Risk Management Responsibilities Flashcards

1
Q

Why is it important to have clearly defined ownership of core processes, dependencies and risks?

A

Allows RM and Audit Committees to monitor actions and responsibilities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Where would the membership and responsibilities of committees be set out?

A

In the committee’s terms of reference

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Describe the relationship between the Risk/Audit functions and risk ownership.

A

Risk management should be embedded in core processes and business activities and therefore owned by managers, not risk/audit functions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Name seven risk management professional that might be involved in RM activities

A
  • Insurance risk manager
  • Corporate treasurer
  • Finance director
  • Internal auditor
  • Compliance manager
  • HSE Manager
  • Business continuity manager
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Describe the key RM responsibilities of a CEO, and where the role fits in the ‘three lines of defence’ model

A

First line.

  • Determine strategic approach
  • Establish RM structure
  • Understand most significant risks
  • Consider risks from poor decisions
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Describe the key RM responsibilities of a location manager, and where the role fits in the ‘three lines of defence’ model

A

First line.

  • Build risk-aware culture
  • Agree RM performance targets
  • Evaluate employees RM reports
  • Ensure implementation of recommendations
  • Identify/report changed risks
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Describe the key RM responsibilities of an employee, and where the role fits in the ‘three lines of defence’ model

A

First line.

  • Understand, accept and implement RM processes
  • Report inefficient, unnecessary or unworkable controls
  • Report incidents and near-misses
  • Co-operate with management on investigations
  • Ensure visitors and contractors comply with procedures
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Describe the key RM responsibilities of a risk manager, and where the role fits in the ‘three lines of defence’ model

A

Second line

  • Develop and update RM policy
  • Facilitate risk-aware culture
  • Establish internal risk policies and structures
  • Co-ordinate RM activities
  • Compile risk info and prepare board reporting
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Describe the key RM responsibilities of a risk specialist, and where the role fits in the ‘three lines of defence’ model

A

Second line.

  • Establish specialist risk policies
  • Develop specialist contingency plans
  • Keep up-to-date in specialist areas
  • Support incident investigations
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Describe the key RM responsibilities of an internal audit manager, and where the role fits in the ‘three lines of defence’ model

A

Third line.

  • Develop risk audit plan
  • Audit risk processes across the org
  • Provide assurance on RM activities
  • Develop RM processes
  • Report on efficiency and effectiveness of internal controls
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Why is a board level sponsor for risk management required, and what are they typically responsible for?

A

Ensures RM is given sufficiently high profile. They are usually responsible for the RASP.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

How does ISO Guide 73 define a risk owner?

A

“A person with the authority and accountability to make the decision to treat or not treat a risk.”

An individual with accountability for an objective has accountability for the associated risk.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Describe the common law duties of Directors set out in the Companies Act 2006.

A
  • Act in accordance with responsibilities
  • Act in accordance with constitution of the company
  • Promote the success of the company
  • Exercise independent judgement
  • Exercise reasonable care, skill and judgement
  • Avoid or declare conflicts of interest
  • Do not accept benefits from third parties
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

How does good RM support the common law duties of Directors set out in the Companies Act 2006?

A

Good RM promotes the success of the company, and facilitates reasonable care, skill and judgement through informed decision-making.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Boards are usually made up of exec and non-exec directors. What type of org might have a separate board non-execs?

A

A charity may have a board of execs with a separate board of governors.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Typically, what is the relationship between an exec director and the organisation?

A

Execs are usually full-time employees of the org.

17
Q

Describe the 8 key roles of non-exec directors

A
  • Constructively challenge and help develop proposals on strategy
  • Scrutinise the performance of management
  • Challenge integrity of risk information
  • Seek assurance that financial controls and systems of RM are robust and defensible
  • Determine appropriate levels of remuneration for the exec directors, succession planning
  • Establish and maintain confidence in the conduct of the company
  • Be independent in judgement, promoting openness and trust
  • Be well informed about the org, its external environment and relevant issues
18
Q

