CH 3 Flashcards
(220 cards)
1
Q
What are board of directors
A
This a small group of people who accept certain roles and responsibilities in line with corporate legislation
2
Q
Why does board of directors exist
A
It exists to watch over an organisation and give it overall direction, they must act in a lawful manner to further interests of shareholders
3
Q
What does board of directors do
A
It sets clear objectives for executive management and arranges necessary funds and facilities
4
Q
The companies Act 2006 requires directors to have regards amongst other to
A
- long term consequences of their decisions
- interest of the company’s employees
-need to foster the company’s b’ness relationships with suppliers/customers and others
-impact of the company’s operation on the community and environment
-desirability of maintaining a reputation for high standards of b’ness conduct
-need to act fairly between members of the company
5
Q
The UK corporate Governance Code charges directors with
A
-reporting to shareholders on their stewardship
-supervising management of the business
-setting the company’s strategic aims and providing leadership to put them into effect
6
Q
The UK Corporate Governance Code is based on
A
It’s based on principle of accountability, transparency, probity, and focus on the sustainable success of an entity over the longer term
7
Q
in the The UK Corporate Governance Code ,under accountability
A
- the board is responsible for determining the nature and extent of significant risks it’s willing to take in achieving it’s corporate objectives
-the board should maintain sound risk management and internal control systems
8
Q
Most board of directors have 5 responsibilities which are
A
-Regulations of the executive to ensure they uphold shareholders interest and laws governing conduct of b’ness
-Approving the report and accounts, annual budget, strategy and other important plans
-Selecting, appraising and rewarding CEO and ensuring succession planning is actively addressed
-Supervision of the process of risk management and ensuring necessary actions are adopted to mitigate against those risks
-Ensuring that company integrity and principles are upheld on critical matters
9
Q
When does a board delegate some of its responsibilities
A
They do so after considering ownership ,objectives ,organisation structure, personnel and the interest to other stakeholders
10
Q
What’s a common approach within which different board go about supervising risk management
A
They appoint a risk subcommittee
11
Q
How does a board select members of the risk subcommittee
A
Board will carefully select individuals with appropriate risk backgrounds from executive and its own members to constitute the risk subcommittee, they may also have additional members from outside the board and the executive.
12
Q
What does the board delegate to the risk subcommittee
A
It will delegate its risk assessment and risk management supervision responsibilities
13
Q
What is the responsibility of the risk subcommittee
A
They are under pressure from the board to demonstrate that risk controls are implemented and effective. they command full board attention when it has issues to resolve
14
Q
With whose authority does the risk subcommittee act with
A
They act with board authority, setting policies and making risks decisions as required. They are required to seek full board approval for policies and decisions that affect the organisation in a major way
15
Q
The remit for a board risk subcommittee will include
A
This will include compliance with appropriate legislation and regulation relating risk management functions of corporate governances
16
Q
What is the risk subcommittee responsible for implementing
A
-Risk Policies
-Setting up and monitoring systems to identify and asses risks
-specifying risks apetite
-reporting on risk management for the report and account
17
Q
What is the risk subcommittee responsible for reporting
A
it will report on
-current risk issues
-profiles
-investigate and advise on risks associated with proposed new ventures
18
Q
What can the risk subcommittee technically submit
A
It can only submit recommendations for approval, they will proceed with general board authority on everything except the very largest and important issues and will submit summary reports of its activities for discussions at full board meetings. The full board then votes to accept the report
19
Q
what is the first and most important task of a risk subcommittee
A
To publish and maintain the overall risk management philosophy of the organisation
20
Q
What does the risk management philosophy prepared by risk subcommittee set out
A
it will set out the organization’s commitment to risk assessment and management, and what it expects to achieve by risk management
21
Q
the risk management philosophy prepared by risk subcommittee identifies
