Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CMA - Financial Decision Making > Risk Management > Flashcards

Risk Management Flashcards

1
Q

What are the 4 types of risk?

Risk management

A

The 4 types of risk are as follows:

  1. Hazard risks
  2. Financial risks
  3. Operational risks
  4. Strategic risks
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are Hazard risks?

Risk management

A

Hazard risks are risks that are insurable (i.e. natural disasters, the incapacity or death of senior officers, sabotage and terrorism

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are Financial risks?

Risk management

A

Financial risks encompass interest-rate risk, exchange-rate risk, commodity risk, credit risk, liquidity risk and market risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are Operational risks?

Risk management

A

Operational risks are the risks related to the enterprise’s ongoing, everyday operations

Operational risk is the risk of loss from inadequate or failed internal processes, people and systems

These failures can relate to:

a. Human resource (i.e. inadequate hiring or training practices)
b. Business processes (poor internal controls)
c. Product failure (customer ill will, lawsuits)
d. Occupational safety and health incidents
e. Environmental damage and business continuity (power outages, natural disasters)

Operational risk includes:

a. Legal risk (making the enterprise subject to civil or criminal penalties)
b. Compliance risk (the risk that processes will not be carried out in accordance with best practices)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are Strategic risks?

Risk management

A

Strategic risks include global economic risk, political risk and regulatory risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the relationship between volatility and time?

Risk management

A

Anytime uncertainty increases, risk increases

Thus, as the volatility or duration of a project or investment increases, so does the associated risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the concept of capital adequacy?

Risk management

A

Capital adequacy is a term normally used in connection with financial institutions. A bank must be able to pay those depositors that demand their money on a given day and still be able to make new loans

Capital adequacy can be discussed in terms:

a. Solvency (the ability to pay long-term obligations as they mature)
b. Liquidity (the ability to pay for day-to-day ongoing operations)
c. Reserves (the specific amount a bank must have on hand to pay depositors) or sufficient capital

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

How can risk be quantified?

A

Risk can be quantified as a combination of two factors:

  1. Severity of consequences
  2. Likelihood of occurrence

The expected value of a loss due to a risk exposure can thus be stated numerically as the product of the two factors

The unexpected loss or maximum possible loss is the amount of potential loss that exceeds the expected amount

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is Risk avoidance?

Strategies for risk response

A

Risk avoidance is bringing to an end the activity from which the risk arises (i.e. the risk of having a pipeline sabotaged in an unstable region can be avoided by simply selling the pipeline)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is Risk retention?

Strategies for risk response

A

Risk retention is the acceptance of the risk of an activity by the organization. This term is becoming synonymous with the phrase “self insurance”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is Risk reduction (mitigation)?

Strategies for risk response

A

Risk reduction (mitigation) is the act of lowering the level of risk associated with an activity (i.e. the risk of systems penetration can be reduced by maintaining a robust information security function within the organization)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is Risk sharing?

Strategies for risk response

A

Risk sharing is the offloading of some loss potential to another party

Common examples are the purchase of insurance policies, engaging in hedging operations and entering into joint ventures

It is synonymous with risk transfer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is Risk exploitation?

Strategies for risk response

A

Risk exploitation is the deliberate courting of risk in order to pursue a high return on investment. Examples include the wave of Internet-only businesses that crested in the late 1990s and cutting-edge technologies (such as genetic engineering)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is Residual risk?

A

Residual risk is the risk of an activity remaining after the effects or any avoidance, sharing or mitigation strategies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is Inherent risk?

A

Inherent risk is the risk of an activity that arises from the activity itself (i.e. uranium prospecting is inherently riskier than retailing)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are the benefits of risk management?

A

The benefits of risk management are as follows:

  1. Efficient use of resources - only after risks are identified can resources be directed toward those with the greatest exposure
  2. Fewer surprises - after a comprehensive, organization-wide risk assessment has been performed, the odds that an incident that has never been considered will arise are greatly reduced
  3. Reassuring investors - corporations with strong risk management functions will probably have a lower cost of capital
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What are the key steps in the risk management process?

A

The key steps in the risk management process are as follows:

  1. Identify risks
  2. Assess risks
  3. Prioritize risks
  4. Formulate risk responses
  5. Monitor risk responses
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What does the risk identification step within the risk management process entail?

(Risk management process - Step 1)

A

Step 1 of the risk management process is identify risks

Every risk that could affect the success of the organization must be considered . Note that this does not mean every single risk that is possible (only those that could have an impact on the organization)

Risk identification must be performed for the entire organization, down to its lowest operating units. Some occurrences may be inconsequential for the enterprise as a whole but disastrous for an individual unit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What does the risk assessment step within the risk management process entail?

(Risk management process - Step 2)

A

Step 2 of the risk management process is assess risks

Every risk identified must be assessed as to its probability and potential impact

Not all assessments need be made in quantitative terms. Qualitative terms (i.e. high, medium, low) are sometimes useful

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What does the risk prioritization step within the risk management process entail?

(Risk management process - Step 3)

A

Step 3 of the risk management process is prioritize risks

In large and/or complex organizations, top management may appoint an ERM committee to review the risks identified by the various operating units and create a coherent response plan

The committee must include persons who are competent to make these judgments and are in a position to allocate the resources for adequate risk response (i.e. chief operating officer, chief audit officer, chief information officer)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What does the risk response formulation step within the risk management process entail?

(Risk management process - Step 4)

A

Step 4 of the risk management process is formulate risk responses

The ERM committee proposes adequate response strategies. Personnel at all levels of the organization must be made aware of the importance of the risk response appropriate to their levels

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What does the risk monitoring response step within the risk management process entail?

(Risk management process - Step 5)

A

Step 5 of the risk management process is monitor risk responses

The two most important sources of information for ongoing assessments of the adequacy of risk responses (and the changing nature of the risks themselves) are:

  1. Those closest to the activities themselves. The manager of an operating unit is in the best position to monitor the effects of the chosen risk response strategies
  2. The audit function. Operating managers may not always be objective about the risks facing their units (especially if they had a stake in designing a particular response strategy). Analyzing risks and responses are among the normal duties of internal auditors
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What is Risk appetite?

A

The degree of willingness of upper management to accept risk is termed the organization’s risk appetite

If top management has a low appetite for risk, the risk response strategies adopted will be quite different from those of an organization whose management is willing to accept a high level of risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What is an insurance policy?

A

An insurance policy is a contract that shifts the risk of financial loss caused by certain specified occurrences from the insured to the insurer in exchange for a periodic payment called a premium

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

What does liability insurance provides an organization?

A

Liability insurance provides an organization with financial protection against damage caused to consumers by faulty products or injury to persons suffered on the organization’s premises

26
Q

What is hazard insurance?

A

Hazard insurance is the same as homeowner’s or automobile driver’s insurance. It protects the organization against damage caused to its facilities by accident or natural disaster

27
Q

What are qualitative risk assessment tools?

A

Precise numeric quantification of risk is not necessarily required to have a sound risk management structure

Qualitative tools are crucial for upper and operational management to describe the risks they face

The following are key qualitative risk assessment tools:

  1. Risk identification
  2. Risk ranking
  3. Risk mapping
28
Q

What does Risk identification within qualitative risk assessment entail?

(Qualitative risk assessment tools)

A

Risk identification - the very first step in the process does not lend itself to quantitative techniques. Intuitive and thought-provoking methods are required to identify all the areas of organizational vulnerability

The first round of risk identifications can begin with a simple question to management at all levels: What aspects of the organization keep you up at night?

A list of generic risk areas can be distributed to inspire managers about possible points of vulnerability in their domains (foreign exchange risk, supply chain risk, regulatory risk, competitive risk, computer hacker risk, etc.)

A brainstorming session among managers is a simple technique to get the risk identification process started

29
Q

What does Risk ranking within qualitative risk assessment entail?

(Qualitative risk assessment tools)

A

Risk ranking is also necessary an intuitive process. Managers have a “feel” for how much risk a given vulnerability presents to their domains

30
Q

What does Risk mapping within qualitative risk assessment entail?

(Qualitative risk assessment tools)

A

Risk mapping is a visual tool for depicting relative risks. The probabilities of the identified events can be graphed on one axis and the severity of the consequences on the other

31
Q

What is the Value at risk (VaR) technique?

Quantitative risk assessment tools

A

Value at risk (VaR) is a technique that employs the statistical phenomenon known as the normal distribution (bell curve)

The potential gain or loss resulting from a given occurrence can be determined with statistical precision

32
Q

What is the Cash flow at risk technique?

Qualitative risk assessment tools

A

Cash flow at risk and earnings at risk are identical in application to Var. The difference between them is that the dollar amount in question is cash flow or accrual-basis earnings, respectively

33
Q

What is the Earnings distributions technique?

Qualitative risk assessment tools

A

Earnings distributions (in total or on a per-share basis) are also applications of statistical techniques. Just as in the value-at-risk plot, the potential returns are plotted on the x-axis and the probabilities on the y-axis

However, earnings distributions are unlikely to be symmetrical. A skewed distribution is more typical

34
Q

What is the COSO framework definition of risk?

A

Risk is the possibility that an event will occur and adversely affect the achievement of objectives

35
Q

What is the COSO framework definition of risk management?

A

Risk management at any level of the organization is designed to identify potential events that may affect the entity, manage risk to be within its risk appetite and to provide reasonable assurance regarding the achievement of entity objectives

36
Q

What is the COSO framework definition of risk management applied to an enterprise as a whole?

A

Risk management applied to the enterprise as a whole can be defined as follows:

Enterprise risk management is a process, effected by an entity’s board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity and manage risk to be within its risk appetite to provide reasonable assurance regarding the achievement of entity objectives

37
Q

What is the objective of Enterprise Risk Management (ERM)?

A

The objective of an ERM program is quite simply to assist the organization in achieving its existing strategic, operational, reporting and compliance objectives

38
Q

What are the four categories that risk must be identified and managed?

A

Risk must be identified and managed in all four of these categories:

  1. Strategic - these are the high-level goals that map out the entity’s pursuit of its mission statement
  2. Operational - these are the entity’s goals concerning the efficient and effective deployment of its resources
  3. Reporting - the entity must have reasonable assurance that its external (and internal) reports are free of material misstatement
  4. Compliance - the entity must comply with applicable laws and regulations
39
Q

What are the eight interrelated components of an ERM program according to the COSO Framework?

A

The COSO Framework identifies 8 interrelated components of an ERM program:

  1. Internal environment
  2. Objective setting
  3. Event identification
  4. Risk assessment
  5. Risk response
  6. Control activities
  7. Information & Communication
  8. Monitoring
40
Q

What does the Internal environment COSO framework component of an ERM program entail?

(COSO Framework - ERM program component)

A

Internal environment - management sets a philosophy regarding risk and establishes a risk appetite. The internal environment sets the basis for how risk and control are viewed and addressed by an entity’s people

The core of any business is its people - their individual attributes, including integrity, ethical values and competence - and the environment in which they operate

41
Q

What does the Objective setting COSO framework component of an ERM program entail?

(COSO Framework - ERM program component)

A

Objective setting - objectives must exist before management can identify potential events affecting their achievement

Enterprise risk management ensures that management has in place a process to set objectives and that the chosen objectives support and align with the entity’s mission and are consistent with its risk appetite

42
Q

What does the Event identification COSO framework component of an ERM program entail?

(COSO Framework - ERM program component)

A

Event identification - potential events that might have an impact on the entity must be identified. Event identification involves identifying potential events from internal or external sources affecting achievement of objectives

It includes distinguishing between events that represent risks, those representing opportunities and those that may be both

Opportunities are channeled back to management’s strategy or objective-setting processes

43
Q

What does the Risk assessment COSO framework component of an ERM program entail?

(COSO Framework - ERM program component)

A

Risk assessment - identified risks are analyzed in order to form a basis for determining how they should be managed. Risk are associated with objectives that my be affected

Risks are assessed on both an inherent and a residual basis, with the assessment considering both risk likelihood and impact

44
Q

What does the Risk response COSO framework component of an ERM program entail?

(COSO Framework - ERM program component)

A

Risk response - personnel identify and evaluate possible responses to risks, which include avoiding, accepting, reducing and sharing risk

Management selects a set of actions to align risks with the entity’s risk tolerances and risk appetite

45
Q

What does the Control activities COSO framework component of an ERM program entail?

(COSO Framework - ERM program component)

A

Control activities - policies and procedures are established and executed to help ensure the risk responses management selects are effectively carried out

46
Q

What does the Information & Communication COSO framework component of an ERM program entail?

(COSO Framework - ERM program component)

A

Information and Communication - relevant information is identified, captured and communicated in a form and timeframe that enable people to carry out their responsibilities

Information is needed at all levels of an entity for identifying, assessing and responding to risk

Effective communication also occurs in a broader sense, flowing down, across and up the entity. Personnel receive clear communications regarding their role and responsibilities

47
Q

What does the Monitoring COSO framework component of an ERM program entail?

(COSO Framework - ERM program component)

A

Monitoring - the entirety of enterprise risk management is monitored and modifications made as necessary. In this way, it can react dynamically, changing as conditions warrant

Monitoring is accomplished through ongoing management activities, separate evaluations of enterprise risk management or a combination of the two

48
Q

What are the benefits of adopting an ERM program according to the COSO framework?

A

The COSO Framework lists 3 significant benefits accruing to an organization that adopts an ERM program:

  1. Reducing operational surprises and losses - entities gain enhanced capability to identify potential events and establish responses, reducing surprises and associated costs or losses
  2. Seizing opportunities - by considering a full range of potential events, management is positioned to identify and proactively realize opportunities
  3. Improving deployment of capital - obtaining robust risk information allows management to effectively assess overall capital needs and enhance capital allocation
49
Q

How is an event defined according to the COSO Framework?

A

According to the COSO Framework, an event is an incident or occurrence emanating from internal or external sources that affects implementation of strategy or achievement of objectives

Events may have positive or negative impact, or both. Events with a positive impact are considered opportunities, those with negative impact are risks

50
Q

What does the COSO Framework say about methods of identifying risks?

A

The COSO Framework say’s the following about methods of identifying risks:

An entity’s event identification methodology may comprise a combination of techniques, together with supporting tools (i.e. management may use interactive group workshops as part of its event identification methodology, with a facilitator employing any of a variety of technology-based tools to assist participants)

Event identification techniques look to both the past and the future. Techniques that focus on past events and trends consider such matters as payment default histories, changes in commodity prices and lost-time accidents

Techniques that focus on future exposures consider such matters as shifting demographics, new market conditions and competitor actions

51
Q

What are the Specific event identification techniques according to the COSO Framework?

A

Specific event identification techniques include the following:

  1. Event inventories
  2. Internal analysis
  3. Escalation or threshold triggers
  4. Facilitated workshops and interviews
  5. Process flow analysis
  6. Leading event indicators
  7. Loss event data methodologies
52
Q

What does the Event inventories specific event identification technique entail?

(COSO Framework - Specific event identification technique)

A

Event inventories - these are detailed listings of potential events common to companies within a particular industry or to a particular process or activity common across industries

Software products can generate relevant lists of generic potential events, which some entities use as a starting point for event identification (i.e. a company undertaking a software development project draws on an inventory detailing generic events related to software development projects

53
Q

What does the Internal analysis specific event identification technique entail?

