Study Unit 5.1: ERM Introduction and understanding the terms

Question 1

When was COSO formed?

Answer 1

Originally formed in 1985

Question 2

What is COSO?

Answer 2

Is a joint initiative of five private sector organizations
Is a generic ERM framework for entities of all sizes

Question 3

What is the purpose of COSO?

Answer 3

Provide guidance on:
Enterprise risk management (ERM)
Internal control
Fraud prevention

Question 4

What is COSO’s fundamental principle?

Answer 4

Good risk management are necessary for long term success

Question 5

Why update the 2004 COSO publication in 2017?

Answer 5

The risk landscape has evolved dramatically - organizations need to be more adaptive to changes

Stakeholders more engaged, seeking greater transparency and accountability

Bar is raised with respect to ERM

Question 6

What is the underlying premise of ERM?

Answer 6

every entity, whether for-profit, not-for-profit or a governmental body, exists to provide value for its stakeholders

Question 7

What does ERM do for an entity?

Answer 7

All entities face uncertainty and ERM provides a framework for management to effectively deal with uncertainty, associated risk (in the pursuit of value) and opportunity.

ERM helps an entity to enhance its capacity to create, preserve and realize value

Question 8

What does ERM affect?

Answer 8

VALUE

Question 9

What is VALUE?

Answer 9

Value is (1) created, (2) preserved, (3) eroded or (4) realized by management decisions in overall decisions, from strategy setting to operating the enterprise day-to-day

Question 10

Definition: Value creation

Answer 10

When the benefits derived from resources deployed exceed the cost of those resources used. Resources include people, financial capital, technology, processes, and brand.

Question 11

Example: Value creation

Answer 11

A new product is successfully designed and launched and its profit margin is positive

Question 12

Define: Value preservation

Answer 12

Focusing on resources (people, processes and systems used in day-to-day operations) to create sustained value

Question 13

Example: Value preservation

Answer 13

The delivery of superior products, services and production capacity, which results in loyal and satisfied customers and stakeholders

Question 14

Define: Value Erosion

Answer 14

Management implements a strategy not yielding expected outcomes. Thus, a poor strategy or fails to execute day-to-day activities

Question 15

Example: Value erosion

Answer 15

Extensive resources are consumed to develop a new product that is consequently abandoned

Question 16

Define: Value Realization (Achieved)

Answer 16

When stakeholders receive benefits (monetary or non-monetary) created by the entity.

Question 17

Why is ERM important to apply?

Answer 17

Achieve an entity’s performance and profitability targets
To avoid negative surprises (loss) of resources
Ensure effective reporting
Gain competitive advantage
Create value and stakeholder confidence

Question 18

What is ERM linked to?

Answer 18

Governance
Performance management
Internal control

Question 19

Define: Enterprise Risk Management (ERM)

Answer 19

The culture, capabilities, and practices, integrated with strategy-setting and performance, that organizations rely on to manage risk in creating, preserving, and realizing value

Question 20

In depth into ERM definition: “Recognizing Culture”

Answer 20

Each person has a unique point of reference, which influences how he/she put ERM practices in place

ERM helps people to understand that culture plays an important role in shaping their decisions

Question 21

In depth into ERM definition: “Developing Capabilities”

Answer 21

An organization that has the capacity to adapt to change is more resilient and better able to evolve in the face of marketplace and resource constraints and opportunities

ERM adds to the skills needed to carry out the entity’s mission and vision and to anticipate the challenges that may hinder organizational success.

Question 22

In depth into ERM definition: “:Applying Practices”

Answer 22

ERM is continually applied to the entire scope of activities. It is part of management decisions at all levels of the entity

The practices used in ERM are applied from the highest levels of an entity and flow down through divisions, business units, and functions

Question 23

In depth into ERM definition: “Integrating with Strategy-Setting and Performance”

Answer 23

An organization sets strategy that aligns with and supports its mission and vision

An organization that integrates ERM into daily tasks is more likely to have lower costs and is likely to identify new opportunities

Question 24

In depth into ERM definition: “Managing Risk to Strategy and Business Objectives”

Answer 24

ERM is fundamental to achieving strategy and business objectives

ERM practices provide management and the board of directors with a rea­sonable expectation that they can achieve the overall strategy and business objectives of the entity

Question 25

In depth into ERM definition: “Linking to Value”

Answer 25

An organization must manage risk to strategy and business objectives in relation to its risk appe­tite

Risk appetite is not static; it may change between products or business units and over time

Managing risk within risk appetite enhances an organization’s ability to create, preserve, and realize value

Question 26

Benefits of ERM: Shareholders benefits

Answer 26

Increasing the range of opportunities

Identify & manage risk entity-wide

Enhancing enterprise resilience

Increasing positive outcomes while reducing negative surprises

Reducing performance variability

Improving resource development

Question 27

Why is ERM not a function or department?

Answer 27

It does not operate in isolation in an entity

It is the culture, capabilities and practices integrated and applied with strategy- setting

Question 28

Why is ERM more than risk listing?

Answer 28

Is includes practices that management applies to actively manage risk

Question 29

Is ERM a checklist?

Answer 29

No, It is a ongoing/continuous system/process of monitoring, learning and improving performance. It’s a facilitator to a goal, not an end or goal itself

Question 30

Can ERM be applied by any organization?

Answer 30

ERM can be used from small businesses, to government agencies, etc. as long the organization has a mission, strategy and objectives

Question 31

What is COSO framework for ERM consist of?

Answer 31

It consists of five interrelated components:

1. Governance and Culture
2. Strategy and Objective-Setting
3. Performance
4. Review and Revise
5. Information, Communication and Reporting

Question 32

List the principles: Governance and Culture

Answer 32

Exercises board risk oversight
Establishes operating structures
Defines desired culture
Demonstrates commitment to core values

Question 33

List the principles: Strategy and Objective-Setting

Answer 33

Analyses business context
Defines risk appetite
Evaluates alternative strategies
Formulates business objectives

Question 34

List the principles: Performance

Answer 34

Identifies risk
Assesses severity of risk
Priorities risks
Implements risk responses

Question 35

List the principles: Review and Revision

Answer 35

Assesses substantial change
Review risk and performance
Pursues improvement in ERM

Question 36

List the principles: Information, Communication and Reporting

Answer 36

Leverages information and technology
Communicates risk information
Reports on risk, culture and performance

Question 37

What alternative framework is there to COSO?

Answer 37

ISO 31000

Question 38

What is ISO?

Answer 38

ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies

Question 39

What are the principals of ISO?

Answer 39

Continual improvement
Integrated
Structured and comprehension
Customized
Inclusive
Dynamic
Best available information
Human and cultural factors

Question 40

Why implement ISO when my business is already adhering to COSO standards?

Answer 40

Increased international recognition for risk management
Enhanced alignment with other management systems
Is more practical and easier to understand