Help
Options
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't Know
Remaining cards (0)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
Enterprise Risk Mgmt
BEC
| Question | Answer |
|---|---|
| define ERM | a process effected by an entity's BOD, mgmt & other personnel applied in a strategy setting & across the enterprise, designed to identify potential events that may effect the entity & manage risk to be within risk appetite 7 provide reasonalble assurance |
| who established ERM | COSO (Committee of Sponsering Organizations) |
| what is ERM designed to do | is designed to identify events (risk & opportunities) & manage risk to fall within risk appetite |
| what are the objectives of ERM | has the same objectives of internal controls |
| what ERM helps to accoplish | align risk appetite with its strategy, enhances risk response decisions, reduces operational surprises & losses, identifies & manges cross-enterprise risk, provides integrated respoCRIMnsesto multiple risks, helps organization seize opportunities, improve |
| what is a key aspect of ERM | identification & management of events that have a negative or positive impact. |
| what are risks | events with negative impact; require a response; assessed based on likelihood & impact. |
| what are opportunities | events with positive impact that may offset risks |
| what are the 8 components of ERM | Internal Environment, Objective Setting, Event Identification, Risk Assessment, Risk Response, Control Activities, Information & Communication, Monitoring \n MNEUMONIC CRIM RISE |
| which components of ERM are also part of IC | Internal environment, risk assessment, control activities, information & communication, monitoring. |
| define ERM Component-Internal Environment | tone at the top, basis for all other components, reflects entity's risk mgmt philosophy, risk appetite, integrity, ethical values. Effected by HR, etc. includes risk appetite & tolerance. |
| define risk appetite | the amount of risk an entity is willing to accept, measured quantitatively or qualitatively. Reflects entity culture & style & connected to their strategy. |
| define risk tolerance | the variation entity is willing to accept once they set an objective n\objective-97% customer satisfaction, however willing to accept 94%. |
| define ERM component-objective setting | these must be set to align with mission & risk appetite. At the strategic level divided into 3 categories-operation, reporting & compliance which correlate with objectives of IC & ERM. |
| define ERM component-event identification | can result from an internal or external event that must be identified & distinguished as either a risk or opportunity; there are techiniques to identify these events |
| define event | an incident that occurs or may occur that effects the implementation of entity strategy or achievement of objectives; may be positive or may be negative |
| examples of enternal event factors | economic, natural environment,political, social, technological factors |
| examples of internal event factors | organizations infrastructure, personnel process, technology |
| event identification techniques include | event inventories; internal analysis; escalation or threshold triggers; facilitated workshops/interviews; process flow analysis; leading event indicators; loss event data methologies |
| give example of event inventories | developing list of potential events |
| give example of internal analysis | analyzing information from other stakeholders-customers, suppliers; ex-considers similar past risk when planning a response for future risk. |
| give example of escalation/threshold triggers | pricing problem may be triggered when competitor price sales change by a predetermined amount leading mgmt to assess; dip in cash on hand. |
| give example of facilitated workshops/interviews | leading a discussion about what events might effect achievement of objectives; soliciting informations from mgmt & staff |
| give example of process flow analysis | breaking down a prcess (cash/receivable process) into input, tasks, responsibilities and outputs to indentify events that may affect the process |
| give example of a leading event indicator | monitoring data related to an event to identify if event if likely to occur; ex-avoiding debtor default by intervention, upon a late payment. |
| give example of loss event data methology | gathering data of past loss events to identify trends & root causes;use black swan analysis to evaluate negative events that were unlikely or unanticipated;ex-matching workers comp claims against frequency of accidents. |
| define ERM component-risk assessment | point in which risk is analyzed to consider likelihood & impact & how it should be managed;both inherent & residual risk should be assessed; probabilistic or non-probabilistic models can be used to quantify. |
| define inherent risk | risk to the organization if mgmt does nothing to alter its likelihood or impact. |
| define residual risk | risk of event after mgmt considers a risk response. |
| what does a probabilistic model do & give example | assumptions made by associating a range of events & resulting impact with likelihood of occurance; ex.value at risk, cash flow at risk, earnings at risk, devel. of credit & operational loss distributions. |
| what does a non-probabilistic model do & give examples | subjective assumptions in estimating impact of events w/o quantifying an associated likelihood; ex-sensitivity measures, stress test, scenario analysis. |
| define ERM component-risk reponse | mgmt selects a response that is consistent with risk appetite; responses should be assesessed to determine cost/benefit prior to selection; 4 possible responses. |
| what are the 4 risk responses | Avoidance-involves exiting the activity that gives rise to the risk; Reduction-involves taking action to reduce likelihood, impact or both; Sharing-involves reducing the likelihood or impact by transferring a portion of the risk; Acceptance-no action take |
| define ERM component-Control Activities | policies & procedures that are carried out to ensure that risk responses are effectively carried out. |
| define ERM component-Information & Communication | needed at all levels to identify, assess & respond to risk, allows people to carry out their responsibility; should convey the importance of everyones roles in the components of ERM, use common risk language. |
| define ERM component-Monitoring | the last component, accomplished by ongoing mgmt activities, evaluations (ex. internal auditors). |
| what are the limitations of ERM | effectiveness is subject to human judgement about risk & impact; ERM can break down; collusion can occur; cost-benefit constraints; management can override controls. |
| what is the risk management process | Identify risk; Assess Risk; Prioritize; Formulate Risk Response; Monitor Risk Response n\MNEUMONIC-I Ate Pie For Money. |
| what is the order of ERM framework | 1.Control Environement, 2.Objective Setting, 3.Event Identification, 4.Risk Assessment, 5.Risk Response, 6.Information & Communication, 7.Control Activities, 8.Monitoring. |
Created by:
vasa28
Popular Accounting sets