Section 1 B&C Flashcards
What are the three COSO ERM (Enterprise Risk Management) frme work that cites esveral trends will continue to have effect on an ERM?
Adapting to the ___ of data
Leveraging ___ __ and automation
Managing the cost of ____ ___
Building stronger ____
Proliferation (internal & external data sources to be structured in new ways)
Art intelligence
Risk Managemnet
Organizations
The updated COSO Enterprise Risk Management (ERM) framework’s Executive Summary lists the following benefits that can be achieved when entities integrate ERM throughout the organization:
Increased range of ____
Improved identifications and managment of ___ entiy-wide
Increased ___ outcomes and reduce ___ surprises
Improve ___ deployment
Enhanced ____ resilience
Reduce ___ Variability
opportunities risk positive, negative resource enterprise
COSO issued an update to the enterprise risk management (ERM) framework in 2017, Enterprise Risk Management—Integrating with Strategy and Performance, which addresses the evolution of ERM and the need for entities to what?
improve their approach to managing risk to meet the demands of an evolving business environment.
Definition: The Committee of Sponsoring Organizations of the Treadway Committee (COSO) issued the Enterprise Risk Management—Integrated Framework in 2004, and defined enterprise risk management (ERM) as follows:
“Enterprise risk management is a process, effected by an entity’s board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its ____, to provide reasonable assurance regarding the achievement of entity x____.”
risk appetit, risk appetite
Enterprise risk management (ERM) components help the entity achieve its objectives. These interrelated components need to be both present and functioning effectively (i.e., no material weaknesses) in order to have an effective ERM system. ERM consists of eight components: (CRIMER.IO)
THIS IS THE FRAMEWORK OF ERM
Control Activities Risk Assessment Internal Environment Monitoring Event Identification Risk Response
Information & Communication
Objective Setting
These are the 8 components of Enterprise Risk Management (ERM)…what are they
Control Activities Risk Assessment Internal Environment Monitoring Event Identification Risk Response
Information & Communication
Objective Setting
Control activties- Management risk response are effectively carried out. Polices are implemented
Risk Assessment - Identified risks are evaluated
Internal Environment - Tone at top
Monitoring -Processes monitored - deficiencies reported
Event ID - Identify positive & negative events to detremine risks/opportunities
Risk Response - Avoid, reduce, share, or accept risks
Information & Communication - Info about ERM components need to be communicated to mgmt
Objective Setting - Mgmt places processes to formulate objectives to help company assess/respond to risks
The revised COSO Enterprise Risk Management (ERM) framework is designed to assist boards of directors in fulfilling their risk oversight role, which includes the following:
____,, ___, __with management
Approving management ___and remuneration
Participating in __ and __relations
Reviewing, challenging, and concurring
incentives
investor and stakeholder
The internal auditor who works in ERM sets the risk appetite of the organization
False - this is generally done by the board of directors and/or executive management.
Internal auditors do coordinate ERM activities across the organization, evaluate the risk management process, and give assurance that the risks of the organization are correctly evaluated.
____do coordinate ERM activities across the organization, evaluate the risk management process, and give assurance that the risks of the organization are correctly evaluated.
Internal auditors
Who ensures that the organization’s risk responses align with the defined risk appetite.
Internal Auditor
According to COSO, which of the following components of enterprise risk management addresses an entity’s integrity and ethical values?
Information and communication
Internal environment
Risk assessment
Control activities
Internal Environment
COSO ERM Framework takes a risk base or control base appraoch?
ERM assists ___in effectively dealing with uncertainty and its related risk and opportunity, thus building stakeholder value in the entity.
The ____, is charged with the responsibility of finding a balance between growth and profit while using resources in an efficient and effective manner.
ERM helps ensure that ___ and ___laws and regulations are met, and assists in protecting the entity’s reputation.
Risk Based
management
chief executive officer
reporting and compliance
. The objective of the ERM framework is to achieve all the goals of the control framework and help the organization to:
attain reasonable assurance that company objectives and goals are ___,
continuously assess risks and identify the appropriate action to take and the resources to allocate to ___
achieve its ____targets, and
avoid adverse ___and damage to the entity’s reputation.
achieved and problems and surprises are minimized
overcome or mitigate risk,
financial and performance
publicity
“process effected by an entity’s board of directors, management, and other personnel.” … What is this?
Defintion of COSO - ERM
COSO ERM Framework consists of 5 interrelated components – what are they?
(GRIPS) - COSO grips ERM
Governance/Culture Review/Revision Information/Reporting Performance Strategy/Objective Setting
COSO ERM - GRIPS…What are they (Defintion)
Governance/Culture Review/Revision Information/Reporting Performance Strategy/Objective Setting
Gov - Sets Tone & upholds ethical values/behaviors
Review - Review performance and analyze ERM component functions
Information - Sharing info from all sources across org
Performance - Risks need to be identified and assesed.
Strategy - ERM & Objective setting works together to establish a risk appetite/objectives
COSO ERM - GRIPS Have principles dedicated to each.
What are the principles for GOV & Review
GOV
- Establish Board risk oversight
- Establish operating structure
- Define Culture
- Commitment to Core Values
- Attract/retain capable individuals
REVIEW
Assess Substantial Change
Review Risk/Performance
Pursue Improvement
COSO ERM - GRIPS Have principles dedicated to each.
List Information, Strategy/Objectives, & Performance(PAIID)
INFO
Leverage Info Systems
Communicate Risk Info
Report Risk/Performance
PERFORMANCE (PAIID) Identify risk Assess risk Prioritize risk Implemnet Risk Response Develop Portfolio View
STRATEGY Analyze Biz context Define Risk Appetite Evaluate Alt. Strategies Formulate(create) Biz Objectives
_____ is the process used by organizations to manage risk and seize opportunities to achieve the goals of the organization. It provides a framework for risk management, determines response strategy, and monitors the progress
Enterprise risk management (ERM
ompany management, including the risk officer and financial executives, are responsible for establishing the ____ and implementing ____procedures
internal control system, monitoring
The COSO ERM (Enterprise Risk Management) framework is designed to help an entity’s management achieve its objectives, grouped into four overlapping categories: (ROCS)
Reporting - reliable reporting
Operations - resources used effectively
Compliance -Compliance w/ laws/reg
Strategic - High lvl goals support entity’s mission
OBJECTIVE OF COSO ERM
The COSO ERM (Enterprise Risk Management) framework is designed to help an entity’s management achieve its objectives, grouped into four overlapping categories: (ROCS). Define Them
Reporting
Operations
Compliance
Strategic
Reporting - reliable reporting
Operations - resources used effectively
Compliance -Compliance w/ laws/reg
Strategic - High lvl goals support entity’s mission
According to COSO, which of the following identifies the group directly responsible for the implementation and development of the enterprise risk management framework?
Management
The return on an individual stock, or a portfolio of stocks, should equal its ___
cost of capital.
You want to have it equal at least the cost of what you put in. You dont want anything less b/c you’ll be negative
____ is the cornerstone for developing an investment portfolio.
___ is the core beliefs of the investor that may be used to devise an investment strategy.
Investment Philosophy
____involves deciding which assets to include in the portfolio given the goals of the investor and the changing economic conditions within which the portfolio is being managed.
Portfolio management
According to COSO, the position or internal entity that is best suited, as part of the enterprise risk management process, to devise and execute risk procedures for a particular department is the internal auditor.
False - it should be a manager within the department
“A manager with the department” is the correct answer choice because a manager within the department has the most detailed knowledge of risks in that department.
Enterprise risk management (ERM) components help the entity achieve its objectives. These interrelated components need to be both present and functioning effectively (i.e., no material weaknesses) in order to have an effective ERM system. ERM consists of eight components.
For Risk Response, What are the 4 principles
Risk Avoidance
Risk Reduction
Risk Sharing
Risk Acceptance
What are the definitons
Risk Avoidance
Risk Reduction
Risk Sharing
Risk Acceptance
Risk Avoidance - not to engage
Risk Reduction - mitigating control to offset risk
Risk Sharing - share risk w/ another org. Can create a Joint Venture this way
Risk Acceptance - assume all risk b/c its acceptable
Each of the following is a limitation of enterprise risk management (ERM), except: T/F
ERM deals with risk, which relates to the future and is inherently uncertain.
ERM operates at different levels with respect to different objectives.
ERM can provide absolute assurance with respect to objective categories.
ERM is as effective as the people responsible for its functioning.
True
True
False - Reasonable Assurance, not absolute
True
Executive Officers are agents of the corporation and have a fiduciary responsibilities similar to those of the board. T/F
President of company is usually known as the ___
True
CEO
The Sarbanes-Oxley Act of 2002, Section 302, requires that CEOs and CFOs of a corporation include certifications that:
Signing Officers ___ the reports
Signing officers are evaluating the internal controls within ___ days and reporting their findings
all __in internal controls are being reported.
negative impacts on internal controls are being reported and corrected. T/F
Stating the financials do not contain untrue statements or material misstatements.
the financial statements present fairly the financial condition of the company.
review 90 days deficiencies True True True
For the Sarbanes Oxley act of 2002,
The officers are permitted to reincorporate the activities of a company to attempt to avoid these requirements. T/F
They are also not permitted to move the activities outside of the United States to attempt to avoid these requirements. T/F
Senior staff is responsible for the specific internal control functions employed in the various areas. T/F
Without properly implemented internal controls, members of management have the ability to __ necessary controls, enabling potential dishonest dealings or recording of transactions.
False - They are NOT permitted
True
True
override
Who is required to make special certification statements regarding the establishment of internal control systems on Form 10-K?
Both the principal executive officer and the principal financial officer