Unit 3 - COSO Enterprise Risk Mgt. Framework

Question 1

Risk appetite is the type of risk and amount a company is willing to take in pursuit of value. Things to be considered in risk appetite are the following:

Answer 1

Aligning with development of strategy.
Aligning with business objectives.
Prioritizing risks.
Implementing risk responses.

Question 2

What are the 5 components of the ERM framework and their aspect?

Answer 2

Supporting Aspect:
1 - Governance & Culture
2 - Information, Communication & Reporting
Common Process Aspect Component:
3 - Strategy & Objective-setting
4 - Performance
5 - Review & Revision

Question 3

COSO ERM framework has 8 step approach for the implementation of an effective ERM program

Answer 3

Step 1: Seek board and senior management involvement and oversight
Step 2: Identify and position a leader to drive the ERM initiative
Step 3: Establish a management working group
Step 4: Inventory the existing risk management practices of the organization
Step 5: Conduct an initial assessment of key strategies and related strategic risks.
Step 6: Develop a consolidated action plan and communicate to board and management
Step 7: Develop and/or enhance risk reporting
Step 8: Develop the next phase of action plans and ongoing communications

Question 4

Cyber risk management team is

Answer 4

1 - Led by Chief Information Executives
2 - Responsible to report to BOD
3 - Composed of managers from different depts.

Note: Team is responsible for managing cyber risk at the ENTITY LEVEL…. and NOT… at all LEVELS OF THE ENTITY. Dept. level cyber risks are managed by dept. managers.