Roles and Responsibilities

Question 1

What does Risk Management depend on?

Answer 1

• A clear statement of objectives from the board of directors
• A systematic approach to risk identification in changing circumstances
• An analysis of risks against criterial set by the board
• Effective management of selected risks

Question 2

What is the purpose of the responsibility for risk management remaining with the board?

Answer 2

• ensure system is working as intended

- enable control to be exercised

Question 3

What is the structure an organisation sets up to control risk management across the whole of its organisation?

Answer 3

Enterprise Risk Management (ERM)

Question 4

What does ERM allow for?

Answer 4

All risks to be looked at together and from different perspectives (holistic approach)

Question 5

Can ERM be used in large/public organisations?

Answer 5

No

Question 6

What are the benefits of successful risk management?

Answer 6

• Better informed strategic decisions
• Successful management of change and higher operational efficiency
• More accurate financial reporting
• Reduced borrowing costs
• Improved competitive advantage

Question 7

What elements makes a successful ERM system?

Answer 7

• Workable framework clarifying functional responsibilities and interactions and the systems for internal communication, reporting and control
• Personalising the framework

Question 8

Why is the ERM framework important?

Answer 8

• Shows how essential functions combine to create an integrated system
• specifies required information flows
• identifies where overlapping responsibilities might occur

Question 9

What does GRC stand for?

Answer 9

Governance, risk and compliance

Question 10

Activities of risk management, audit and compliance are likely to…

Answer 10

Give rise overlapping responsibilities

Question 11

What is the main purpose of the risk management, compliance and audit functions?

Answer 11

Improve corporate governance

Question 12

What is an objective of GRC?

Answer 12

Rationalise information gathering and processing structures using common technology

Question 13

Requiring risk management, audit and compliance to agree on definitions helps, coordinate their activities helps…

Answer 13

reduce redundancy in operations

Question 14

What ensures less room for misunderstanding and more scope for consolidating information?

Answer 14

Common GRC software and agreement to work on a common database

Question 15

GRC can be introduced quickly/easily? True or False?

Answer 15

False

Question 16

In a typical ERM system what would a group risk management function be responsible for?

Answer 16

• Setting up and maintaining the ERM framework

- Managing all risk management functions within the group

Question 17

What does a Chief Risk Officer do?

Answer 17

Report risk matters to the CEO of the board, senior management committees and to the board of risk subcommittee.

Question 18

Are the risk subcommittee and audit subcommittee independent channels to the board?

Answer 18

Yes

Question 19

What is a qualitative indication of progress in developing risk awareness in an organisation?

Answer 19

Regularly assessing the current level of risk culture.

Question 20

What processes are used to evaluate the extent to which the risk culture is embedded in organisation procedures and practices?

Answer 20

Observations, audit and interviews

Question 21

What does the board of directors do?

Answer 21

Watch over an organisation and give it overall direction

Question 22

What does the UK Corporate Governance Code charge directors with?

Answer 22

• Setting company’s strategic aims
• Supervising management of business
• Reporting to shareholders on their stewardship

Question 23

Is a risk committee a full board?

Answer 23

No

Question 24

What is the first and most important task of a risk subcommittee?

Answer 24

Publish and maintain overall risk management philosophy

Question 25

What is corporate governance?

Answer 25

The way a board sets up an organisation to achieve its objectives, with systems in place.

Question 26

Provides a code of best practice for companies listed on the London Stock Exchange?

Answer 26

The UK Corporate Governance Code

Question 27

Who oversees the UK Corporate Governance Code?

Answer 27

Financial Reporting Council

Question 28

How often is the UK Corporate Governance Code reviewed?

Answer 28

Every 2 years

Question 29

What is the Sarbanes-Oxley Act 2002?

Answer 29

Established enhanced standards for US companies by their financial regulator.

Question 30

What is stricter tin enforcement he SOX Act of Uk Corporate Governance Code?

Answer 30

SOX Act

Question 31

Does SOX have more or less emphasis on RM than the Corporate Governance Code

Answer 31

Less

Question 32

What are internal controls?

Answer 32

Devices and procedure to ensure that management objectives are met

Question 33

What doe internal audits provide?

Answer 33

Independent assurance on controls and recommend improvements where applicable

Question 34

What does COSO stand for?

Answer 34

Committee of Sponsoring Organisation of the Treadway Commission

Question 35

Define COSO?

Answer 35

Defines internal control as a process, effected by stakeholders to provide ‘reasonable assurance’ regarding achievement of objectives

Question 36

How does COSO describe internal control?

Answer 36

1. Control environment
2. Risk Assessment
3. Control Activities
4. Information and Communication
5. Monitoring activities

Question 37

What is CSA?

Answer 37

Control Self Assessment

Process applied systematically across an organisation at various levels

Requires self-review and self-audit risk controls

Question 38

Why is CSA useful?

Answer 38

Ensures compliance with corporate standards

Question 39

What will an audit team consider to understand whether ERM systems and procedures are effective?

Answer 39

• Significant risks are being identified and assessed
• appropriate risk responses are selected
• relevant risk information is captured

Question 40

Where does the responsibility for risk control throughout an organisation lie?

Answer 40

With the board of directors

Question 41

What is a risk management architecture?

Answer 41

Structure by which risk is intended to be managed in a written document

Question 42

What will a document describing the risk architecture include as a minimum?

Answer 42

• Board member/subcommittee responsible for RM
• State how risk is perceived
• Specify roles/responsibilities of senior risk professionals

Question 43

What are RM frameworks designed to ensure?

Answer 43

Management decisions are based on good and consistent risk information

Question 44

The risk owner should be responsible for…

Answer 44

assessing and managing the organisation’s response.

Question 45

What is the chief risk officer responsible for?

Answer 45

Establishing and maintaining ERM
Setting detailed targets and objectives within board remit
Demonstrating objectives have been met

Question 46

A risk officer is…

Answer 46

A person who carries out selected duties under the guidance of the CRO. Duties subset of CRO

Question 47

Why are committees established?

Answer 47

To bring together experts from different areas

Question 48

How is information flowed through a committee

Answer 48

Upwards

Question 49

The amount of risk an organisation is prepared to accept, tolerate or be exposed to is called its…

Answer 49

Risk appetite

Question 50

How can a risk appetite policy be treated?

Answer 50

As a discussion document to be continually refined

Question 51

Risk tolerance describes?

Answer 51

Risks an organisation might be able to put up with

Question 52

How do we arrange risks?

Answer 52

In order of impact and frequency

Question 53

What is LILAC?

Answer 53

Activities that promote a risk aware culture. (Health and Safety Executive)

Question 54

What does LILAC stand for?

Answer 54

Leadership 
Involvement 
Learning 
Accountability 
Communication

Question 55

What is an advantage to an organisation of having a successful enterprise risk management programme?

Answer 55

An improved competitive advantage.

Question 56

A claims manager has been asked by the risk management department to review whether the claims settlement authorities granted to claims handlers are being followed and to report his findings to them. What type of risk management technique is being used?

Answer 56

Control self assessment.

Question 57

What is corporate governance?

Answer 57

Way a board sets u an organisation to achieve its objectives together with the systems in place

Question 58

What is the difference between risk appetite and risk tolerance?

Answer 58

Risk appetite - describes risk organisation is willing to take
Risk tolerance - describes risks an organisation may be able to put up with

Question 59

What activities support a risk aware culture?

Answer 59

leadership, involvement, learning, accountability and communication