Random abbreviations or key terms

Question 1

Attributes of a risk classification system

Answer 1

Combination of event / source, impact/consequences categories

They help orgs define the scope of RM, providing a structure for risk identification and giving an opportunities to aggregate similar kinds of risks

They help orgs to better identify risk appetite, risk capacity and total risk exposure

Question 2

Consequence of people having different risk perceptions

Answer 2

Significance of some risk may be incorrectly determined

Question 3

What determines an organisations attitude to risk

Answer 3

Maturity of an organisation. Seen in the different attitudes of start ups compared to mature organisations

And the area of activity

Question 4

Highest level of rM is related to what

Answer 4

Achievement of benefits (perform stage)

Question 5

Three things necessary to evaluate the effectiveness of controls of an inherent risk

Answer 5

Inherent and current level of risk
A measure for the inherent / current levels = likelihood or impact scales

Question 6

Responsibilities of the RM committee

Answer 6

Advise the Board on RM and to make recommendations on all things risk and policies related to this

Question 7

Risk management process (H&T) STEPS

Answer 7

• Identifying, analysis, evaluating, treating, monitoring and review

Question 8

Upside of risk

Answer 8

The org will be able to undertake activities that it would not otherwise have the appetite that it would not otherwise have the appetite to undertake

The ability to pursue a business opportunity that competitions would be unwilling to embrace

Question 9

What does a demanding market require

Answer 9

Agility to gain competitive advantage

Question 10

The Co13 coso internal control framework replace what framework and what year was it created

Answer 10

1992

Question 11

ICFR

Answer 11

Internal control over financial reporting

SOX act mandates that US listed companies report on the effective’s of their ICFR using a framework (COSO)

Question 12

What is the corporate governance more concerned with, internal control or risk management

Answer 12

Internal control

Question 13

A internal control framework used by UK listed companies and an alternative to COSO

Answer 13

FRC internal control framework (2014)

Question 14

Internal control

Answer 14

SCOR objectives not STOC

The challenges and risks orgs face, without internal control, may threaten a health care organization’s operational, compliance and reporting objectives

Question 15

COSO (2013) definition of internal control

Answer 15

The set of standards, policies, procedures, processes, and structures etc. used to carry out internal control by an org

Question 16

5 components of COSO (2013) framework

Answer 16

1) Control environment
2) Risk assessment = risks are evaluated and a decision made whether and how to respond to manage the impact of the risk
3) Control activities = actions that support the management of risks to ensure the achievement of objectives
4) Information and communication = info has to be gathered from internal and external sources to support internal controls (ie. Ensure they are up to date, what the control is actually responding to). Communication is used to disseminate info as needed to respond to and meet requirements
5) Monitoring activities = period reviews / evaluations to evaluate the effectiveness of the controls.

Question 17

Definition of entity level controls (according to SEC)

Answer 17

These are controls that have a pervasive effect on the entity’s system of internal control, such as high level controls related tot he whole control environment.

This is important when changing / implementing a control framework as the maturity / existing maturity of the entity-level control structure will affect the assessment of risks and associated results.

Question 18

Risk and control matrix

Answer 18

A document that identifies all internal controls in the process in addition to specific descriptions and category attributes relating to the control

Question 19

Remediation plan

Answer 19

Action to change a risk

Question 20

Risk based decision making is part of what context; internal, external or risk management

Answer 20

Internal

Question 21

Long term consequences are related to what parts of an org

Answer 21

STOC

Question 22

Core processes relate to what part of an org

Answer 22

SCOR

Question 23

Coso internal cube (2013) definition of internal control

Answer 23

Focus on the objectives that internal control contributes to

Internal control is the process effected by the Board of directors, management and other staff, designed to provide reasonable assurance regarding the achievement of the following categories of objectives: efficiency and effectiveness of operations, reliability of reporting, and compliance with regs and laws

Question 24

Coco (1995) definition of internal control

Answer 24

Focus on the components / criteria (like in the name) of internal control

Internal control is all the elements of the org that support people int he achievement of the orgs objectives. The elements includes resources, systems, procedures, culture, structure and TASKS.

Question 25

IIA definition of internal control

Answer 25

Internal control is a set of processes, functions, activities, sub systems and people who are either grouped or consciously segregated to ensure the achievement of an orgs objectives!