Describe the non-exec’s role in an org’s STRATEGY

A

Constructively challenge and help develop proposals on strategy

19
Q

Describe the non-exec’s role in an org’s PERFORMANCE

A

Scrutinise the performance of management

20
Q

Describe the non-exec’s relationship to an org’s RISK

A

Challenge integrity of risk information

21
Q

Describe the non-exec’s relationship to an org’s CONTROLS

A

Seek assurance that financial controls and systems of RM are robust and defensible

22
Q

Describe the non-exec’s role in the org’s PEOPLE

A

Determine appropriate levels of remuneration for the exec directors, succession planning

23
Q

Describe how the non-exec’s relationship to CONFIDENCE in the org

A

Establish and maintain confidence in the conduct of the company

24
Q

Describe how INDEPENDENCE fits into the role of non-exec

A

Be independent in judgement, promoting openness and trust

25
Q

Describe how KNOWLEDGE fits into the role of non-exec

A

Be well informed about the org, its external environment and relevant issues

26
Q

Historically the Risk Manager role was insurance focussed. What would this involve?

A
  • Establish RM strategy
  • Co-ordinate insurance programme for protecting org’s property and people
  • Work with captive insurance company to ensure their maximum contribution
  • Maintain key insurer relationships, cost-effective insurance contracts and monitor service providers
  • Measure and monitor cost of risk performance

• Ensure safe-keeping and retention of insurance
contracts

  • Supervise co-ordination of service provider activities
  • Co-ordinate property survey programme, RM procedures and incentive schemes
27
Q

Currently the Risk Manager role is varied and strategic and involves what?

A
  • May report in to the HR Director, Finance Director, Company Secretary or treasurer.
  • Finance or energy company risk managers may report directly to the CEO as Chief Risk Officers (CRO)
  • Responsible for corporate learning re Risk Management benefits
  • Develops RASP and systems for ensuring RM outcomes are achieved
  • Greater involvement in project management and strategic delivery
  • More broadly involved in resilience.
28
Q

Describe the role of the Chief Risk Officer (CRO).

A
  • Pulls together disparate RM activities to ensure best use of resources
  • Works with other managers to drive effective RM, supporting them with communicating risk info up, down and across the org
  • Works with IAs to ensure accuracy of reporting and value-added recommendations.
29
Q

Describe the membership of the Risk Management Committee

A

The RMC membership is dependent on size and level of risks within the org. It can be a small group of senior execs setting strategy and policy, or a knowledge-sharing group with exec representation from each unit or department.

30
Q

What should be considered if the RMC is a sub-committee of the Audit Committee?

A

Should be an executive function with clear separation from assurance and compliance activities

31
Q

How might the membership of the RMC vary in banks and financial institutions and what should be considered in this arrangement?

A

May be a committee of the board made up of exec and non-exec board members. Three lines of defence should be maintained.

32
Q

Describe the relationship between the audit committee and the RMC in the org’s structure

A

The RMC should be separate to the audit committee, and should not be senior to the audit committee to ensure the three lines of defence.

33
Q

How might the RMC functions be undertaken in a smaller org?

A

The same functions may be carried out by the exec committee or finance committee

34
Q

How does management style influence the way RM activities are factored in to an organisation’s architecture?

A

Where strategy and operations are directed by head office a centralised approach may be appropriate. Management structures that delegate responsibility to unit or divisional managers will adopt a de-centralised approach. Other org’s may adopt a hybrid approach, delegating some RM activities while maintaining a corporate approach for others e.g. Health & Safety

35
Q

Explain what is meant by the “Information and monitoring” phase of the COSO ERM framework

A

Info & Comms: Relevant info is identified, captured and communicated in a form and timeframe that enables people to carry out their duties. Effective comms also happens down, up and across the org.

Monitoring: ERM is monitored and modifications made as necessary. Accomplished through ongoing management activities, separate evaluations or both.

36
Q

Describe the advantages of a RMIS.

A

Standardised data, storage and analysis, complex modelling across divisions and departments, integrated governance, risk and compliance tools.

37
Q

Describe the disadvantages of a RMIS.

A

Costly to adopt and they may lack nuance and insight. Think about RBS’ complex risk modelling mentioned in CIMA 2010, which lacked human intervention and insight.