Busy. Please wait.

show password
Forgot Password?

Don't have an account?  Sign up 

Username is available taken
show password


Make sure to remember your password. If you forget it there is no way for StudyStack to send you a reset link. You would need to create a new account.
We do not share your email address with others. It is only used to allow you to reset your password. For details read our Privacy Policy and Terms of Service.

Already a StudyStack user? Log In

Reset Password
Enter the associated with your account, and we'll email you a link to reset your password.
Don't know
remaining cards
To flip the current card, click it or press the Spacebar key.  To move the current card to one of the three colored boxes, click on the box.  You may also press the UP ARROW key to move the card to the "Know" box, the DOWN ARROW key to move the card to the "Don't know" box, or the RIGHT ARROW key to move the card to the Remaining box.  You may also click on the card displayed in any of the three boxes to bring that card back to the center.

Pass complete!

"Know" box contains:
Time elapsed:
restart all cards
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.

  Normal Size     Small Size show me how

Enterprise Risk Mgmt


define ERM a process effected by an entity's BOD, mgmt & other personnel applied in a strategy setting & across the enterprise, designed to identify potential events that may effect the entity & manage risk to be within risk appetite 7 provide reasonalble assurance
who established ERM COSO (Committee of Sponsering Organizations)
what is ERM designed to do is designed to identify events (risk & opportunities) & manage risk to fall within risk appetite
what are the objectives of ERM has the same objectives of internal controls
what ERM helps to accoplish align risk appetite with its strategy, enhances risk response decisions, reduces operational surprises & losses, identifies & manges cross-enterprise risk, provides integrated respoCRIMnsesto multiple risks, helps organization seize opportunities, improve
what is a key aspect of ERM identification & management of events that have a negative or positive impact.
what are risks events with negative impact; require a response; assessed based on likelihood & impact.
what are opportunities events with positive impact that may offset risks
what are the 8 components of ERM Internal Environment, Objective Setting, Event Identification, Risk Assessment, Risk Response, Control Activities, Information & Communication, Monitoring \n MNEUMONIC CRIM RISE
which components of ERM are also part of IC Internal environment, risk assessment, control activities, information & communication, monitoring.
define ERM Component-Internal Environment tone at the top, basis for all other components, reflects entity's risk mgmt philosophy, risk appetite, integrity, ethical values. Effected by HR, etc. includes risk appetite & tolerance.
define risk appetite the amount of risk an entity is willing to accept, measured quantitatively or qualitatively. Reflects entity culture & style & connected to their strategy.
define risk tolerance the variation entity is willing to accept once they set an objective n\objective-97% customer satisfaction, however willing to accept 94%.
define ERM component-objective setting these must be set to align with mission & risk appetite. At the strategic level divided into 3 categories-operation, reporting & compliance which correlate with objectives of IC & ERM.
define ERM component-event identification can result from an internal or external event that must be identified & distinguished as either a risk or opportunity; there are techiniques to identify these events
define event an incident that occurs or may occur that effects the implementation of entity strategy or achievement of objectives; may be positive or may be negative
examples of enternal event factors economic, natural environment,political, social, technological factors
examples of internal event factors organizations infrastructure, personnel process, technology
event identification techniques include event inventories; internal analysis; escalation or threshold triggers; facilitated workshops/interviews; process flow analysis; leading event indicators; loss event data methologies
give example of event inventories developing list of potential events
give example of internal analysis analyzing information from other stakeholders-customers, suppliers; ex-considers similar past risk when planning a response for future risk.
give example of escalation/threshold triggers pricing problem may be triggered when competitor price sales change by a predetermined amount leading mgmt to assess; dip in cash on hand.
give example of facilitated workshops/interviews leading a discussion about what events might effect achievement of objectives; soliciting informations from mgmt & staff
give example of process flow analysis breaking down a prcess (cash/receivable process) into input, tasks, responsibilities and outputs to indentify events that may affect the process
give example of a leading event indicator monitoring data related to an event to identify if event if likely to occur; ex-avoiding debtor default by intervention, upon a late payment.
give example of loss event data methology gathering data of past loss events to identify trends & root causes;use black swan analysis to evaluate negative events that were unlikely or unanticipated;ex-matching workers comp claims against frequency of accidents.
define ERM component-risk assessment point in which risk is analyzed to consider likelihood & impact & how it should be managed;both inherent & residual risk should be assessed; probabilistic or non-probabilistic models can be used to quantify.
define inherent risk risk to the organization if mgmt does nothing to alter its likelihood or impact.
define residual risk risk of event after mgmt considers a risk response.
what does a probabilistic model do & give example assumptions made by associating a range of events & resulting impact with likelihood of occurance; ex.value at risk, cash flow at risk, earnings at risk, devel. of credit & operational loss distributions.
what does a non-probabilistic model do & give examples subjective assumptions in estimating impact of events w/o quantifying an associated likelihood; ex-sensitivity measures, stress test, scenario analysis.
define ERM component-risk reponse mgmt selects a response that is consistent with risk appetite; responses should be assesessed to determine cost/benefit prior to selection; 4 possible responses.
what are the 4 risk responses Avoidance-involves exiting the activity that gives rise to the risk; Reduction-involves taking action to reduce likelihood, impact or both; Sharing-involves reducing the likelihood or impact by transferring a portion of the risk; Acceptance-no action take
define ERM component-Control Activities policies & procedures that are carried out to ensure that risk responses are effectively carried out.
define ERM component-Information & Communication needed at all levels to identify, assess & respond to risk, allows people to carry out their responsibility; should convey the importance of everyones roles in the components of ERM, use common risk language.
define ERM component-Monitoring the last component, accomplished by ongoing mgmt activities, evaluations (ex. internal auditors).
what are the limitations of ERM effectiveness is subject to human judgement about risk & impact; ERM can break down; collusion can occur; cost-benefit constraints; management can override controls.
what is the risk management process Identify risk; Assess Risk; Prioritize; Formulate Risk Response; Monitor Risk Response n\MNEUMONIC-I Ate Pie For Money.
what is the order of ERM framework 1.Control Environement, 2.Objective Setting, 3.Event Identification, 4.Risk Assessment, 5.Risk Response, 6.Information & Communication, 7.Control Activities, 8.Monitoring.
Created by: vasa28