Module 5 - Mid-Term Pt 1

Question 1

COSO ERM: Component 3

Answer 1

Performance

Question 2

Five Principles of Performance

Answer 2

10. Identifies Risk
11. Assesses the Severity of Risk
12. Prioritizes Risk
13. Implements Risk Responses
14. Develops Portfolio View

Question 3

Risk Assessment

Answer 3

The process of identifying, assessing, prioritizing, and responding to risks that can impact an entity’s ability to meet its business objectives

Question 4

The Purpose of Risk Assessment

Answer 4

to assess how big the risks are, individually and collectively, in order to focus management’s attention on the most important threats and opportunities and to lay the groundwork for risk response

Question 5

Risk Identification & Analysis three main steps

Answer 5

(1) Identify (2) Assess (3) Respond

Question 6

Principle 10

Answer 6

Identifies Risk

Question 7

Why identify risks?

Answer 7

• Know which risks can impact an entity’s ability to meet its strategic objectives and its risk profile
• Allow organizations to assess the potential severity of the risks and identify opportunities

Question 8

What are new, emerging, and changing risks and where do they come from?

Answer 8

• Changes in strategy, business objectives, business context, or discovery of a new business context
• Discovery of a new risk that didn’t apply before
• A risk that was known, evolves

Question 9

What are some recent events/trends that could lead to a shift in the risk profile?

Answer 9

• New technologies
• Labor shortages
• Evolving role of big data/data analytics
• Shifts in demographics/lifestyles
• Changes in the political landscape and shifts in social/environmental concerns

Question 10

A variety of tools and techniques to identify risks

Answer 10

• Workshops
• Interviews
• Key Risk Indicators
• Data Tracking
• Cognitive Computing
• Process Analysis

Question 11

The end result of risk identification is

Answer 11

risk inventory

Question 12

Risk inventory

Answer 12

a comprehensive list of relevant risks

Question 13

Two important aspects of risk inventories

Answer 13

1. How you say it matters!
2. Think impact!

Question 14

Principle 11

Answer 14

Assesses Risk Severity

Question 15

Assesses Risk Severity

Answer 15

to understand the severity/impact of each risk on the achievement of strategy/business objectives.

• to focus resources/capabilities on the most significant risks

Question 16

Assesses Risk Severity Key elements

Answer 16

• standardized risk definitions
• severity measures of impact & likelihood
• groups common risks across divisions/functions
  (grouping may impact severity level)
• understand risk interdependencies
• time horizon used to assess business strategy
• Be cognizant of bias

Question 17

Cognitive biases can distort…

Answer 17

the perception of risk in ways that are not always aligned with objective reality, impacting decisions in personal, business, and policy contexts

Question 18

Cognitive Bias leads to two types of things

Answer 18

• Overestimating Risk
• Underestimating Risk

Question 19

Availability Heuristic

Answer 19

People tend to overestimate the likelihood of risks that are more easily recalled or vivid in their memory,
often due to recent exposure to similar events (e.g., news coverage of a plane crash). The more available the information, the higher the perceived risk.

Question 20

Dread Risk Bias

Answer 20

This refers to the tendency to overestimate risks that evoke strong emotions, particularly fear (e.g., terrorism or natural disasters). When people dread an outcome, they assume it is more probable than it actually is.

Question 21

Anchoring Bias

Answer 21

This occurs when individuals rely too heavily on an initial piece of information (the “anchor”) when
estimating risks. If the anchor suggests a high-risk scenario, they may overestimate the likelihood of
that risk occurring.

Question 22

Negativity Bias

Answer 22

People are prone to focus more on negative information than positive, which can lead to
overestimating risks associated with negative outcomes, such as financial losses or disasters.

Question 23

Confirmation Bias

Answer 23

Individuals may seek out and prioritize information that confirms their pre-existing beliefs about certain
risks, leading to an overestimation of risks they are already predisposed to believe in.

Question 24

Zero-risk Bias

Answer 24

This is the preference for the complete elimination of a risk, no matter how small it is, leading to an overestimation of its actual threat in comparison to more probable risks.

Question 25

Types of Overestimating Risk

Answer 25

• Availability Heuristic
• Dread Risk Bias
• Anchoring Bias
• Negativity Bias
• Confirmation Bias
• Zero-risk Bias