Random abbreviations or key terms Flashcards
Attributes of a risk classification system
Combination of event / source, impact/consequences categories
They help orgs define the scope of RM, providing a structure for risk identification and giving an opportunities to aggregate similar kinds of risks
They help orgs to better identify risk appetite, risk capacity and total risk exposure
Consequence of people having different risk perceptions
Significance of some risk may be incorrectly determined
What determines an organisations attitude to risk
Maturity of an organisation. Seen in the different attitudes of start ups compared to mature organisations
And the area of activity
Highest level of rM is related to what
Achievement of benefits (perform stage)
Three things necessary to evaluate the effectiveness of controls of an inherent risk
Inherent and current level of risk
A measure for the inherent / current levels = likelihood or impact scales
Responsibilities of the RM committee
Advise the Board on RM and to make recommendations on all things risk and policies related to this
Risk management process (H&T) STEPS
- Identifying, analysis, evaluating, treating, monitoring and review
Upside of risk
The org will be able to undertake activities that it would not otherwise have the appetite that it would not otherwise have the appetite to undertake
The ability to pursue a business opportunity that competitions would be unwilling to embrace
What does a demanding market require
Agility to gain competitive advantage
The Co13 coso internal control framework replace what framework and what year was it created
1992
ICFR
Internal control over financial reporting
SOX act mandates that US listed companies report on the effective’s of their ICFR using a framework (COSO)
What is the corporate governance more concerned with, internal control or risk management
Internal control
A internal control framework used by UK listed companies and an alternative to COSO
FRC internal control framework (2014)
Internal control
SCOR objectives not STOC
The challenges and risks orgs face, without internal control, may threaten a health care organization’s operational, compliance and reporting objectives
COSO (2013) definition of internal control
The set of standards, policies, procedures, processes, and structures etc. used to carry out internal control by an org
5 components of COSO (2013) framework
1) Control environment
2) Risk assessment = risks are evaluated and a decision made whether and how to respond to manage the impact of the risk
3) Control activities = actions that support the management of risks to ensure the achievement of objectives
4) Information and communication = info has to be gathered from internal and external sources to support internal controls (ie. Ensure they are up to date, what the control is actually responding to). Communication is used to disseminate info as needed to respond to and meet requirements
5) Monitoring activities = period reviews / evaluations to evaluate the effectiveness of the controls.
Definition of entity level controls (according to SEC)
These are controls that have a pervasive effect on the entity’s system of internal control, such as high level controls related tot he whole control environment.
This is important when changing / implementing a control framework as the maturity / existing maturity of the entity-level control structure will affect the assessment of risks and associated results.
Risk and control matrix
A document that identifies all internal controls in the process in addition to specific descriptions and category attributes relating to the control
Remediation plan
Action to change a risk