click below
click below
Normal Size Small Size show me how
Enterprise Risk Mgmt
BEC
Question | Answer |
---|---|
define ERM | a process effected by an entity's BOD, mgmt & other personnel applied in a strategy setting & across the enterprise, designed to identify potential events that may effect the entity & manage risk to be within risk appetite 7 provide reasonalble assurance |
who established ERM | COSO (Committee of Sponsering Organizations) |
what is ERM designed to do | is designed to identify events (risk & opportunities) & manage risk to fall within risk appetite |
what are the objectives of ERM | has the same objectives of internal controls |
what ERM helps to accoplish | align risk appetite with its strategy, enhances risk response decisions, reduces operational surprises & losses, identifies & manges cross-enterprise risk, provides integrated respoCRIMnsesto multiple risks, helps organization seize opportunities, improve |
what is a key aspect of ERM | identification & management of events that have a negative or positive impact. |
what are risks | events with negative impact; require a response; assessed based on likelihood & impact. |
what are opportunities | events with positive impact that may offset risks |
what are the 8 components of ERM | Internal Environment, Objective Setting, Event Identification, Risk Assessment, Risk Response, Control Activities, Information & Communication, Monitoring \n MNEUMONIC CRIM RISE |
which components of ERM are also part of IC | Internal environment, risk assessment, control activities, information & communication, monitoring. |
define ERM Component-Internal Environment | tone at the top, basis for all other components, reflects entity's risk mgmt philosophy, risk appetite, integrity, ethical values. Effected by HR, etc. includes risk appetite & tolerance. |
define risk appetite | the amount of risk an entity is willing to accept, measured quantitatively or qualitatively. Reflects entity culture & style & connected to their strategy. |
define risk tolerance | the variation entity is willing to accept once they set an objective n\objective-97% customer satisfaction, however willing to accept 94%. |
define ERM component-objective setting | these must be set to align with mission & risk appetite. At the strategic level divided into 3 categories-operation, reporting & compliance which correlate with objectives of IC & ERM. |
define ERM component-event identification | can result from an internal or external event that must be identified & distinguished as either a risk or opportunity; there are techiniques to identify these events |
define event | an incident that occurs or may occur that effects the implementation of entity strategy or achievement of objectives; may be positive or may be negative |
examples of enternal event factors | economic, natural environment,political, social, technological factors |
examples of internal event factors | organizations infrastructure, personnel process, technology |
event identification techniques include | event inventories; internal analysis; escalation or threshold triggers; facilitated workshops/interviews; process flow analysis; leading event indicators; loss event data methologies |
give example of event inventories | developing list of potential events |
give example of internal analysis | analyzing information from other stakeholders-customers, suppliers; ex-considers similar past risk when planning a response for future risk. |
give example of escalation/threshold triggers | pricing problem may be triggered when competitor price sales change by a predetermined amount leading mgmt to assess; dip in cash on hand. |
give example of facilitated workshops/interviews | leading a discussion about what events might effect achievement of objectives; soliciting informations from mgmt & staff |
give example of process flow analysis | breaking down a prcess (cash/receivable process) into input, tasks, responsibilities and outputs to indentify events that may affect the process |
give example of a leading event indicator | monitoring data related to an event to identify if event if likely to occur; ex-avoiding debtor default by intervention, upon a late payment. |
give example of loss event data methology | gathering data of past loss events to identify trends & root causes;use black swan analysis to evaluate negative events that were unlikely or unanticipated;ex-matching workers comp claims against frequency of accidents. |
define ERM component-risk assessment | point in which risk is analyzed to consider likelihood & impact & how it should be managed;both inherent & residual risk should be assessed; probabilistic or non-probabilistic models can be used to quantify. |
define inherent risk | risk to the organization if mgmt does nothing to alter its likelihood or impact. |
define residual risk | risk of event after mgmt considers a risk response. |
what does a probabilistic model do & give example | assumptions made by associating a range of events & resulting impact with likelihood of occurance; ex.value at risk, cash flow at risk, earnings at risk, devel. of credit & operational loss distributions. |
what does a non-probabilistic model do & give examples | subjective assumptions in estimating impact of events w/o quantifying an associated likelihood; ex-sensitivity measures, stress test, scenario analysis. |
define ERM component-risk reponse | mgmt selects a response that is consistent with risk appetite; responses should be assesessed to determine cost/benefit prior to selection; 4 possible responses. |
what are the 4 risk responses | Avoidance-involves exiting the activity that gives rise to the risk; Reduction-involves taking action to reduce likelihood, impact or both; Sharing-involves reducing the likelihood or impact by transferring a portion of the risk; Acceptance-no action take |
define ERM component-Control Activities | policies & procedures that are carried out to ensure that risk responses are effectively carried out. |
define ERM component-Information & Communication | needed at all levels to identify, assess & respond to risk, allows people to carry out their responsibility; should convey the importance of everyones roles in the components of ERM, use common risk language. |
define ERM component-Monitoring | the last component, accomplished by ongoing mgmt activities, evaluations (ex. internal auditors). |
what are the limitations of ERM | effectiveness is subject to human judgement about risk & impact; ERM can break down; collusion can occur; cost-benefit constraints; management can override controls. |
what is the risk management process | Identify risk; Assess Risk; Prioritize; Formulate Risk Response; Monitor Risk Response n\MNEUMONIC-I Ate Pie For Money. |
what is the order of ERM framework | 1.Control Environement, 2.Objective Setting, 3.Event Identification, 4.Risk Assessment, 5.Risk Response, 6.Information & Communication, 7.Control Activities, 8.Monitoring. |