Strategy and Governance - Enterprise Risk Management Flashcards

1
Q

What is enterprise risk management

A
  • It is the process that is designed to manage tradeoffs between potential opportunities and their adverse effect
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the six risk management processes and the external factors?

A
  1. Identification
  2. Assessing
  3. Risk Response
  4. Internal Control activities
  5. Information and Communication
  6. Monitoring

External factors
1. Economic
2. Material environment
3. Political
4. Social
5. Technological

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the four types of risks

A
  1. Strategic risk - Risk associated with ineffective strategic decision
  2. Compliance risk - risk resulting from failure to comply with law and regulation
  3. Operational risk - risk resulting from ineffective operations, practice, and allocation of resources
  4. Reporting risk - risk with misleading or inaccurate information being reported
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

How is assessment helpful technique to ERM

A
  1. Benchmarking - external comparison to industry
  2. Probabilistic model - surveying results of # of variables to study
  3. Sensitivity model - survey resulting in # of variables to study
  4. Scenario analysis - What if analysis?
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are the four responses to risk

A

Avoidance - The company doesn’t take on any risk and forfeits the potential benefit
Reduction - The company takes on risks, and tries to reduce the total exposure to risk
Transferring - The company accepts risks but does not bear risks and its own transfer risk to other parties
Acceptance - Takes on risk and accepts potential consequences, company evaluates potential benefit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

The four contingency, planning for risk response are

A
  1. Identifying the risk-critical processes and strategies of the business should be reviewed
  2. Prioritize risk - The likelihood and impact of each risk should be assessed to help identify top risk
  3. Develop risk - Should be developed for top risks that have been identified
  4. Maintain the plan - the plan should be reviewed and updated periodically so that it remains relevant
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Explain what internal control activities are and provide the risk reduction calculation

A

For internal activities - these are policies and procedures that help ensure risk responses are carried out and are most often associated with risk reduction strategies

Inherent risk + Control activities = Residual risk
Three control activity examples
1. Managerial review of information
2. Segregation of duties to ensure no single individual initiatives, authorizes processes transaction
3. Physical control that are design to safeguard assets including information technology

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the fifth ERM process and sixth

A

It is information and communication, it is important because employees, management, and directors need to be informed of risk factors. It can be qualitative or quantitative

Sixth - Monitoring can be done in two ways
1. The risk management process can be separately reviewed. Can be done by internal audit function
2. Self-evaluation - mechanism built into them. Self- assessment checklist.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly