Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

cracker jackers > 12 - Systems of risk management and internal control > Flashcards

12 - Systems of risk management and internal control Flashcards

1
Q

8 responsibilities of the CoSec re. internal management and internal control

A
  • Develop strategic objectives
  • Identify principal risks (to strategic objectives)
  • Carry out ‘robust’ assessment of principal risks
  • Explain how risks are being managed/mitigated
  • Monitor risk man. and int. control systems
  • Review effectiveness of systems at least annually
  • Assess future viability of company re current position and principal risks
  • Report on above in annual report
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is FRC’s additional guidance on risk man. and int. control called?

A

Guidance on Risk Management, Internal Control and Related Financial and Business Reporting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Define risk

A

The possibility that something unexpected or not planned for will happen

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the two types of risk an organisation should plan for?

A
  • Downside risk
  • Upside/opportunity risk
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

3 examples of downside risk

A
  • Fires
  • Earthquakes
  • IT breakdowns
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

2 examples of upside risk

A
  • Sales volumes being higher than expected
  • Investment decision yielding better than expected results
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

4 categories within ‘business risk’

A
  • Reputational
  • Competition
  • Business environment
  • Liquidity
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Governance risk relates to risks associated with: (4)

A
  • Structure
  • Processes
  • Information
  • People and culture
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Internal controls can be classified into which 3 main types?

A
  • Preventative controls
  • Detective controls
  • Corrective controls
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Who is ultimately responsible for managing risk?

A

The Board

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are the 4 categories of risk?

A
  • Financial
  • Organisational
  • Compliance
  • Strategic
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

3 examples of financial risks

A
  • Risk of errors or fraud in accounting systems
  • Liquidity risk
  • Credit risk
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

3 examples of operational risks

A
  • Theft of information from the org
  • Inefficient or ineffective use of resources
  • Errors and omissions by staff
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is a compliance risk?

A

Non-compliance with important laws or regulations, leaded to legal action and/or fines

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

3 examples of strategic risks

A
  • Political risks
  • Environmental risks
  • Stakeholder risks
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

4 methods of identifying risks

A
  • Mind mapping
  • Process mapping
  • Stress testing
  • Use of internally generated documents
17
Q

3 examples of internally generated documents to identify risks

A
  • Business impact studies
  • Market research reports
  • Expert reports (such as on H&S)
18
Q

What is process mapping as a method to identify risks?

A

Involves mapping every process within an org to identify interdependent, critical and vulnerable functions and activities within org

19
Q

What is stress testing as a method to identify risks?

A

Orgs assess their ability to withstand extreme ‘shocks’ or unexpected events in business environment within which they operate

20
Q

What should organisation consider to determine wither a risk is a principal risk?

A
  • Likelihood or probability of occurrence
  • Potential size and impact of the occurrence
21
Q

Define risk appetite

A

The level of risk an org is willing to take in the pursuit of its objectives

22
Q

Define risk tolerance

A

The amount of risk in org is prepared to accept in order to achieve its financial objectives
* Quantitative measure *

23
Q

4 main response to risks, once they have been identified

A
  • Avoidance
  • Reduction
  • Transfer
  • Acceptance
  • note these could all be used in response to same risk *
24
Q

What is meant by reduction as a response to risk?

A

Reducing the negative impact of the risk

25
Q

What is meant by avoidance as a response to risk?

A

Reduces likelihood of risk occurring - usually by shutting down or selling part of business causing the risk

26
Q

What is meant by transfer as a response to risk?

A

Transfer the risk to somewhere else - eg. insurance or outsourcing

27
Q

What is meant by acceptance as a response to risk?

A

No action is taken as it is deemed to be insignificant or uncontrollable

28
Q

3 considerations of board when determining response to risk

A
  • The ‘exposure’ (ranking) of the risk
  • Any negative consequences to the response(s)
  • Whether they are responding to the original risk or responding to the response (leads to ineffective use of resources and creation of new risks)
29
Q

How does risk management benefit operational performance? (3)

A
  • Increases likelihood of achieving business objectives
  • Provides platform for regulatory compliance
  • Facilitates monitoring and mitigation or risk in key projects and initiatives
30
Q

How does risk management benefit financial performance? (2)

A
  • Contributes to better credit rating/reduces insurance premium
  • Builds investor, stakeholder and regulator confidence
31
Q

How does risk management benefit decision making? (2)

A
  • Facilitates assurance and transparency of risks at board level
  • Enables decisions to be made in light of impact of risks and in consideration of risk appetite and tolerance
32
Q

How to ensure board can effectively carry out responsibilities in relation to risk?

A

Ensure board members have an understanding of risk and risk management through training

33
Q

9 common failures of boards re. risk

A

Failure:
- To take responsibility at board level
- To see importance of risk to org as a whole
- To capture major risks
- To consider integrated nature of risk
- To put in place appropriate control or other mitigants for risk
- To manage reputational risk
- To map out who has responsibility for what, at each level of org
- To consider, decide or articulate risk appetite
- To obtain and share timely and good quality info

34
Q

What is meant by failure to consider integrated nature of risk?

A

Board may split risk into silos (eg. legal risks dealt with by legal department), in doing so failing to understanding how a risk would affect the org as a whole

35
Q

2 main frameworks of risk management accepted globally

A
  • UK system
  • US COCO frameworks
36
Q

Risk management - Main difference between UK system and US COSO framework

A

UK integrates risk management and internal control systems whereas COSO framework deals with them separately

cracker jackers (18 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions