Risk Management & Internal Control Flashcards
What is risk?
The chance that future events or results may not be as expected
What is “downside” risk or “pure” risk?
Possibility of loss with no chance of gain
What is speculative risk?
Two-way risk
Actual results can be better or worse than forecasted
What is inherent risk?
A situation where an outcome is inevitable
What is uncertainty?
arises from ignorance and a lack of information
What is political risk?
risk due to political instability
What is legal/litigation risk?
risk that litigation will be brought against the business
What is regulatory risk?
Risk of changes in regulation affecting the business.
What is compliance risk?
risk of non-compliance with the law resulting in fines /penalties, etc.
What is business risk?
the risk businesses face due to the nature of their operations and products.
What is strategic risk?
Risk that business strategies will fail
What is product risk?
Risk of failure of new product launches/loss of interest in existing products
What is commodity price risk
Risk of a raise in commodity prices i.e. oil
What is product reputation risk?
Risk of change in product’s reputation or image.
What is operational risk?
Risk that business operations may be inefficient or business processes may fail.
What is contractual inadequacy risk?
Risk that terms of a contract do not fully cover a business against all potential outcomes
What is economic risk?
Risk that changes in the economy might affect the business.
What is financial risk?
Risk of a change in financial condition
What are the main types of financial risk?
Credit Risk Political Risk Currency Risk Interest rate risk Gearing Risk
What is technology risk?
The risk that technology changes will occur that either present new opportunities to businesses, or on the down-side, make their existing processes obsolete or inefficient.
What is environmental risk?
Risk that arises from changes in the environment such as climate change or natural disasters
What is fraud risk?
A type of operational risk; the vulnerability of an organization to fraud
What is reputation risk?
A down-side risk because e better the reputation of the business, the more risk there is of losing that reputation
What is malfeasance?
Doing wrong or committing an offence
What are the risks in international operations?
Culture Litigation Credit Items in transit Financial
Why take risks?
Gain competitive advantage
Increase returns
What is risk management?
The process of understanding and managing the risks that the organization is inevitably subject to in attempting to achieve its corporate objectives.
What is enterprise risk management (ERM)?
The alignment of risk management with business strategy and the embedding of a risk management culture into business operations.
A process, effected by an entity’s board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.
What are the key principles of ERM?
- consideration of risk management in the context of business strategy
- risk management is everyone’s responsibility, with the tone set from the top
- the creation of a risk aware culture
- a comprehensive and holistic approach to risk management
- consideration of a broad range of risks (strategic, financial, operational and compliance)
- a focused risk management strategy, led by the board (embedding risk within an organization’s culture).
What are the eight components of ERM?
Internal environment Objective setting Event identification Risk assessment Risk response Control activities Information and communication Monitoring
What is the internal environment under ERM?
The tone of the organization, including the risk management philosophy and risk appetite
What is objective setting under ERM?
Objectives should be aligned with the organization’s mission and need to be consistent with the organization’s defined risk appetite.
What is event identification under ERM?
These are internal and external events (both positive and negative) which impact upon the achievement of an entity’s objectives and must be identified.
What is risk assessment under ERM?
Risks are analyzed to consider their likelihood and impact as a basis for determining how they should be managed
What is risk response under ERM?
Management selects risk response(s) to avoid, accept, reduce or share risk. The intention is to develop a set of actions to align risks with the entity’s risk tolerances and risk appetite.
What is control activities under ERM?
Policies and procedures help ensure the risk responses are effectively carried out.
What is information and communication under ERM?
The relevant information is identified, captured and communicated in a form and timeframe that enables people to carry out their responsibilities.
What is monitoring under ERM?
The entire ERM process is monitored and modifications made as necessary.
What is shareholder value?
The sum of the value of what an organization does now and the value of what they could possibly do in the future.
What is residual risk?
The risk a business faces after its controls have been considered.