Question 26

Business impact analysis

Answer 26

Analysis to assess the potential damage, loss or disruption to an organisation that could be caused by the failure of one of its core business processes or functions.

It identifies and prioritises the most critical functions of an org which is critical for BCP, suggesting where resources should be invested

Question 27

Business model

Answer 27

CORR

Customer offering that utilises resources and underpinned by resilience

Customer offering = what and how a org delivers services and or products. Therefore, risks attach to this

Question 28

Business objectives

Answer 28

Separate to strategic ones

Based on the annual budget of an org and shaped by the business model.

Most common risks associated with business objectives are the robustness and efficiency of the business model

Question 29

Tactics

Answer 29

How to org will get to the strategy

Tactics ensure that effective and efficient core process deliver the desired outcomes in the most cost effective manner

Question 30

What is the desired state of an organisation in regards to operations

Answer 30

The continuity of normal efficient operations with no unplanned disruption

Question 31

What are the four components of reputation

Answer 31

CASE
C = capabilities (purpose and resources)
A = activities (processes and finances)
S = standards (services and support)
E = ethics (values and integrity)

Question 32

RIMS definition of ERM

Answer 32

Differentiator = ERM is classed as a strategic business discipline

“ERM is a strategic business disciple in that supports the achievement of an org objectives by addressing the full spectrum of its risks and managing the combined impact of those risks as an interrelated risk portfolio”

Question 33

COSO (2017) definition of ERM

Answer 33

Focus on strategy

“The culture, capabilities, and practices that orgs integrate with strategy setting and apply when they carry out the strategy, with the purpose of managing risk in creating, preserving and realising value@

Question 34

IIA Definition of ERM

Answer 34

Focus on financial risk

“A rigorous and co ordinated approach to assessing and responding to all risks that affect the achievement of an orgs strategic and financial objectives”

Question 35

Orange Book definition of ERM

Answer 35

Focus on internal control

“The co ordinated activities designed and operated to manage risks and exercise internal control within an org”

Question 36

GRC

Answer 36

Governance, risk and compliance approach.

It is an integrated approach to risk management and assurance based on the 3LOD. It has a overall view that the board is responsible for governance issues across the whole org. Therefore, in looks at the three lines of defence to ensure adequate attention is paid to risk. The NEDS will also look to internal audit to provide assurance on the broad range of compliance issues within the org

Question 37

Risk criteria can literally be the description of likelihood and impact ;

Low likelihood /impact risks is a criteria in itself. It is the description of what low is that is important (e.g., lower than 2 % is a low significance risk). Subsequently, this reflects tolerance levels chosen by the firm (some firms may think that 2% is a high significance)

Answer 37

Risk attitude is described by risk criteria

Question 38

ISO Guide 73 definition of risk management

Answer 38

Co ordinated activities to direct and control an org in regards to risk

Question 39

IRM definition of rM

Answer 39

Process which aims to help organisations understand, evaluate and take action on all their risks with a view to increasing the probability of success and reducing the likelihood of failure

Question 40

HM Treasury (Orange Book) definition of risk

Answer 40

The coordinated activities designed and operated to manage risk and exercise internal control within an org

Question 41

LSE definition of rm

Answer 41

Selection of those risks a business should take and those that should be avoided or mitigated, followed by action to reduce risk

Question 42

6 Cs of insurance buying

Answer 42

Cost, coverage, capacity, capabilities, claims (if a buyer makes a claim they need to ensure that the insurer has the financial security to pay that claim), compliance

Question 43

Captive insurance

Answer 43

The insurer is a subsidiary of the Organization it is insuring

Question 44

Sources / risks of operational disruption

Answer 44

4 PS

Question 45

Business Process re engineering

Answer 45

Approach that ensures that orgs have the most effective processes and operations in place. It does so by identifying stakeholders and their expectations, shaping the core process and operation to achieve these

Question 46

CRSA

Answer 46

Control risk self assessment
Provides internal assurance

Question 47

FMEA

Answer 47

Failure modes effects analysis
Quantitative analysis technique for the possibility of a risk occurring
Applied to manufacturing operations

Question 48

Governance

Answer 48

It is the system by which companies are directed and controlled. This system is made up of plans, priorities, authorities and accountabilities, aswell as oversight over decision making and performance. RM has to be an essential part of these components