Roles and Responsibilities Flashcards
What does Risk Management depend on?
- A clear statement of objectives from the board of directors
- A systematic approach to risk identification in changing circumstances
- An analysis of risks against criterial set by the board
- Effective management of selected risks
What is the purpose of the responsibility for risk management remaining with the board?
- ensure system is working as intended
- enable control to be exercised
What is the structure an organisation sets up to control risk management across the whole of its organisation?
Enterprise Risk Management (ERM)
What does ERM allow for?
All risks to be looked at together and from different perspectives (holistic approach)
Can ERM be used in large/public organisations?
No
What are the benefits of successful risk management?
- Better informed strategic decisions
- Successful management of change and higher operational efficiency
- More accurate financial reporting
- Reduced borrowing costs
- Improved competitive advantage
What elements makes a successful ERM system?
- Workable framework clarifying functional responsibilities and interactions and the systems for internal communication, reporting and control
- Personalising the framework
Why is the ERM framework important?
- Shows how essential functions combine to create an integrated system
- specifies required information flows
- identifies where overlapping responsibilities might occur
What does GRC stand for?
Governance, risk and compliance
Activities of risk management, audit and compliance are likely to…
Give rise overlapping responsibilities
What is the main purpose of the risk management, compliance and audit functions?
Improve corporate governance
What is an objective of GRC?
Rationalise information gathering and processing structures using common technology
Requiring risk management, audit and compliance to agree on definitions helps, coordinate their activities helps…
reduce redundancy in operations
What ensures less room for misunderstanding and more scope for consolidating information?
Common GRC software and agreement to work on a common database
GRC can be introduced quickly/easily? True or False?
False
In a typical ERM system what would a group risk management function be responsible for?
- Setting up and maintaining the ERM framework
- Managing all risk management functions within the group
What does a Chief Risk Officer do?
Report risk matters to the CEO of the board, senior management committees and to the board of risk subcommittee.
Are the risk subcommittee and audit subcommittee independent channels to the board?
Yes
What is a qualitative indication of progress in developing risk awareness in an organisation?
Regularly assessing the current level of risk culture.
What processes are used to evaluate the extent to which the risk culture is embedded in organisation procedures and practices?
Observations, audit and interviews
What does the board of directors do?
Watch over an organisation and give it overall direction
What does the UK Corporate Governance Code charge directors with?
- Setting company’s strategic aims
- Supervising management of business
- Reporting to shareholders on their stewardship
Is a risk committee a full board?
No
What is the first and most important task of a risk subcommittee?
Publish and maintain overall risk management philosophy
What is corporate governance?
The way a board sets up an organisation to achieve its objectives, with systems in place.
Provides a code of best practice for companies listed on the London Stock Exchange?
The UK Corporate Governance Code
Who oversees the UK Corporate Governance Code?
Financial Reporting Council
How often is the UK Corporate Governance Code reviewed?
Every 2 years
What is the Sarbanes-Oxley Act 2002?
Established enhanced standards for US companies by their financial regulator.
What is stricter tin enforcement he SOX Act of Uk Corporate Governance Code?
SOX Act
Does SOX have more or less emphasis on RM than the Corporate Governance Code
Less
What are internal controls?
Devices and procedure to ensure that management objectives are met
What doe internal audits provide?
Independent assurance on controls and recommend improvements where applicable
What does COSO stand for?
Committee of Sponsoring Organisation of the Treadway Commission
Define COSO?
Defines internal control as a process, effected by stakeholders to provide ‘reasonable assurance’ regarding achievement of objectives
How does COSO describe internal control?
- Control environment
- Risk Assessment
- Control Activities
- Information and Communication
- Monitoring activities
What is CSA?
Control Self Assessment
Process applied systematically across an organisation at various levels
Requires self-review and self-audit risk controls
Why is CSA useful?
Ensures compliance with corporate standards
What will an audit team consider to understand whether ERM systems and procedures are effective?
- Significant risks are being identified and assessed
- appropriate risk responses are selected
- relevant risk information is captured
Where does the responsibility for risk control throughout an organisation lie?
With the board of directors
What is a risk management architecture?
Structure by which risk is intended to be managed in a written document
What will a document describing the risk architecture include as a minimum?
- Board member/subcommittee responsible for RM
- State how risk is perceived
- Specify roles/responsibilities of senior risk professionals
What are RM frameworks designed to ensure?
Management decisions are based on good and consistent risk information
The risk owner should be responsible for…
assessing and managing the organisation’s response.
What is the chief risk officer responsible for?
Establishing and maintaining ERM
Setting detailed targets and objectives within board remit
Demonstrating objectives have been met
A risk officer is…
A person who carries out selected duties under the guidance of the CRO. Duties subset of CRO
Why are committees established?
To bring together experts from different areas
How is information flowed through a committee
Upwards
The amount of risk an organisation is prepared to accept, tolerate or be exposed to is called its…
Risk appetite
How can a risk appetite policy be treated?
As a discussion document to be continually refined
Risk tolerance describes?
Risks an organisation might be able to put up with
How do we arrange risks?
In order of impact and frequency
What is LILAC?
Activities that promote a risk aware culture. (Health and Safety Executive)
What does LILAC stand for?
Leadership Involvement Learning Accountability Communication
What is an advantage to an organisation of having a successful enterprise risk management programme?
An improved competitive advantage.
A claims manager has been asked by the risk management department to review whether the claims settlement authorities granted to claims handlers are being followed and to report his findings to them. What type of risk management technique is being used?
Control self assessment.
What is corporate governance?
Way a board sets u an organisation to achieve its objectives together with the systems in place
What is the difference between risk appetite and risk tolerance?
Risk appetite - describes risk organisation is willing to take
Risk tolerance - describes risks an organisation may be able to put up with
What activities support a risk aware culture?
leadership, involvement, learning, accountability and communication
