Risk Management Policies & Procedures Flashcards
Define “cross-enterprise risk”.
A term primarily used by the ERP company SAP. A risk that occurs in multiple units in an organization. For example, the risk of a security breach that allowed unauthorized access to a system could occur at multiple sites or units within an organization.
Define “enterprise risk management”.
Methods and processes used by organizations to identify and manage events and circumstances that may impact the ability of that entity to achieve its objectives.
What is meant by “the tone at the top?”
The extent to which top management is ethical and is pro-active in establishing the organization’s ethical tone and culture. Consider a counter-example: Kenneth Lay urged Enron employees to buy more Enron stock at the same time that he was selling millions of dollars in Enron stock options (called a “pump and dump” scheme).
Define “risk appetite”.
The amount of risk exposure, or potential adverse impact from an event, that an organization chooses to accept or retain, as opposed to sharing, avoiding, reducing or eliminating it.
What activities should be considered regarding segregation of critical accounting duties?
Consider five critical activities related to internal control, which should be separated to lessen fraud risk: Authorizing events, Executing events, Recording events, Safeguarding resources and assets, Reconciling, oversight and auditing, e.g., Board of Director’s review, internal and external audits, and reconciling system logs with known system activity.
