SU2: Fraud and Risk Flashcards
List the four primary controls
Prventivve, detective, corrective, directive
List secondary controls
compensatory (mitigative), complementary
Preventive Controls
Deter the occurrence of unwanted events
Detective controls
Alert the proper people after an unwanted event
Corrective
Correct the negative effects of unwanted events
Directive
Cause or encourage the occurance of a desirable event
ERM is defined as
The culture, capabilities, and practices, integrated with strategy-setting and performance, that organizations rely on to manage risk in creating, preserving, and realizing value.
ERM Roles and Responsibilities
Audit committee, a risk committee, an executive compensation committee and a nomination or governance committee
Three lines of management risk accountability
principal owners of risk, business enabling functions (risk officer), assurance (internal audit)
Risk oversight is most effective when it is…
Independent of the organization
Five interrelated components of the COSO framework
Governance and Culture, Strategy and Objective Setting, Performance, Review and Revision, Information/Communication and Reporting
What are the two supporting aspect components of the COSO ERM Framework
Governance and Culture, Information Communication and Reporting
What are the three common process components of the COSO ERM framework
Performance, Review and Revision, Strategy and Objective Setting
Risk response categories
AARPS (acceptance, avoidance, avoidance, reduction, pursuite, sharing)
Management considers risk appetite for all of the following reasons
Aligning with development of strategy.
Aligning with business objectives.
Prioritizing risks.
Implementing risk responses