and a medium risk appetite for its strategic objectives”
- “University A accepts a moderate risk appetite as it seeks to expand the scope of its offerings and attract new students. University A has a low risk appetite for programs that are not aligned with the University’s mission and vision”
Key Relationships for Risk Appetite
- Reflect Mission, Vision, Core Values
- Support execution of Strategy
- Enable Business Objectives
Principle 8
Evaluate Alternative Strategies
ERM evaluates strategies to ensure
✓ Alignment with mission, vision, and core values
✓ Risk implications of chosen strategies
✓ Identification of misaligned strategies
Organizations consider various strategies on
how to achieve their mission and vision while
adhering to core values by
- Assessing risks associated with each strategy
- Assessing opportunities
- Identifying strategy dependencies
- Higher the number of assumptions relating to a strategy, the higher the risk profile
- Determining risk profile of each strategy to size required resources for execution
Examples on how to evaluate alternative strategies
- SWOT analysis
- Modeling
- Valuation
- Forecasts
- Scenario analysis
- Competitor analysis
Selected strategy MUST be within Risk Appetite (true or false)
true
Monitoring progress
Periodically evaluate strategy effectiveness and change strategy if
▪ It fails to create / preserve / realize value
▪ Changes in the business context have shifted the level of risk associated with strategy
▪ Required resources / capabilities are not available
▪ Changes in business context makes the strategy no longer feasible
Be aware of bias when evaluating alternative strategies because
Bias may prevent you from selecting the best strategy
Principle 9
Formulate Business Objectives
What are business objectives?
Measurable steps organization takes to support its strategy
What are the measurable steps organization takes to support its strategy
- Must support the strategy
- Must align with Risk Appetite; otherwise too much / little risk
- Non-aligned objectives introduce unnecessary risks & waste resources
- Understand the implications of chosen business objectives
What are the characteristics of business objectives (SMART)?
- Specific
- Measurable
- Attainable
- Relevant
- Time-Bound
Risk Tolerance
Acceptable variation in performance; range of acceptable outcomes within risk appetite
Considerations of Risk Tolerance
▪ Tactical; focus on objectives & performance
▪ Expressed in measurable units
▪ Applied to all business objectives
▪ Implemented throughout the entity
▪ Depending on the significance of business
objectives, tolerance levels may vary
▪ Operating within tolerance level; confidence you
remain within risk appetite
▪ Relationship between cost and tolerance
What do performance targets do
They influence the risk profile of an entity
The Framework provides specific discussions on
forming an objective view, recognizing that there can be positive or negative correlations between risks
The risk performance diagram highlights
- Tolerance and appetite relate to different aspects of enterprise risk management. Tolerance is relative to performance targets, not risk.
- Risks #1 through #3 illustrate the profile view. Appetite needs to consider a broad view of risk, encompassing all risks that impact performance.
- Only in very rare situations would an organization choose to set a performance target, including acceptable levels of variation (tolerance), above the appetite.
