SCS Flashcards
What is conformance and performance in risk management?
Conformance = managing downside risks
Performance = managing opportunities to maximise returns
Define risk appetite and what two factors determine the risk appetite?
Risk appetite is the willingness or amount of risk an entity is willing to accept
Determined by stakeholders attitude to risk and the entities risk capacity (total amount of risk an entity can take)
What does SMART stand for?
- Specific
- Measurable
- Achievable
- Relevant
- Time-limited
The “scale of the risk” depends on 2 factors, what are they?
- Likelihood of occurrence
- potential downside or impact
In terms of risk responses what does “TARA” stand for?
- Transfer
- Avoid
- Reduce
- Accept
What is gross and net risk?
Gross risk aka inherent risk = risk before consideration of mitigation /reduction procedures
Net risk aka residual risk = risk after mitigation/reduction procedures
The risk register should consist of what?
The identified risk, the likelihood of occurrence and the responses
What are the three lines of defence for a company generally?
- Management based assurance I.e. board policies and management review
- Internal processes and legal based assurance
- External assurance I.e. internal audit, external audit, etc
What are three examples of erm based laws and regulations?
COSO
TURNBULL (UK)
SABEL-OXLEY (SOX) (USA)
What is risk consolidation?
Risk consolidation is the process of aggregating divisional/subsidiary risks at a corporate level.
What is EV and how is it calculated?
EV is expected value and is determined by summing up the outcomes (income, expense, or net) weighted by the probability of that outcome occuring.
What is the value at risk?
Value at risk is simply the Z times by the standard deviation
What is the certainty equivalent?
The certainty equivalent is a guaranteed return that someone would accept now, rather than taking a chance on a higher, but uncertain, return in the future.
What is r and what is r2
r = coefficient of correlation
r2 = coefficient of determination
If r = +1 what does the this mean?
A perfect positive correlation
If r = -1 what does this mean?
A perfect negative correlation
What does r = 0 mean?
No correlation
What does OECD stand for?
Organisation of economic cooperation development
What are the three points of a fraud triangle and what are two types of fraud?
- Incentive
- Opportunity
- Attitude/behaviour
Misappropriation of assets
Fraudulent financial reporting
Most client-server networks comprise 3 tiers, what are they?
- Presentation tier
- Application tier (AKA logic tier)
- Data tier
What is ISO27001?
It sets out international standards on information technology security techniques
14 sections and 114 controls
What are black hat and white hat hackers?
Black hat hackers are malicious and hack systems for personal gain whereas white hat hackers hack systems to provide feedback for improvement.
Controls in computers are categorised in 2 ways, what are they?
General controls and application controls
What are the three characteristics of big data?
- Volume
- Velocity
- Variety
4th common ‘V’ is veracity or Truthfulness
