Risk Management Responsibilities Flashcards

1
Q

Why is it important to have clearly defined ownership of core processes, dependencies and risks?

A

Allows RM and Audit Committees to monitor actions and responsibilities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Where would the membership and responsibilities of committees be set out?

A

In the committee’s terms of reference

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Describe the relationship between the Risk/Audit functions and risk ownership.

A

Risk management should be embedded in core processes and business activities and therefore owned by managers, not risk/audit functions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Name seven risk management professional that might be involved in RM activities

A
  • Insurance risk manager
  • Corporate treasurer
  • Finance director
  • Internal auditor
  • Compliance manager
  • HSE Manager
  • Business continuity manager
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Describe the key RM responsibilities of a CEO, and where the role fits in the ‘three lines of defence’ model

A

First line.

  • Determine strategic approach
  • Establish RM structure
  • Understand most significant risks
  • Consider risks from poor decisions
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Describe the key RM responsibilities of a location manager, and where the role fits in the ‘three lines of defence’ model

A

First line.

  • Build risk-aware culture
  • Agree RM performance targets
  • Evaluate employees RM reports
  • Ensure implementation of recommendations
  • Identify/report changed risks
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Describe the key RM responsibilities of an employee, and where the role fits in the ‘three lines of defence’ model

A

First line.

  • Understand, accept and implement RM processes
  • Report inefficient, unnecessary or unworkable controls
  • Report incidents and near-misses
  • Co-operate with management on investigations
  • Ensure visitors and contractors comply with procedures
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Describe the key RM responsibilities of a risk manager, and where the role fits in the ‘three lines of defence’ model

A

Second line

  • Develop and update RM policy
  • Facilitate risk-aware culture
  • Establish internal risk policies and structures
  • Co-ordinate RM activities
  • Compile risk info and prepare board reporting
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Describe the key RM responsibilities of a risk specialist, and where the role fits in the ‘three lines of defence’ model

A

Second line.

  • Establish specialist risk policies
  • Develop specialist contingency plans
  • Keep up-to-date in specialist areas
  • Support incident investigations
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Describe the key RM responsibilities of an internal audit manager, and where the role fits in the ‘three lines of defence’ model

A

Third line.

  • Develop risk audit plan
  • Audit risk processes across the org
  • Provide assurance on RM activities
  • Develop RM processes
  • Report on efficiency and effectiveness of internal controls
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Why is a board level sponsor for risk management required, and what are they typically responsible for?

A

Ensures RM is given sufficiently high profile. They are usually responsible for the RASP.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

How does ISO Guide 73 define a risk owner?

A

“A person with the authority and accountability to make the decision to treat or not treat a risk.”

An individual with accountability for an objective has accountability for the associated risk.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Describe the common law duties of Directors set out in the Companies Act 2006.

A
  • Act in accordance with responsibilities
  • Act in accordance with constitution of the company
  • Promote the success of the company
  • Exercise independent judgement
  • Exercise reasonable care, skill and judgement
  • Avoid or declare conflicts of interest
  • Do not accept benefits from third parties
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

How does good RM support the common law duties of Directors set out in the Companies Act 2006?

A

Good RM promotes the success of the company, and facilitates reasonable care, skill and judgement through informed decision-making.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Boards are usually made up of exec and non-exec directors. What type of org might have a separate board non-execs?

A

A charity may have a board of execs with a separate board of governors.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Typically, what is the relationship between an exec director and the organisation?

A

Execs are usually full-time employees of the org.

17
Q

Describe the 8 key roles of non-exec directors

A
  • Constructively challenge and help develop proposals on strategy
  • Scrutinise the performance of management
  • Challenge integrity of risk information
  • Seek assurance that financial controls and systems of RM are robust and defensible
  • Determine appropriate levels of remuneration for the exec directors, succession planning
  • Establish and maintain confidence in the conduct of the company
  • Be independent in judgement, promoting openness and trust
  • Be well informed about the org, its external environment and relevant issues
18
Q

Describe the non-exec’s role in an org’s STRATEGY

A

Constructively challenge and help develop proposals on strategy

19
Q

Describe the non-exec’s role in an org’s PERFORMANCE

A

Scrutinise the performance of management

20
Q

Describe the non-exec’s relationship to an org’s RISK

A

Challenge integrity of risk information

21
Q

Describe the non-exec’s relationship to an org’s CONTROLS

A

Seek assurance that financial controls and systems of RM are robust and defensible

22
Q

Describe the non-exec’s role in the org’s PEOPLE

A

Determine appropriate levels of remuneration for the exec directors, succession planning

23
Q

Describe how the non-exec’s relationship to CONFIDENCE in the org

A

Establish and maintain confidence in the conduct of the company

24
Q

Describe how INDEPENDENCE fits into the role of non-exec

A

Be independent in judgement, promoting openness and trust

25
Describe how KNOWLEDGE fits into the role of non-exec
Be well informed about the org, its external environment and relevant issues
26
Historically the Risk Manager role was insurance focussed. What would this involve?
* Establish RM strategy * Co-ordinate insurance programme for protecting org’s property and people * Work with captive insurance company to ensure their maximum contribution * Maintain key insurer relationships, cost-effective insurance contracts and monitor service providers * Measure and monitor cost of risk performance • Ensure safe-keeping and retention of insurance contracts * Supervise co-ordination of service provider activities * Co-ordinate property survey programme, RM procedures and incentive schemes
27
Currently the Risk Manager role is varied and strategic and involves what?
* May report in to the HR Director, Finance Director, Company Secretary or treasurer. * Finance or energy company risk managers may report directly to the CEO as Chief Risk Officers (CRO) * Responsible for corporate learning re Risk Management benefits * Develops RASP and systems for ensuring RM outcomes are achieved * Greater involvement in project management and strategic delivery * More broadly involved in resilience.
28
Describe the role of the Chief Risk Officer (CRO).
* Pulls together disparate RM activities to ensure best use of resources * Works with other managers to drive effective RM, supporting them with communicating risk info up, down and across the org * Works with IAs to ensure accuracy of reporting and value-added recommendations.
29
Describe the membership of the Risk Management Committee
The RMC membership is dependent on size and level of risks within the org. It can be a small group of senior execs setting strategy and policy, or a knowledge-sharing group with exec representation from each unit or department.
30
What should be considered if the RMC is a sub-committee of the Audit Committee?
Should be an executive function with clear separation from assurance and compliance activities
31
How might the membership of the RMC vary in banks and financial institutions and what should be considered in this arrangement?
May be a committee of the board made up of exec and non-exec board members. Three lines of defence should be maintained.
32
Describe the relationship between the audit committee and the RMC in the org’s structure
The RMC should be separate to the audit committee, and should not be senior to the audit committee to ensure the three lines of defence.
33
How might the RMC functions be undertaken in a smaller org?
The same functions may be carried out by the exec committee or finance committee
34
How does management style influence the way RM activities are factored in to an organisation’s architecture?
Where strategy and operations are directed by head office a centralised approach may be appropriate. Management structures that delegate responsibility to unit or divisional managers will adopt a de-centralised approach. Other org’s may adopt a hybrid approach, delegating some RM activities while maintaining a corporate approach for others e.g. Health & Safety
35
Explain what is meant by the “Information and monitoring” phase of the COSO ERM framework
Info & Comms: Relevant info is identified, captured and communicated in a form and timeframe that enables people to carry out their duties. Effective comms also happens down, up and across the org. Monitoring: ERM is monitored and modifications made as necessary. Accomplished through ongoing management activities, separate evaluations or both.
36
Describe the advantages of a RMIS.
Standardised data, storage and analysis, complex modelling across divisions and departments, integrated governance, risk and compliance tools.
37
Describe the disadvantages of a RMIS.
Costly to adopt and they may lack nuance and insight. Think about RBS’ complex risk modelling mentioned in CIMA 2010, which lacked human intervention and insight.