Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Risk Management > RM in Organisations > Flashcards

RM in Organisations Flashcards

1
Q

What are two principal purposes of risk management in organisations?

A
  1. Reducing uncertainty: RM as information-gathering tool for more effective risk control.
  2. Anticipation/resilience: Supports prediction and more efficient response to risk:
    - Identifying many (but not all) germane organisational risks.
    - Assessment/monitoring prioritises scarce control resources against risks.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is a black swan event?

A
  1. Risk events that are high improbable or extremely difficult to predict and quantify statistically.
  2. ‘Unknown unknowns’ - unacknowledged, unknown events.
  3. Typically, extremely negative events, with far-reaching impacts.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the four RM cycle steps that help support internal control?

A
  1. Risk:
    - Identification;
    - Assessment;
    - Monitoring; and
    - Control.
  2. RM is supported by compliance reviews:
    - Risk-based compliance reviews;
    - Internal audits; and
    - External audits.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What does a risk-based compliance review typically entail?

A

Review of employee, management and organisational compliance with laws and regulations:
- Often risk-based - effective RM key;
- Usually involve detailed and frequent reviews where impacts of non-compliance are high; and
- Risk assessment and monitoring suggest a higher non-compliance risk.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the function of internal and external audit?

A
  1. Internal audit:
    - Verification of effective design and implementation of internal policies;
    - Review of efficiency of operational processes;
    - Compliance review usage re. applicable laws and regulations; and
    - Outcome = potential reduction in control failure numbers - failures identified sooner during review, reducing possibility of risk event arising.
  2. External audit:
    - Annual review of adequacy of organisational reporting controls;
    - Assurance that AR&A are accurate and free of material financial misstatements; and
    - Broader controls review indicates whether organisation may continue as a going concern.

=> Effective compliance review and internal audit promotes generally promotes more streamlined external audit completion.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the board’s role in RM?

A
  1. Formal approval of risk appetite statement (aggregate risk that may be taken).
  2. Defining strategy that is reflective of organisational values, behaviours and culture.
  3. Challenging management on risk appetite assunmptions.
  4. Seeking comprehensive management assurance on non-financial risk monitoring.
  5. Retention of independent advisors for risk evaluation.
  6. Provision of strategic advisory guidance to management.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is value through risk?

A
  1. Contemporary tenet of RM that complements reduction of likelihood and impact of negative outcomes.
  2. Value through risk relates to increasing the probability and impact of positive risk outcomes, using risk-taking as a means of generating additional organisational value.
  3. Strategic risk refers to organisational appetite to make strategic commercial decisions that may increase total rewards (e.g. Facebook acquisition of Instragram at early stage; entry of tobacco companies into e-cigarettes/vaping but cf. Yahoo declined takeover of Google; Kodak reticient to enter digital photography).
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is adverse risk?

A

Excessive risk-taking that may cause an organisation to assume greater and less justifiable risks that may jeopardise organisational value.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are the four key steps in the RM process?

A
  1. Risk identification.
  2. Exposure asssessment.
  3. Exposure monitoring.
  4. Exposure control.

Performed sequentially but RM may commence at any of the defined steps.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What does the risk identification stage comprise?

A
  1. Identification of negative and positive risks that an organisation is exposed to.
  2. Variety of tools may be used, including checklists, root cause analyses and the Delphi technique.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What does the risk assessment stage entail?

A
  1. In summary: risk probability x risk impact = exposure.
  2. However, assessment outcomes may not be singular - a range of outcomes is conceivable.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What does the risk monitoring stage involve?

A
  1. Provision of a comprehensive overview of the organisation’s prevailing risk profile in relation to its objectives.
  2. Monitoring therefore refers to activities that:
    - Monitor and report upon potential changes to risk exposures; and
    - Monitor effectiveness of risk control and risk management activities in general.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What does the risk control stage comprise?

A

Application of tools and techniques to influence probability and impacts of a risk event, or to mitigate secondary business disruption and reputational effects that may follow an initial risk event.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is enterprise risk management?

A
  1. Extension of traditional risk management process.
  2. COSO - ERM is a process, effected by entity, applied in strategy-setting and across the enterprise, to identify potential events affecting the organisation and to manage risk within risk appetite.
  3. Essential characteristics:
    - Holistic focus upon all risks across organisation apprised (though this may be achieved with different tools).
    - Value-added risk managemet (upside risks managed alongside downside risks); and
    - Blending of formal and informal risk management techniques (RM processes, committees, hierarchies v. culture, RM perceptions, behaviours).
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are the key differences between traditional RM and ERM?

A
  1. Traditional RM:
    - Reactive / incident-based and often bottom-up.
    - Possible process divergence re. dissimilar risks.
    - Focus on adverse events, with operational/financial impact, using probabilities and financial metrics.
    - Limited cross-discipline collaboration.
  2. ERM:
    - Proactive, multi-disciplinary with external and internal risk identification.
    - Common framework, processes and risk mitigation techniques.
    - Cross-organisational analysis of risk impacts.
    - Emphasis on synergistic impact of cross-organisational risks.
    - Recognises risks may be negative/loss-causing or may result in something positive/revenue-generating not occurring.
    - Comprises bottom-up and top-down approaches.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are the key do-s and don’t-s of ERM?

A
  1. Do:
    - Gain top-down board and management support.
    - Engage broadly with employees and management, together with existing functional expertise.
    - Address key risks first and develop incrementally.
    - Embed ERM into organisational behaviour.
    - Take holistic, portfolio risk view.
  2. Don’t:
    - Treat ERM as a project (- continuing process).
    - Focus on detail (- strategic and forward-looking).
    - Rely on limited staff (- should be overarching topic).
    - Silo risks and impacts.
    - Overemphasise risk categorisation.
    - Assume risk register is complete, given ‘unknown, unknowns’.
17
Q

What are the key benefits of ERM?

A
  1. Improved reporting to support strategic decision-making.
  2. Avoidance of risk siloes.
  3. Improved operational efficiency and cost effectiveness.
  4. Improved profitability and equity value.
  5. Improved ability to achieve other business objectives.
18
Q

What six ERM considerations need to be addressed in addition to traditional RM deliverables?

A
  1. ERM policies and procedures;
  2. Risk appetite;
  3. Enterprise risk reporting;
  4. Risk and audit committees;
  5. Escalation and whistleblowing; and
  6. Business continuity management.

=> Overarching recognition that ERM alignment of risk and business strategies, recognising risks as both a source of hazard and opportunity.

19
Q

What six things should ERM policies and procedures include?

A
  1. Organisation’s overarching approach to risk, establishing guiding principles for risk-taking.
  2. RM and allied governance, audit and compliance objectives.
  3. Risk appetite - reconciliation of risk and opportunity.
  4. Risk culture statement.
  5. Roles and responsibilities for ERM - board, management, business units and functions etc..
  6. ERM reporting structure.

May follow ISO:31000/2018 RASP (risk architecture, strategy and protocols) structure re. (1) risk architecture [roles/responsibility; reporting structure], (2) risk strategy [risk appetite; objectives] and (3) risk protocols [identification; monitoring; assessment; control].

20
Q

How should risks be effectively reported under an ERM framework?

A
  1. Should not be unduly detailed but provide sufficient granularity for the local business unit, function or department.
  2. Holistic, organisation-wide reporting framework should be developed.
21
Q

How are the audit and risk committees related?

A
  1. Audit committees focussed on internal control, risk reduction and assurance => greater emphasis on risk-reduction.
  2. Risk committees consider all categories of risk across an organisation (though not necessarily each risk singularly).
  3. Possible for audit and risk committees to be consolidated into single forum however there is a potential conflict of interest amongst an audit committee’s risk reduction remit and a risk committee’s interest in promoting judicious, value-creating risk-taking.
22
Q

How are escalation and whistleblowing procedures accommodated via ERM?

A
  1. Consistent reporting approach promoted, via a single escalation point - typically, CRO or delegate.
  2. Whisteblowing procedures should be organisation-wide (and not silo-ed to specific functions) due to the seriousness of potential complaints.
  3. However, reporting procedures for risk events may include some concession for local instances - local management may be used to address local issues, where these may be better accommodated locally and do not have an organisation-wide impact. Escalation protocols should inform how local- and organisation-wide processes may be invoked.
23
Q

Who are the six key organisation personnel responsible for ERM implementation?

A
  1. CEO/board - ultimate responsibility for defining risk appetite and attendant processes/structure, with accountability for the same.
  2. Business unit manager - development responsibility for establishing risk culture and reporting on agreed risk metrics.
  3. Employees - understand, accept and implement risk processes.
  4. Risk manager - development of RM policy, reporting and wider coordination of RM activities.
  5. Specialist risk managers - development of contingency and recover plans, and specialist risk policies.
  6. Internal auditor - development of risk-based audit programme, together with auditing and assurance on RM and effectiveness of related controls.

Risk Management (10 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions