ORA Prelim (M3)

Question 1

Defines how information on risk is communicated throughout the org

is the RM and arrangements of an Org; Lines of communication for reporting on RM issues

Includes:
commitee structure, roles and responsi, reporting reqs

Answer 1

Risk Architecture

Question 2

Defines the overall objectives that the org is trying to achieve with respect to risk management

Includes Philosophy, arrangements, appetite and attitude to risk, benchmark tests, assessement techniques, risk priorities

Answer 2

risk strategy

Question 3

are the systemes, standards, and procedures that are put in place in order to fulfill the defined risk strategy

Includes:
Training and communication, R. Clasification, assessment procedures, control rules and procedure, responding to incidents

Answer 3

risk protocols

Question 4

Per ______, RM framework should include the objectives, mandate and comitment to accountabilities, resources, processess, and activities, and that the framework should be embeded within the org’s overall stratefgic and operational policies and practices

Answer 4

BS 31100

Question 5

Needs to be set out in RM policy statement of the org

its important components is that there is rm input into STOC compliance processes of the org.

Answer 5

RM strategy

Question 6

Are procedures and protocols for undertaking the assesment of risks to strategy, proejcts, and operations in an org

Provide guidance on the freq and nature of risk reports and who is responsible for compiling

Answer 6

RM Protocols

Question 7

5 Components of RM Protocols include:

Answer 7

I. R Assessment Procedures

II. R Control objectives

III. R Resourcing Arrangement

IV. Reaction Planning Requirements

V. R Assurance systems

Question 8

read only

I. R Assessment Procedures
— Gov Procedures, Respons to R., Proced for strat and budgets

II. R Control objectives
— Brand mgmt, healt & safety; environment; Contract rm

III. R Resourcing Arrangement
— Opport mgmt, resource allocation, insurance and captive insurane

IV. Reaction Planning Requirements
— Loss and claims mgmt, disaster and recovery

V. R Assurance systems
— Risk reg, RM committee, self cert

Answer 8

k

Question 9

— list of RM records that should be kept on file

Answer 9

RM Documentations

These should be kept for decision making, advice for managers, provide auditors controls have been implemented

Question 10

Read only

Importance of Records management

— Reduce time
— Sharing of info
— reduce duplic of info
— Supports RM and Business continuity planning

Answer 10

k

Question 11

4 types of RM Docs

Answer 11

I. R governance
II. R Response
III. Event Reports
IV R Performance

Question 12

Docs that include RM policies, procedures, protocols, and guidelines

Answer 12

RM Manual

Question 13

What should RM Manual include?

Give 14

Answer 13

– RM and Internal Objectives
(4) R Strategy, Archi, and Assessment, protocols
– Desc of control environment
– Level and nature of risk that is acceptable
– arrangements for communicating risk info
— R mitigation reqs and control mechs
— Criteria for monitoring and benchmarking risks
— Allocation of appropriate resources
— R priorities and performance targets
— RM calendar

Question 14

Guidelines in Creating the Common Risk Language (FICS)

Answer 14

Focused
Impact
Concise
Standard Format

Question 15

RM Responsibilities for ____:

• Determine strat approach to risk
• ESTABLISH the structure for risk management
• Understand the most significant risks
• Consider the risk implications of poor decisions
• Manage the organization in a crisis

Answer 15

CEO

Question 16

RM Responsibilities for ____:

• Build risk-aware culture within the location
• Agree risk management performance targets for the location
• Evaluate reports from employees on risk management matters
• Ensure implementation of risk improvement recommendations
• Identify and report changed circumstances/risks

Answer 16

Location Manager

Question 17

RM Responsibilities for ____:

• Understand, accept and implement RM processes
• Report inefficient, unnecessary or unworkable controls
• Report loss events and near-miss incidents
  ■ Cooperate with management on incident investigations
• Ensure that visitors and contractors comply with procedures

Answer 17

Indiv Employees

Question 18

RM Responsibilities for ____:

• Develop the risk management policy and keep it up-to-date
  ■ Facilitate a risk-aware culture within the organization
• Establish internal risk policies and structures
• Coordinate the risk management activities
• Compile risk information and prepare reports for the board

Answer 18

Risk manager

Question 19

RM Responsibilities for ____:

• Assist the company in establishing specialist risk policies
• Develop specialist contingency and recovery plans
  Keep up-to-date with developments in the specialist area
• Support investigations of incidents and near misses
• Prepare detailed reports on specialist risks

Answer 19

Specialist RM Functions

Question 20

RM Responsibilities for ____:

• Develop a risk-based internal audit program
• Audit the risk processes across the organization
• Provide assurance on the management of risk
• Support and help develop the risk management processes
  Report on the efficiency and effectiveness of internal controls

Answer 20

Audit Manager

Question 21

RM Responsibilities for ____:

plays a key part in bringing together disparate risk management processes to ensure that limited company resources are applied effectively. The COSO ERM Framework defines their rols as working with other managers to establish effective risk management, monitoring progress, and assisting other managers in reporting relevant risk information up, down and across the organization.

Answer 21

CRO

Question 22

Risk aware culture is achived by LILAC.

WHAT IS LILAC

Answer 22

Leadership
Involvement
Learning
Accountability
Communication

Question 23

Means by which an org receives reasonable assurance that the sig risks are controlled

Audit committe seek assurance that all sig risks are being managemed and that controls have been implemented

Answer 23

Risk Assurance

Benefits:
■ Builds confidence with stakeholders;
* Provides reassurance to sponsors and financiers;
■ Demonstrates good practice to regulators;
* Prevents financial and other surprises;
■ Reduces the chances of damage to reputation;
* Encourages the risk culture within the organization;
* Allows more secure delegation of authority.

Question 24

5 Sources of Risk Assurance

• ____ by use of a recognized framework such as CoCo or COSO in order to gain a quantitative evaluation of the control environment.
• ____ - produced by internal audit and external auditors on a range of issues including risk assessment, implementation, compliance and training.
• _____ on such issues as risk performance indicators, CRSA, response to audit recommendations and reports on incidents that have occurred.
• _____ - on risk-related issues, losses, significant weaknesses in control measures and details of any material losses suffered by the unit
• _____ on topics such as the risk management policy, health and safety policy, business continuity plans and disaster recovery plans.

Answer 24

• Culture measurement
• audit reports
• unit reports
• performance of the unit
• unit documentation

Question 25

A _________________ is a wholly owned subsidiary insurer formed to provide risk mitigation services for its parent company or related entities

Answer 25

captive insurance company