A
It identifies major threats to the organisation as seen by the board and strategy for dealing with the threats
22
Q
the risk management philosophy prepared by risk subcommittee outlines
A
It outlines the management structure and control by which it means to supervise risk management activities
23
Q
What is the purpose of the risk management philosophy
A
To provide a consistent framework for ongoing risk work and convince stakeholders that risk is being effectively managed
24
Q
For an organisation subject to regulatory regime what is the risk management philosophy
A
This is a key document to fulfil the requirement to demonstrate proper corporate governance
25
What is corporate governance
This is the way the board sets up an organisation to achieve its objectives together with the systems it puts in place to manage and control that organisation
26
What follows with a strong corporate governance arrangement
the board will have good timely information on all aspects of the organisation and be in full control of its operations
27
What are some common corporate governance codes of practices
- companies should respect shareholders rights and help them to exercise these rights
-Companies should recognize they may have obligations to other stakeholders
-The board needs the skills and understanding to review and challenge management performance
-Companies should have a code of conduct for their directors and managers that promotes ethical and responsible decision making
-Companies should make public the roles and responsibility of the board and management to provide shareholders with a level of accountability
-Companies should have procedures to independently verify their financial reporting
28
In UK and US codes of corporate governance focuses on
It focuses more on the interest of shareholders
29
In Japan and continental Europe S codes of corporate governance focuses on
They give more emphasis on interest of other stakeholders
30
What are the main standards of codes of practice for corporate governance
UK corporate Governance Code
Sarbanes- Oxley Act 2000(USA)
31
What does the UK corporate Governance code provide
it provides a code of best practice for companies listed on the London Stock exchange
32
Who oversees the UK corporate Governance code
The Financial Reporting Council (FRC ), this code is reviewed every two years with minor adjustments
33
Why has the 2018 UK corporate Governance code been re written
its substantially rewritten to improve readability and sharpen its focus. It's principle based making it more flexible than the US one
34
Initially the UK corporate Governance code was voluntary however what did the FCA implement
The FCA listing rules the UK financial regulator requires public listed companies in all industries to disclose in their annual report and accounts how they have complied with the code or explain how they have not complied with its recommended practices
35
What are the recommended practices listed in the UK corporate Governance code and in more detailed guidance on board effectives which it accompanies, include
-board to provide leadership, define purpose, values, strategy and make resources available
-board to consider the views of all stakeholders both shareholders and workforce
-independent non executive directors to be identifies and form at least half the board
-a separation of the roles of chair and ceo
-annual evaluation of the board including composition/diversity/performance, with an effective succession plan in place
-remuneration policies should be transparent/fair and aligned with long-term objectives
36
What are particularly important recommended practices on
On competence, risk management and internal control
37
Recommended practices on competence, risk management and internal control specify that boards of listed companies should
-be individually and jointly competent, and possess the relevant skills and knowledge to perform their roles effectively
-conduct a regular, thorough review of risks to which the company is exposed including frequency and severity
-specify the company's risk apetite
-agree and implement board policies on risk and control
-establish prudent and effective internal controls
-review the effectiveness of the company's system of internal control and risk management and formally resort these at least annually
38
What does the The July 2018 UK Corporate Governance Code aim to promote
It aims to promote transparency and integrity in business for society as a whole and requiring the board to interact with all stakeholders particularly workforce
39
What does the The July 2018 UK Corporate Governance Code aim to strengthen
It aims to strengthen the confidence in the way UK businesses are run and promote the UK as a good place to work, invest and do business.
40
What has the new code doen to alleviate current concerns
The code tightens recommendation on board succession and diversity and sets out principles for remuneration awards
41
Strict compliance with corporate mandator is mandator under listing rules for
Public companies only
42
Other legislation and guidance requires all large public and private companies to
They require large public and private companies to inclide certain information in their annual reports and on their websites
-They also require including a statement disclosing their corporate governance principles for large private companies
43
The Sarbanes- Oxley Act 2002 was named after
Senator P Sarbanes and Representative M. Oxley, a.k.a SOX
44
What did The Sarbanes- Oxley Act 2002 establish
It established enhanced standards for all US public companies listed by the US financial regulator i.e US Securities and Exchange Commissions(SEC) and the accountancy firm that audit them
45
Why was the The Sarbanes- Oxley Act 2002 bought in
It was bought in to clean up a stock market that had shaken by the internet bubble together with succession of scandals involving major corporations, auditors and securities analysis
46
How are the rules under the US The Sarbanes- Oxley Act 2002
It's rules-based and has much stricter enforcement that the UK Corporate governance code, it carries heavy fines and long term imprisonment for those who fail to comply with its requirement
47
What are the eleven sections or titles of the SOX
-1 Public company accounting oversight board
-2 Auditor independence
-3 Corporate responsibility
-4 Enhanced financial disclosures
-5 Analyst conflict of interest
-6 Commission resources and authority
-7 Studies and reports
-8 Corporate and criminal fraud accountability
-9White collar crime penalty enhancements
-10 corporate tax returns
-11 corporate fraud and accountability
48
What is the public company accounting oversight board
This is a quasi public agency, established to provide independent regulation of auditors, defining the procedures for compliance audits and enforcing the specific mandates of SOX
49
How are standard for external auditors independence set under Title II
Under this title standards for auditor independence are set, including forbidding them to undertake consultancy work on audited clients
50
What does Title III of the corporate responsibility entail
This mandates that senior executives take individual responsibility for the accuracy of financial reports and the penalties for non compliance
51
What does Title IV- Enhanced financial disclosures
Deals with enhanced reporting requirements for financial transactions i.e off balance sheet transaction and stock transaction of senior management
52
What does Title V analyst conflict of interest entail
Code of conduct is set for security analyst including disclosures of conflict of interest
53
What does Title VI commission resources and authority entail
Defines the authority of the SEC, to censure or ban securities professionals from practicing as a broker, adviser or dealer
54
What does Title VII studies and reports entail
Describes how investigations are to be conducted for enforcing violations of the ACT by public companies or auditors
55
What does Title VIII Corporate and criminal fraud accountability entail
It sets criminal penalties for fraud by manipulation, destruction or alteration of financial records and provides protection for whistle blowers
55
What does Title VIII Corporate and criminal fraud accountability entail
It sets criminal penalties for fraud by manipulation, destruction or alteration of financial records and provides protection for whistle blowers
55
What does Title VIII Corporate and criminal fraud accountability entail
It sets criminal penalties for fraud by manipulation, destruction or alteration of financial records and provides protection for whistle blowers
56
According to the title IX what has happened to white collar crimes penalties
The criminal penalties and conspiracies has increased
57
Under Title X, who should sign corporate tax returns
The CEO
58
What does title XI of corporate fraud and accountability entail
Corporate fraud and tampering with records are identified as criminal offences.
59
What is the SEC empowered to do in regards to corporate fraud
They can temporarily freeze large or unusual payments
60
What does the SOX put more emphasis on than the UK's corporate governance code
Less emphasis is put on risk managmemnt and way more on ensuring the validity of financial reports to the shareholders
61
What is one of the negative drawbacks of the SOX
The compliance has proved costly to implement and also the Act deters smaller organisation from contemplating listing on they New York Stock Exchange
62
Section 404 of the SOX is often singled out for analysis, why is that so
This is because the section requires that publicly traded corporations use a formal risk control framework and that management and the external auditor report on the adequacy of internal control on financial reporting
63
When an organisation fails, how are investigations focused
Investigations are more focused on whether or not expected standards were upheld
64
When an organisation fails what are lawyers focused on
They have a benchmark against which to pursue claims/damages for mismanagement and subsequent stakeholder loss
65
When an organisation fails what are prosecutors of executives focused on
They highlight risk management deficiencies
66
What are internal controls
These are devices and procedures put in place to help ensure that management objectives are met
67
What are some examples of internal control activities
- Approvals
-Authorization
-Reconciliations
-Separation of duties
-Physical Control
-IT control
-Peer Reviews
68
What is fundamental to effective internal control
The environment in which control is required
69
What attributes towards the environment for effective internal control
-Standards,
-Philosophy
-Values of an org
-The attitude
-competence of managers and staff
70
What are procedures for deciding how risks should be managed
Risk identification, analysis and assessment against objectives
71
Why is information recording and communication important in internal control
This is necessary to coordinate activities and produces consolidated risk report to help the board manage and direct
72
What does internal audit provide
It provides independent assurance on control and recommend improvement where applicable
73
Why is monitoring necessary
TO check procedures are both efficient and effective
74
When are internal controls particularly effective
When a procedure is established with well defined objectives and specified rules
75
In auditing and accounting what are internal controls
This is the process designed to help an organisation accomplish specific goals or objectives
76
What is one of the most commonly used internal control framework
The one published by Committee of Sponsoring organisation of the Treadway commission (COSO) in connection with risk classification
77
Why do US organisation tend to prefer COSO
This is because compliance with it satisfies the US legal requirement for financial reporting as set out in SOX
78
How does COSO define internal control
This is the process effected by board of directors, management, other personnel of an org to provide reasonable assurance regarding achieving of objectives in the below categories
- Effectiveness and efficiency of operations
-Reliability of financial reporting
-Compliance with applicable laws and regulations
-Safeguarding of assets
79
Under COSO it defines internal controls as having the below five essential components
-Risk assessment
-control environment
-Control activities
-Information and communication
-Monitoring activities
80
What are other tools that a risk manager has at its disposal
Risk transfer
insurance
Continuity plans
81
when is the approach and process of Control Self Assessment(CSA) is usually established
It's established before hand normally by risk management staff in conjunction with an audit
82
What does Control Self assessment require from operational management and staff
They require them to self review or elf- audit risk control for which they are responsible and to communicate results up through the appropriate management line
83
Control Self assessment is used in combination with
It's used in combination with monitoring activities
84
Control Self assessment is subject to
It's subject to periodic audit to check if its delivering trusted and useful information
85
Control Self assessment is a useful way of ensuring
It's a useful way of ensuring compliance with corporate standards right across an organisation, this includes risk aspects of legislation and other compliance needs
86
Control Self Assessment CSA was originally designed for
It was designed for financial controls to support regulatory compliance
87
What does Control self assessment enable
Risk managers to understand and produce reports on current activity that may be required by the risk department, insurers, audit committee and by external regulator
88
Risk management in an org is an integrated process aimed at
It's aimed at identifying and controlling risks that may affect the achievement of corporate goals
89
Responsibility of risk management lies on
It lies with the board, thus a need for clear communication and reporting structure
90
Why does the board have responsibility of risk management
- So as to assure the board the system is working as intended
-So as to enable the board to exercise the necessary control
91
an effective risk management will depend on
-clear statement of objectives from board of directors
- a systematic approach to risk identification in changing circumstances
-an analysis of risk against criteria set by the board
-effective management of selected risk
92
What is enterprise risk management(ERM)
Structure of an org set up to control risk management across the whole organisation
93
What does the Enterprise Risk management (ERM) system allow
Allows all risk of an org to be looked at together and from different perspectives, also known as holistic approach
94
Regular audits of ERM are important because
To provide assurance that processes function to specified standards and also monitor results
95
What are benefits that successful risk management provide
--better informed strategic decisions
-successful management of change and higher operational efficiency
-reducing borrowing costs
-improving competitive advantage
-org expects more accurate financial reporting
96
why are small companies less likely to use ERM
They may not have the resources to do so and may not have pressure from outside to confirm
97
A successful Enterprise Risk Management has 2 key elements, which are
1.Workable framework clarifying functional responsibility and interactions, and the systems for internal communication, reporting and control
2.Personalizing this framework is a set of terms reference for key staff
98
What does the ERM show
It shows how essential functions of an org combined to create an integrated system for managing risk across the whole org
99
What does the Enterprise risk management specify
IT specifies required information flows and procedures for achieving them
100
What does the Enterprise risk management identify
It identifies where overlapping responsibilities might occur and together with job descriptions and clarify who is responsible for initiating action plans and ensuring their success
101
What will an audit function establish
It will be trying to establish that ERM systems and procedures are effective
102
What will a compliance function establish
It will look for assurance that risks threatening compliance are being adequately identified and controlled
103
What is GRC
Governance, Risk and Compliance (GRC)
104
What does GRC enable in audit and compliance
It enables compliance and audit to work closely together using the same strategis,processes and technologies
105
Why do organizations with separate risk management, compliance and audit activities have difficulties providing coherent information to the board to improve corporate governance
This is because different vocabulary, approaches, systems and documentation make it difficult to maintain a clear view of risks and their dependencies especially for the risks that are cross departmental boundaries
106
What is an objective of GRC
To rationalize information gathering and processing structures using common technology to capture store and process information
107
Why does GRC require organisation-wide training
This is required so as to introduce a common vocabulary across all risk management and assurance functions
107
Why does GRC require organisation-wide training
This is required so as to introduce a common vocabulary across all risk management and assurance functions
108
When will there be less room for misunderstanding and more scope for consolidating information from risk audit and compliance
When there is a defined integrated architecture for information processing, supported by common GRC software technology, risk, audit and compliance work with an agreed common database. This becomes easier to identify trends, as monitoring and review become more efficient
109
When can the GRC be introduced
Only when the overall designed is completed and approved can the GRC system and procedures be introduced progressively at unit/operational level
110
How is GRC expected to improve governance and efficiency
It does so by aligning strategy, processes, technology and people
111
in GRC environment how is risk management considered
it's no longer considered in isolation from audit and compliance activities as it must share the same technology and procedures, but the principles and processes of risk management activity still apply
112
Why is ERM a dynamic management system
It's a dynamic system which states that people be organized and trained to carry our delegated tasks within specified boundaries and specified communication and reporting channels
113
ERM system design takes place in what environment
In an environment that is subject to continual change
114
In a typical ERM system a group risk management would be responsible for
-setting up and maintaining ERM framework
- managing all risk management functions within the group
The head of all the function called chief risk officer or group risk manager
115
How does The chief risk officer fulfill their responsibilities
They do so through a number of subordinate risk officers, each with a designated are of interest and specific tasks to address. IF the organisation is large number of risk officers could be supervised by an immediate risk manager if appropriate
116
What does the board need to ensure to maintain standards of good corporate governance
The board will need to be sure that risk management functions are carried out as they intended
117
A typical ERM framework might interpose what a group to maintain standards of good corporate governance
a group audit function between the risk management function and the boards
118
What will be the task of group audit function imposed on a typical ERM framework
They will carry put independent monitoring and performance measurement and are responsible for audit all risk management activities as well as for internal control and other aspects of corporate governance
119
When an org is closely supervised or regulated by government rules, they run a risk of losing their license, what can an org do to ensure strict compliance
The org can form a separate group compliance function to manage risk threatening compliance with regulations, that operates at the same level as group risk management but only responsible for risks that fall within compliance remit
120
How do boards share their workload
They do so by appointing subcommittee to carry out certain aspects of their work
121
The subcommittee appointed by board comprises of
It comprises of board members with appropriate expertise and other expert representative anywhere within the organisation. E.g Risk subcommittees and audit subcommittees
122
The subcommittee appointed by board comprises of
It comprises of board members with appropriate expertise and other expert representative anywhere within the organisation. E.g Risk subcommittees and audit subcommittees
123
What is a committee form a management point of view
A specified group of people often from different functions who meet at regular intervals in a controlled environment to exchange info and coordinate actions
124
The risk subcommittees and audit subcommittees are independent information channels to the board, this helps with
This helps with preventing the board on only getting one sided view of operation from individual function or the CEO
125
what do committees attract compared to other more passive forms of communication like shared database or reports
they attract being able to encourage dialogue and initiative
126
how may the board have further independent information channel
If they have an external auditor employed
127
How does the ERM affect an organisation
IT affects an organisation at every level, function and operational unit of an org and is clearly fundamental to the way an org goes about achieving its objective
128
Large org are concerned with which types of audit process
2 types, internal and external
129
Who conducts external audits
They are conducted by separate professional to give independent assurance to stakeholders that published information conforms to specific standards and is factually correct
130
How are internal audits carried out
They are carried out within an org to provide assurance to the board that approved systems and procedures are operating as intended
131
according to the IIA what is the aim of internal audit
To evaluate and contribute to improvement of governance, risk management and control process using a systematic and discipline approach
132
From a board point of view what is the purpose of internal audit
To provide independent assurance that specified functions and procedures are operating effectively and point out improvements that will enhance corporate governance capability
133
Before starting with risk malmanagement audit what must audit team do
They will have to familiarize themselves with risk management framework, by understanding terms of reference for risk management function and be quite clear about its objectives
134
Generally what is the audit team to see in the risk management team
They are looking to see if appropriate procedures are in place and being followed and if the whole risk management system is meeting requirements of the board and consider if recommendation for improvement need to be made
135
what will the audit team consider when deciding whether enterprise risk management systems and procedures are effective
-significant risks are being identified and assessed, especially those risks that could threaten the existence/success of an org
-appropriate risk responses are selected in line with risk apetite decided by the board
-relevant risk information is captured and communicated in a timely manner across the org and enable staff/management/the board to carry out their responsibilities
136
What risks will the audit team concentrate on
They will concentrate on those risks that affect achievement of stated objectives
137
Main purpose of internal audit of risk management is
To provide independent assurance to the board that an effective ERM system is in place and operating effectively
138
What differentiates risk management team from audit team
Responsibility, risk management function is responsible for setting up and maintaining an effective risk management system and responsible for results it achieves, but audit function just monitors comments and advises and does not make risk management decision or does not take responsibility for any risk management actions
139
What is the ole of an audit team in risk mangement
Advisory work, they can be harnessed as consultants but must avoid line management activities
140
Auditors must be
Independent advisors
141
for auditors how should their investigation, observations, and recommdations be
Investigations must be independent, Observation clearly objective and recommendation purely for advise
142
How can auditors be criticized
They can be criticized as being too closely involved or being distance and out of touch
143
A professional and competent audit is considered as
This is a powerful check on the operations it examines, and will help improve the effectiveness of the risk management process
144
Typically what do large organisation set out to do
They set out to act lawfully and uphold moral values
145
What must compliance keep up in an org
It must keep up to date with existing and new legislation affecting any orgs operation
146
What does compliance provide
It provides policies, guidance, training and advise on compliance issues and assurance that suitable compliance controls are in place and effective
147
What is compliance responsible for if an org has published code of conduct
They are responsible for making new employees aware of expected standards
148
What is the head of group compliance responsible for
They are responsible for identifying and evaluating all risks that threatened to result in non -compliance
149
The board can appoint a compliance subcommittee to fulfill compliance responsibilities, however the board can avoid appointing a second subcommittee for compliance by
They can do so by having compliance report to the audit subcommittee putting the emphasis on compliance system rather than individual risk control
150
What is the task of the head of group compliance
They are responsible for identifying and evaluating all risks that threatened to result in non- compliance and provide assurance that rusks are being adequately controlled
151
Who does the head of group compliance have direct access to
They have direct access to chairperson of the board
152
Compliance activities are a subset of
They are a subset of audit and risk management activities concentrating on more important risks
153
What are potential conflicts of audit, risk management and compliance activities working together in a large group
-Line managers will be tired with 2/3 sets of people asking the same questions
-all 3 functions may argue over ownership and priorities of individual risks
-Duplicate records may be kept and objective decision making prejudiced by internal professional rivalry
154
Effective risk management will heavily depend on
It will depend on the ability of the central risk management professionals to communicate with and persuade their management colleagues to treat risk in a coordinated manner. And require them to treat risk in accordance with the senior management expertise
155
responsibility of risk control through out an org lies on the
It lies on the board of directors
156
Board of directors will appoint a risk subcommittee in fulfilling heir responsibilities for risk management, what will this subcommittee promote
It will promote policy directives and also provides a forum for resolving inevitable differences in attitude and priorities between managers
157
How will risk subcommittee set out structure in which they intend to manage risk
In a written document available for general reference, also known as risk management architecture
158
what does risk management architecture describe
It describes the risk management structure of the org, laying out lines of communication for reporting risk management issues
159
Documents describing the risk architecture can be called
-Risk Strategy
-Risk Structure
-Risk Governance
160
Document describing the risk architecture will as minimum
-specify board of directors or subcommittee responsible for risk management
-state in general terms how risk is perceived
-specify the roles and responsibilities of any senior risk professionals or departments
161
what other things should risk architecture desribe
-define general framework for identifying/evaluating/reporting risks
-specify an authority to approve risk management related aspects of procedures
-clarify the role of risk committee
-lay down guidelines for auditing and assurance
162
How often should risk management architecture document be reviewed
It should be reviewed at least every one or two years to reflect major changes in an org or its environment
163
What is a risk management framework supported by
It's supported by individual job descriptions that set out duties and responsibilities of individual roles
164
Risk management framework are designed to ensure
The management decisions are based on good and consistent risk information with sound understanding of possible consequences and likely outcomes of alternative course of action
165
In their terms of reference what is the head of department primarily responsible for
They are responsible for managing operational risks and promoting risk awareness. and identifying, assessing and prioritizing current and emerging risks in their areas, they will clarify risk strategy, explain the board's attitude to risk and implement risk management process in their department
166
individual job description and personal objectives include suitable risk elements so that staff
-recognize and understand risks that relate to their individual roles and activities
-appreciate how risk management contributes to successful achievement of objectives
-clearly understand their personal responsibilities for reporting and managing risks
167
What happens if the risk management process identifies a risk that needs to be actively managed
The framework will specify that this needs to be assigned to an individual risk owner, and they will be responsible for assessing and managing this organization's response
168
ERM system and corporate governance requirements both depend on
They depend on effective risk management frameworks
169
What do formal risk identification, analysis and control expected to contribute
They contribute to strategic decision making as well ass reducing consequences of risk
170
if the head of ERM function is not a board member then who is more appropriate
The position to be sufficiently close to board level to reflect board authority and provide easy and regular access to board members
171
Who is chief risk officer
The most senior professional risk manager in an org
172
chief risk officer can contribute in which decisions
They can contribute in decisions regarding the direction an org is to follow and will be intimately involved in details of strategic plans
173
The chief risk officer will be responsible for
-establishing and maintaining effective ERM framework in line with risk subcommittee recommendations
-setting detailed targets and objective within the board remit
-demonstrating whether those objectives has been met
174
what is a crucial objective of chief risk officer
To improve risk awareness in the org
175
How long does the board expect risk culture to mature
Every Year
176
What does the chief risk officer monitor
They shall monitor all significant risks, maintain risk profiles and ensure risk reporting to approval internal and external recipients meets their needs
177
What is one of the most important aspects of the job of the chief risk officers
Identifying individual risk owners and making sure they carry out actions as required
178
What are some of the chief risk officers financial constraints
They have to work within a limited budget in terms of activities and allocation of resources and will be expected to justify risk management expenditure in financial terms like return on capital employed
179
Internal communications by the chief risk officer includes which groups
-business units
-committees
-directors
-legal
-audit
-compliance
180
External communications by the chief risk officer includes which groups
-Auditors
-Regulators
-Shareholders
-The media
181
Chief risk officer carries out their responsibilities through
Through a team of direct subordinates and will need appropriate management skills
182
What is a risk manager
Describes a person who supervises a group of risk officers but reports to a chief risk officer
183
Who is a risk officer
Title given to risk management professional who carries out selected duties under the guidance and direction fo the chief risk officer
184
Risk officer can be promoted to a senior risk officer what role will they have
They will have a wider role and additional responsibilities to utilize the benefits of experience
185
In a large org a risk officer may report to
Report through an intermediary senior risk manager or head of risk
186
The duties of a risk officer are
They are a subset of those of the chief risk officer
187
How does a risk officer normally start
They start by familiarizing themselves with one area or function of b'ness reporting in detail to chief risk officer and perhaps sitting in one or tow of lover level committee
188
Why are committees established
As forums to bring together experts or representatives from different areas of the organisation to discuss common topics or objectives
189
When do committees work best
when knowledgeable representatives are carefully selected to cover all aspects likely to be discussed and when thy are set up with clear guidelines and objectives
190
What is the task of the chairperson of a committee
To ensure all views are equally aired, discussions remain objective and conclusions are properly documented in minutes
191
What does an effective committee meeting need
IT needs adequate preparation against a clear agenda, unrestricted access to up to date, reliable info concerning topics to be discussed
192
Members of risk committees must be carefully selected for
-their detailed knowledge of the functions being discussed
-the ability to work well in groups
-their reputation in supporting risk management objectives
193
Generally each committee will have a representative from
at least one representative of a central group risk department, who keeps the chief risk officer informed of important proceedings and pass information on group standards and requests to the committee
194
Who will be responsible for approving all published work polices and procedures
Group or divisional management, they will expect and respect constructive comments and amendments form appropriate risk committees
195
What is risk apetite
It's a statement of an org's attitude to risk. The amount of risk that an org is prepared to accept, tolerate or be exposed to at any point in time
196
Risk apetite must consider which type of risks
Threats and Opportunities
197
Apart from setting limits in amount of downside risk an org is prepared to take, risk apetite policy must allow for
They must allow for controlled risk taking where anticipating long term gains outright potential short term losses
198
In a large organisation how is risk apetite defined
Its defined at different levels of management and functions, with a formal escalation process where managers encounter risk beyond their level of decision
199
What does defining risk apetite provide
A framework for informed decision making, highlights the risks that need attention and promotes consistency of business decisions. And provides basis of audits and investigations
200
How is a risk apetite policy statement typically look like
A typical solution is a presentation in matrix form
201
Risk apetite policy is a guide that can be used for which risks
It can be used for both Existing risks and for new and emerging risks. Describing those risks an org is actively willing to take
202
What is Risk Tolerance
Those risks an org might be able to put up with
203
What is another important characteristic of Risk
How often it's likely to occur
204
The way people behave at work is strongly influenced by
Customs and practices of their organisation
205
The health and safety executive has identified activities that promote a risk aware culture. This includes
The acronym LILAC
-Leadership
-Involvement
-Learning
-Accountability
-Communication
206
Under the The health and safety executive what does leadership define
Its in terms of clarification of strategic and personal risk objectives
207
Under the The health and safety executive what does involvement define
Involvement of stakeholders at all stages of risk management
208
Under the The health and safety executive what does learning define
Learning from events with effective training
209
Under the The health and safety executive what does learning define
Learning from events with effecive training
210
Under the The health and safety executive what does accountability define
Accountability of individuals but with shared efforts to prevent reoccurrence
211
Under the The health and safety executive what does communication define
Communication with free discussion of objectives methods and results
212
What is an obvious initiative of enhance risk awareness culture in an org
Promotion of an awareness campaign, supported with training aids, literature and poster displays
213
An organisation with effective risk management process can expect
They can expect less unexpected losses and better selection of future opportunities leading to greater epected gains
214
What s a qualitative indication of progress in developing risk awareness in an org
Regularly assessing the current level of risk culture
215
The processes of observation, audit and interviews are used to evaluate
They are used to evaluate the extent to which risk culture is embedded in an org procedures and practices
216
What is a general risk maturity model commonly used
4NS
217
What is the 4Ns
This has four level maturity labeled as naïve, novice, normalized and natural with corresponding descriptions for each of these levels
