Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

ERM > RM Framework > Flashcards

RM Framework Flashcards

RASP

1
Q

What acronym is used to describe the RM Framework

A

RASP
The purpose of the risk management framework is to assist with integrating risk management into all activities and functions. The effectiveness of risk management will depend on integration into governance and all other activities of the organisation, including decision-making.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Name the 6 parts of Risk Management Architecture

A

Forms part of the FRAMEWORK ( governance org chart)
DEFINES HOW RISK IS COMMUNICATED THROUGHOUT ORG
* Committee structure and TORS
* R&R’s
* Internal reporting REQUIREMENTS
* External reporting CONTROLS
* TM assurance arrangements
* Budget and agreement on resources

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Name the 7 parts of Risk Management Strategy

A

SET OUT IN RM POLICY
SETS OUT THE WAY RISK IS ALIGNED TO OTHER ACTIVITIES and OVERALL APPROACH TO RM
RM philosophy
Arrangements for embedding RM (using STOC)
Risk Appetite and attitude to risk
Benchmark tests for significance
Specific risk statements/policies
Risk assessment techniques
Risk priorities for present year

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Name the 9 parts of RM protocols

A

SYSTEMS, STANDARDS AND PROCEDURES TO FULFIL THE RISK STRATEGY
Tools and techniques
Risk classification system
Risk assessment procedures
Risk control rules and procedures
Responding to incidents, issues and events
Documentation and record keeping
Training and comms
Audit procedures and protocols
Reporting, disclosures, certification

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Risk Architecture overview

A

Architecture is structure of RM process aligned to structure of Org
Structure of RM team might differ depending on centralised, decentralised or hybrid (agency theory)
Each Org will have its own architecture and therefore its own R&R’s

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Whether you use 31000, COSO or OB, the four simple steps of RM remain the same. They are:

A

Define context and objectives
Assess the risks
Manage the risks
Monitor, review and Report

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Summary of 31000 FW

A
  1. Leadership and commitment, including:
    * aligning risk management with the strategy, objectives and culture of the organisation;
    * issuing a statement or policy that establishes a RM approach, plan or course of action;
    * making necessary resources available for managing risk; and
    * establishing the amount and type of risk that may or may not be taken (risk appetite).
  2. Integration, including: * determining management accountability and oversight roles and responsibilities; and
    * ensuring risk management is part of, and not separate from, all aspects of the organisation.
  3. Design, including:
    * understanding the organisation and its internal and external context;
    * articulating risk management commitment and allocating resources; and
    * establishing communication and consultation arrangements.
  4. Implementation, including:
    * developing an appropriate implementation plan including deadlines;
    * identifying where, when and how different types of decisions are made, and by whom; and
    * modifying the applicable decision-making processes where necessary.
  5. Evaluation, including:
    * measuring framework performance against its purpose, implementation and behaviours; and
    * determining whether it remains suitable to support achievement of objectives.
  6. Improvement, including:
    * continually monitoring and adapting the framework to address external and internal changes;
    * taking actions to improve the value of risk management; and
    * improving the suitability, adequacy and effectiveness of the RM framework.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Summary of 31000 process

A

The risk management process involves the systematic application of policies, procedures and practices to the activities of communicating and consulting, establishing the context and assessing, treating, monitoring, reviewing, recording and reporting risk.
1. Communication and consultation, including:
* bringing different areas of expertise together for each step of the RM process;
* ensuring different views are considered when defining risk criteria and evaluating risks;
* providing sufficient information to facilitate risk oversight and decision-making; and
* building a sense of inclusiveness and ownership among those affected by risk.

  1. Scope, context and criteria, including:
    * defining the purpose and scope of risk management activities;
    * identifying the external and internal context for the organisation;
    * defining risk criteria by specifying the acceptable amount and type of risk; and
    * defining criteria to evaluate the significance of risk and to support decision-making;
  2. Risk assessment, including:
    * risk identification to find, recognise and describe risks that might help or prevent achievement of objectives and the variety of tangible or intangible consequences;
    * risk analysis of the nature and characteristics of risk, including the level of risk, risk sources, consequences, likelihood, events, scenarios, controls and their effectiveness; and
    * risk evaluation to support decisions by comparing the results of the risk analysis with the established risk criteria to determine the significance of risk.
  3. Risk treatment, including:
    * selecting the most appropriate risk treatment option(s); and
    * designing risk treatment plans specifying how the treatment options will be implemented.
  4. Monitoring and review, including:
    * improving the quality and effectiveness of process design, implementation and outcomes;
    * monitoring the RM process and its outcomes, with responsibilities clearly defined;
    * planning, gathering and analysing information, recording results and providing feedback; and
    * incorporating the results in performance management, measurement and reporting activities.
  5. Recording and reporting, including:
    * communicating risk management activities and outcomes across the organisation;
    * providing information for decision-making;
    * improving risk management activities; and
    * providing risk information and interacting with stakeholders.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are four objectives of COSO cube

A

STOC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are 8 components of COSO cube

A

Internal Environment
Objective setting
Event ID
Risk assessment
Risk response
Control activities
Info and Comms
Monitoring

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What additional element did the COSO double helix cube bring in 2017

A

Integration with strategy and performance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

How many principals does the OB have

A

5
gov and leadership
integration
collaborative and informed by best info available
structured process
continuous improvement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

ERM (18 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions