Module 4 - Quiz 2 (pt2)

Question 1

Risk Appetite should be reviewed in relation to

Answer 1

how the organization operates

Question 2

Once risk appetite is communicated, management, with Board support, needs to

Answer 2

revisit and reinforce it

Question 3

Risk appetite cannot be set once and then left alone (true or false)

Answer 3

true

Question 4

Management should not monitor activities for consistency with risk appetite (true or false)

Answer 4

false - Management should monitor activities for consistency with risk appetite

Question 5

Risk Appetite Statement examples

Answer 5

• “Company ABC has a low risk appetite relating to safety and compliance objectives and a medium risk appetite for its strategic objectives”
• “University A accepts a moderate risk appetite as it seeks to expand the scope of its offerings and attract new students. University A has a low risk appetite for programs that are not aligned with the University’s mission and vision”

Question 6

Key Relationships for Risk Appetite

Answer 6

• Reflect Mission, Vision, Core Values
• Support execution of Strategy
• Enable Business Objectives

Question 7

Principle 8

Answer 7

Evaluate Alternative Strategies

Question 8

ERM evaluates strategies to ensure

Answer 8

✓ Alignment with mission, vision, and core values
✓ Risk implications of chosen strategies
✓ Identification of misaligned strategies

Question 9

Organizations consider various strategies on
how to achieve their mission and vision while
adhering to core values by

Answer 9

• Assessing risks associated with each strategy
• Assessing opportunities
• Identifying strategy dependencies
• Higher the number of assumptions relating to a strategy, the higher the risk profile
• Determining risk profile of each strategy to size required resources for execution

Question 10

Examples on how to evaluate alternative strategies

Answer 10

• SWOT analysis
• Modeling
• Valuation
• Forecasts
• Scenario analysis
• Competitor analysis

Question 11

Selected strategy MUST be within Risk Appetite (true or false)

Answer 11

true

Question 12

Monitoring progress

Answer 12

Periodically evaluate strategy effectiveness and change strategy if
▪ It fails to create / preserve / realize value
▪ Changes in the business context have shifted the level of risk associated with strategy
▪ Required resources / capabilities are not available
▪ Changes in business context makes the strategy no longer feasible

Question 13

Be aware of bias when evaluating alternative strategies because

Answer 13

Bias may prevent you from selecting the best strategy

Question 14

Principle 9

Answer 14

Formulate Business Objectives

Question 15

What are business objectives?

Answer 15

Measurable steps organization takes to support its strategy

Question 16

What are the measurable steps organization takes to support its strategy

Answer 16

• Must support the strategy
• Must align with Risk Appetite; otherwise too much / little risk
• Non-aligned objectives introduce unnecessary risks & waste resources
• Understand the implications of chosen business objectives

Question 17

What are the characteristics of business objectives (SMART)?

Answer 17

• Specific
• Measurable
• Attainable
• Relevant
• Time-Bound

Question 18

Risk Tolerance

Answer 18

Acceptable variation in performance; range of acceptable outcomes within risk appetite

Question 19

Considerations of Risk Tolerance

Answer 19

▪ Tactical; focus on objectives & performance
▪ Expressed in measurable units
▪ Applied to all business objectives
▪ Implemented throughout the entity
▪ Depending on the significance of business
objectives, tolerance levels may vary
▪ Operating within tolerance level; confidence you
remain within risk appetite
▪ Relationship between cost and tolerance

Question 20

What do performance targets do

Answer 20

They influence the risk profile of an entity

Question 21

The Framework provides specific discussions on

Answer 21

forming an objective view, recognizing that there can be positive or negative correlations between risks

Question 22

The risk performance diagram highlights

Answer 22

• Tolerance and appetite relate to different aspects of enterprise risk management. Tolerance is relative to performance targets, not risk.
• Risks #1 through #3 illustrate the profile view. Appetite needs to consider a broad view of risk, encompassing all risks that impact performance.
• Only in very rare situations would an organization choose to set a performance target, including acceptable levels of variation (tolerance), above the appetite.