Random abbreviations or key terms Flashcards

1
Q

Attributes of a risk classification system

A

Combination of event / source, impact/consequences categories

They help orgs define the scope of RM, providing a structure for risk identification and giving an opportunities to aggregate similar kinds of risks

They help orgs to better identify risk appetite, risk capacity and total risk exposure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Consequence of people having different risk perceptions

A

Significance of some risk may be incorrectly determined

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What determines an organisations attitude to risk

A

Maturity of an organisation. Seen in the different attitudes of start ups compared to mature organisations

And the area of activity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Highest level of rM is related to what

A

Achievement of benefits (perform stage)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Three things necessary to evaluate the effectiveness of controls of an inherent risk

A

Inherent and current level of risk
A measure for the inherent / current levels = likelihood or impact scales

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Responsibilities of the RM committee

A

Advise the Board on RM and to make recommendations on all things risk and policies related to this

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Risk management process (H&T) STEPS

A
  • Identifying, analysis, evaluating, treating, monitoring and review
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Upside of risk

A

The org will be able to undertake activities that it would not otherwise have the appetite that it would not otherwise have the appetite to undertake

The ability to pursue a business opportunity that competitions would be unwilling to embrace

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What does a demanding market require

A

Agility to gain competitive advantage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

The Co13 coso internal control framework replace what framework and what year was it created

A

1992

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

ICFR

A

Internal control over financial reporting

SOX act mandates that US listed companies report on the effective’s of their ICFR using a framework (COSO)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is the corporate governance more concerned with, internal control or risk management

A

Internal control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A internal control framework used by UK listed companies and an alternative to COSO

A

FRC internal control framework (2014)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Internal control

A

SCOR objectives not STOC

The challenges and risks orgs face, without internal control, may threaten a health care organization’s operational, compliance and reporting objectives

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

COSO (2013) definition of internal control

A

The set of standards, policies, procedures, processes, and structures etc. used to carry out internal control by an org

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

5 components of COSO (2013) framework

A

1) Control environment
2) Risk assessment = risks are evaluated and a decision made whether and how to respond to manage the impact of the risk
3) Control activities = actions that support the management of risks to ensure the achievement of objectives
4) Information and communication = info has to be gathered from internal and external sources to support internal controls (ie. Ensure they are up to date, what the control is actually responding to). Communication is used to disseminate info as needed to respond to and meet requirements
5) Monitoring activities = period reviews / evaluations to evaluate the effectiveness of the controls.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Definition of entity level controls (according to SEC)

A

These are controls that have a pervasive effect on the entity’s system of internal control, such as high level controls related tot he whole control environment.

This is important when changing / implementing a control framework as the maturity / existing maturity of the entity-level control structure will affect the assessment of risks and associated results.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Risk and control matrix

A

A document that identifies all internal controls in the process in addition to specific descriptions and category attributes relating to the control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Remediation plan

A

Action to change a risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Risk based decision making is part of what context; internal, external or risk management

A

Internal

21
Q

Long term consequences are related to what parts of an org

A

STOC

22
Q

Core processes relate to what part of an org

A

SCOR

23
Q

Coso internal cube (2013) definition of internal control

A

Focus on the objectives that internal control contributes to

Internal control is the process effected by the Board of directors, management and other staff, designed to provide reasonable assurance regarding the achievement of the following categories of objectives: efficiency and effectiveness of operations, reliability of reporting, and compliance with regs and laws

24
Q

Coco (1995) definition of internal control

A

Focus on the components / criteria (like in the name) of internal control

Internal control is all the elements of the org that support people int he achievement of the orgs objectives. The elements includes resources, systems, procedures, culture, structure and TASKS.

25
Q

IIA definition of internal control

A

Internal control is a set of processes, functions, activities, sub systems and people who are either grouped or consciously segregated to ensure the achievement of an orgs objectives!

26
Q

Business impact analysis

A

Analysis to assess the potential damage, loss or disruption to an organisation that could be caused by the failure of one of its core business processes or functions.

It identifies and prioritises the most critical functions of an org which is critical for BCP, suggesting where resources should be invested

27
Q

Business model

A

CORR

Customer offering that utilises resources and underpinned by resilience

Customer offering = what and how a org delivers services and or products. Therefore, risks attach to this

28
Q

Business objectives

A

Separate to strategic ones

Based on the annual budget of an org and shaped by the business model.

Most common risks associated with business objectives are the robustness and efficiency of the business model

29
Q

Tactics

A

How to org will get to the strategy

Tactics ensure that effective and efficient core process deliver the desired outcomes in the most cost effective manner

30
Q

What is the desired state of an organisation in regards to operations

A

The continuity of normal efficient operations with no unplanned disruption

31
Q

What are the four components of reputation

A

CASE
C = capabilities (purpose and resources)
A = activities (processes and finances)
S = standards (services and support)
E = ethics (values and integrity)

32
Q

RIMS definition of ERM

A

Differentiator = ERM is classed as a strategic business discipline

“ERM is a strategic business disciple in that supports the achievement of an org objectives by addressing the full spectrum of its risks and managing the combined impact of those risks as an interrelated risk portfolio”

33
Q

COSO (2017) definition of ERM

A

Focus on strategy

“The culture, capabilities, and practices that orgs integrate with strategy setting and apply when they carry out the strategy, with the purpose of managing risk in creating, preserving and realising value@

34
Q

IIA Definition of ERM

A

Focus on financial risk

“A rigorous and co ordinated approach to assessing and responding to all risks that affect the achievement of an orgs strategic and financial objectives”

35
Q

Orange Book definition of ERM

A

Focus on internal control

“The co ordinated activities designed and operated to manage risks and exercise internal control within an org”

36
Q

GRC

A

Governance, risk and compliance approach.

It is an integrated approach to risk management and assurance based on the 3LOD. It has a overall view that the board is responsible for governance issues across the whole org. Therefore, in looks at the three lines of defence to ensure adequate attention is paid to risk. The NEDS will also look to internal audit to provide assurance on the broad range of compliance issues within the org

37
Q

Risk criteria can literally be the description of likelihood and impact ;

Low likelihood /impact risks is a criteria in itself. It is the description of what low is that is important (e.g., lower than 2 % is a low significance risk). Subsequently, this reflects tolerance levels chosen by the firm (some firms may think that 2% is a high significance)

A

Risk attitude is described by risk criteria

38
Q

ISO Guide 73 definition of risk management

A

Co ordinated activities to direct and control an org in regards to risk

39
Q

IRM definition of rM

A

Process which aims to help organisations understand, evaluate and take action on all their risks with a view to increasing the probability of success and reducing the likelihood of failure

40
Q

HM Treasury (Orange Book) definition of risk

A

The coordinated activities designed and operated to manage risk and exercise internal control within an org

41
Q

LSE definition of rm

A

Selection of those risks a business should take and those that should be avoided or mitigated, followed by action to reduce risk

42
Q

6 Cs of insurance buying

A

Cost, coverage, capacity, capabilities, claims (if a buyer makes a claim they need to ensure that the insurer has the financial security to pay that claim), compliance

43
Q

Captive insurance

A

The insurer is a subsidiary of the Organization it is insuring

44
Q

Sources / risks of operational disruption

A

4 PS

45
Q

Business Process re engineering

A

Approach that ensures that orgs have the most effective processes and operations in place. It does so by identifying stakeholders and their expectations, shaping the core process and operation to achieve these

46
Q

CRSA

A

Control risk self assessment
Provides internal assurance

47
Q

FMEA

A

Failure modes effects analysis
Quantitative analysis technique for the possibility of a risk occurring
Applied to manufacturing operations

48
Q

Governance

A

It is the system by which companies are directed and controlled. This system is made up of plans, priorities, authorities and accountabilities, aswell as oversight over decision making and performance. RM has to be an essential part of these components