Lesson 10

Question 1

1.1 Explain why culture is an integral component of the enterprise risk management framework

Answer 1

Culture reflects an entity’s ethics, values, belief, attitudes, desired behaviours and understanding of risk.

ERM helps people understand risk and a risk aware culture stresses the importance of managing risk and encourages transparent and timely flow of risk information

Question 2

1.2 Explain the significance of the board’s role in ERM

Answer 2

The board has the responsibility for risk oversight and in many countries has a fiduciary responsibility to its stakeholders including conducting reviews of the ERM practices

Question 3

1.2 Explain the significance of board member independence in ERM

Answer 3

Independence allows directors to be objective and evaluate the performance and well being of the entity without any conflict of interest or undue influence of interested parties.

The board should serve as a check and balance

Question 4

1.3 Provide 7 examples of things that may impede a board member’s independence

Answer 4

Independence may be impeded if a board member:

1) Holds a substantial financial interest in the entity

2) Is currently or has recently ben employed in an executive role by the entity

3) Has recently advised the board of directors of the entity in a material way

4) Has a material business relationship with the entity (supplier/customer)

5) Has donated a significant financial amount to the entity

6) Has business or personal relationships with key stakeholders within the entity

7) Sits as a board member of other entities that represent potential conflicts of interest

Question 5

1.4 Explain how the concept of suitability of enterprise risk management influences an entity’s decision about its risk management approach

Answer 5

Suitability of ERM refers to an entity’s ability to manage risk to an acceptable amount.

The ERM capability needed for a given entity is influenced by the complexity of the entity which in turn influences its needs and the benefits it wants or expects from ERM

Question 6

2.1 Explain how an entity’s choice of governance and operating model influences its risk management practies

Answer 6

Risk governance sets the tone, reinforcing ERM and establishing oversight responsibilities.

Different operating models may result in different perspectives of a risk profile.

For example assessing risk within a decentralized model may indicate few risks whereas a centralized model may indicate a concentration of risk - perhaps relating to a certain customer type, foreign exchange or tax exposure

Question 7

2.2 Outline factors that influence an entity’s choice of operating model (6)

Answer 7

1) The entity’s strategy and business objectives

2) Nature, size and geographic distribution of the entity’s business

3) Risks related to the entity’s strategy and business objectives

4) Assignment of authority, accountability, and responsibility in all levels of the entity

5) Type of reporting lines (direct/solid line vs secondary reporting) and communication channels

6) Financial, tax, regulatory and other reporting requirements

Question 8

2.3 Outline the role and characteristics of risk management oversight structures and explain how these structures differ by type of entity

Answer 8

Entities may delegate the responsibility to an oversight committee that gathers information on how risk associated with the strategy occurs across the entity.

Entities with complex legal structures may have several committees with some overlapping members. This committee structure should be aligned with the entity’s reporting structure to allow decisions to be made with full awareness of the risks of those decisions

In smaller entities the structure may be less formal with management more involved in day-to-day execution of the ERM strategy

Question 9

3.1 Explain the role of culture in risk aware decision making

Answer 9

Culture influences how risk is identified, what risks are accepted and how they are managed.

A culture in which people do the right thing at the right time is critical to an entity being able to pursue opportunities and minimize risk in achieving the strategy and business objectives

Question 10

3.2 Explain the concept of culture spectrum and provide an example of how it works in ERM

Answer 10

The culture spectrum goes from Risk averse to risk aggressive. The higher on the spectrum the greater the propensity for and acceptance of the amount of risk necessary to achieve goals

For example a hedge fund is likely a risk aggressive entity.

Question 11

3.3 Outline factors that influence where an entity falls on the culture spectrum (4 internal 3 external)

Answer 11

Internal:
- how EEs interact with one another and managers
- the standards and rules of conduct
- the physical layout of the workplace
- rewards system

External
- regulatory requirements
- expectations of customers
- expectations of investors

Question 12

3.4 Describe strategies for fostering a risk aware culture (7)

Answer 12

1) Maintaining strong leadership

2) Employing a participative management style

3) Enforcing accountability for all actions

4) Embedding risk in decision making

5) Having open and honest discussions about the risks facing the entity

6) Encouraging risk awareness across the entity

Employees should know what the entity stands for and the boundaries in which they can operate.

Question 13

4.1 Define organizational “tone” and “tone in the middle”

Answer 13

Tone is defined by the operating style and personal conduct of both management and the board. Lead by example

Tone in the middle is a view o tone taken in larger entities that from time to time different markets and challenges may put pressure on different levels of the entity resulting in a change in tone

The more tone can remain consistent throughout the entity the more consistent the performance of ERM strategies will be.

Question 14

4.2 Explain the role of standards of conduct in ERM (3 reasons + overall purpose)

Answer 14

3 reasons for establishing a code of conduct are:

1) Establishing what is acceptable and unacceptable
2) Providing guidance for navigating what lies between acceptable and unacceptable
3) Reflecting laws, regulations, standards and other expectations that the entity’s stakeholders may have, such as corporate social responsibility

The purpose of a code of conduct is to communicate the entity’s expectations of ethics and desired behaviours, including behaviours relating to ERM and decision making.

Question 15

4.3 Explain why responding to deviations in standards of conduct is critical to ERM

Answer 15

Appropriate responses ensure that the entity’s culture is not undermined.

Question 16

4.3 List 8 reasons why codes of conduct may not be adhered to

Answer 16

1) Tone at the top doesn’t convey expectations

2) Board does not provide oversight of management’s adherence to standards

3) Middle management and functional managers are not aligned with the entity’s mission, vision, core values, strategy and risk response

4) Risk is an afterthought to strategy setting and business planning

5) Performance targets create incentives to compromise ethical behavior

6) Process for investigating and resolving excessive risk taking is inadequate

7) Intentional or deliberate non-compliance exists

Question 17

4.4 Explain the role of individual accountability in enterprise risk management

Answer 17

Individuals make up the entity and individual accountability is fundamental to ethics and enterprise risk management

Question 18

4.5 Explain how perceptions of communication, transparency and retribution impact ERM

Answer 18

Management is responsible for cultivating open communication and transparency about risk and risk taking. Management should make sure that this this is valued .

Providing a variety of channels for both management and employees to report concerns about potentially inappropriate risk taking, business conduct or behaviour without fear of retribution or intimidation is evidence of open communication and transparency.

Question 19

5.1 Identify measures that provide evidence of enforcement of accountability for enterprise risk management (4)

Answer 19

1) Management and the board of directors are clear on the expectations

2) Management ensures that information on risk flows through the entity - how decisions are made and how risk is considered as part of decisions are communicated

3) Employees are committed to collective business objectives (individual targets and objectives align)

4) Management responds to deviations from standards and behaviours (corrective actions are taken)

Question 20

5.2 Explain how performance incentives and rewards influence ERM

Answer 20

Performance is significantly influenced by the extent to which EEs are held accountable and how they are rewarded.

Incentives should align with the ERM strategy

Question 21

5.3 Describe how pressure affects individuals in an entity

Answer 21

Pressure can motivate individuals to meet expectations or cause them to fear the consequences of not achieving strategy and business objectives

Question 22

5.3 List 7 things that excessive pressure can be associated with

Answer 22

1) Unrealistic performance targets, particularly with short term results

2) Conflicting business objectives of different stakeholders

3) Imbalance between rewards for short term financial performance and those for long term focused stakeholders such as corporate sustainability targets

4) Certain points during the regular cycles of specific tasks

5) Unexpected external factors such as a sudden dip in the economy

6) Change in the business context such as increased market competition or other market competitor action

7) Change in strategy, operating model, acquisition or divestiture activity

Question 23

5.4 Explain how an entity’s compensation structure can influence enterprise risk management

Answer 23

Aligning an employees compensation to the organizational structure can help achieve strategy and business objectives.

If these are not aligned an entity can end up encouraging detrimental behaviour.

Question 24

6.1 Outline HR factors considered by an entity when developing ERM competence

Answer 24

1) Knowledge, skills and experience with ERM

2) Nature and degree of judgement and limitations of authority to be applied to a specific position

3) Costs and benefits of different skill levels and experience

Succession planning should also take place

Question 25

7.1Define judgement and describe how sound judgement enhances board risk

Answer 25

Judgement is the process of reaching a decision or drawing a conclusion when there are a number of possible alternative solutions.

An effective judgement process is logical, flexible, unbiased, objective and consistent.

A sounds judgement process shows where decision makers are vulnerable to predictable traps and appropriately challenges their own judgements and the judgements of those that they oversee.

The challenge for board members is to both effectively challenge the judgements of corporate officers and enhance the quality of their own judgements

Question 26

7.2 Identify the 5 steps of the KPMG professional judgement framework

Answer 26

1) Define the problem and identify the fundamental objectives

2) Consider alternatives

3) Gather and evaluate appropriate amounts and types of information

4) Arrive at an informed conclusion

5) Articulate and document the rationale for the conclusion. This also provides an opportunity to reflect on that rationale

Question 27

7.3 Explain the board’s role in managing the impact of organizational bias on ERM

Answer 27

It isn’t unusual to find evidence of groupthink,

The question is not whether bias exists but how bias within ERM is managed. The board should understand the potential organizational biases and challenge management to overcome them

Question 28

7.4 List 6 common threats to good judgement from the KPMG professional judgement framework

Answer 28

1) Rush to solve

2) Judgement triggers - initiate the necessity for a decision - can cause person to move forward without completing all the steps in the process

3) Overconfidence

4) Confirmation bias - inability to look at all information objectively

5) Anchoring - primarily affects the gathering of information step

6) Availability - this limits alternatives considered

Question 29

7.5 Describe steps that can be taken to mitigate the effects of judgement traps and biases (4)

Answer 29

1) Be aware of possible sources and recognize situations where decision makers might be vulnerable. Pause and ask what and why questions

2) Seek opposing and disconfirming evidence - try to make the opposite case

3) Question expert opinions to mitigate overconfidence

4) encourage opposing points of view

5) consult with others

Question 29

7.5 Describe steps that can be taken to mitigate the effects of judgement traps and biases (4)

Answer 29

1) Be aware of possible sources and recognize situations where decision makers might be vulnerable. Pause and ask what and why questions

2) Seek opposing and disconfirming evidence - try to make the opposite case

3) Question expert opinions to mitigate overconfidence

4) encourage opposing points of view

5) consult with others

Question 30

7.6 What are actions that boards can take to mitigate: overconfidence bias (4)

Answer 30

1) be aware
2)

Question 31

7.6 What are actions that boards can take to mitigate: overconfidence bias (4)

Answer 31

1) be aware

2)Challenge experts’ or advisors’ estimates of potential causes of unexpected outcomes and estimates of unexpected outcomes.

3) Challenge extremely high or low estimates

4) Challenge underlying assumptions

Question 32

7.6 What are actions that boards can take to mitigate: confirmation tendency (3)

Answer 32

1) Be aware

2) Make the opposing case and consider alternatives

3) Seek and consider disconfirming or conflicting information

Question 33

7.6 What are actions that boards can take to mitigate: Anchoring tendency (4)

Answer 33

1) Be aware

2) Make an independent judgement or estimate

3) Consider relevant alternative anchors

4) Solicit input from others

Question 34

7.6 What are actions that boards can take to mitigate: availability tendencies (4)

Answer 34

1) Be aware

2) Consider why something comes to mind (recent events)

3) Make the opposing case

4) Consult with others