(COSO Framework - Specific event identification technique)

A

Internal analysis - this may be done as part of a routine business planning cycle process (typically via a business unit’s staff meetings)

Internal analysis sometimes utilizes information from other stakeholders (customers, suppliers, other business units) or subject matter expertise outside the unit (internal or external functional experts or internal audit staff)

For example: a company considering introduction of a new product utilizes its own historical experience, along with external market research identifying events that have affected the success of competitors’ products

54
Q

What does the Escalation or threshold triggers specific event identification technique entail?

(COSO Framework - Specific event identification technique)

A

Escalation or threshold triggers - these triggers alert management to areas of concern by comparing current transactions (or events) with predefined criteria

Once triggered, an event may require further assessment or an immediate response (i.e. a company’s management monitors sales volume in markets targeted for new marketing or advertising programs and redirects resources based on results)

Another company’s management tracks competitors’ pricing structures and considers changes in its own prices when a specified threshold is met

55
Q

What does the Facilitated workshops & interviews specific event identification technique entail?

(COSO Framework - Specific event identification technique)

A

Facilitated workshops and interviews - these techniques identify events by drawing on accumulated knowledge and experience of management, staff and other stakeholders through structured discussions

The facilitator leads a discussion about events that may affect achievement of entity or unit objectives

For example: A financial controller conducts a workshop with members of the accounting team to identify events that have an impact on the entity’s external financial reporting objectives. By combining the knowledge and experience of team members, important events are identified that otherwise might be missed

56
Q

What does the Process flow analysis specific event identification technique entail?

(COSO Framework - Specific event identification technique)

A

Process flow analysis - this technique considers the combination of inputs, tasks, responsibilities and outputs that combine to form a process

By considering the internal and external factors that affect inputs to or activities within a process, an entity identifies events that could affect achievement of process objectives

For example: a medical laboratory maps its processes for receipt and testing of blood samples. Using process maps, it considers the range of factors that could affect inputs, tasks and responsibilities, identifying risks related to sample labeling, handoffs within the process and personnel shift changes

57
Q

What does the Leading event indicators specific event identification technique entail?

(COSO Framework - Specific event identification technique)

A

Leading event indicators - By monitoring data correlated to events, entities identify the existence of conditions that could give rise to an event

For example: financial institutions have long recognized the correlation between late loan payments and eventual loan default and the positive effect of early intervention

Monitoring payment patterns enables the potential for default to be mitigated by timely action

58
Q

What does the Loss event data methodologies specific event identification technique entail?

(COSO Framework - Specific event identification technique)

A

Loss event data methodologies - repositories of data on past individual loss events are a useful source of information for identifying trends and root causes

Once a root cause has been identified, management may find that it is more effective to assess and treat it than to address individual events

For example: a company operating a large fleet of automobiles maintains a database of accident claims and through analysis finds that a disproportionate percentage of accidents, in number and monetary amount are linked to staff drivers in particular units, geographies and age bracket

This analysis equips management to identify root causes of events and take action

59
Q

How was risk management perceived prior to enterprise risk management (ERM)?

A

Before the arrival of ERM, risk management was perceived as simply another line function, concerned only with the adequacy of the organization’s hazard and liability insurance

With risk management recognized as an enterprise-wide function, corporate governance becomes crucial. Each enterprise should establish a risk committee that reports to the board of directors and name a chief risk officer (CRO). The internal audit function must participate in any effective ERM program

60
Q

What is risk analytics?

A

Risk analytics is the use of software tools to calculate risk exposures based on user input. Portfolio management is an important tool in addressing financial risk

61
Q

What guidance does the COSO Framework provide as to preparing a cost-benefit analysis?

A

The application techniques portion of the COSO framework provides the following guidance on preparing a cost-benefit analysis:

Virtually every risk response will incur some direct or indirect cost that is weighted against the benefits it creates. The initial cost to design and implement a response (processes, people and technology) is considered, as is the cost to maintain the response on an ongoing basis

The costs (and associated benefits) can be measured quantitatively or qualitatively, with the unit of measure typically consistent with that used in establishing the related objective and risk tolerance

CMA - Financial Decision Making (53 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions