Chapter 3 Flashcards Preview

M67 - Fundamentals of RIsk Management > Chapter 3 > Flashcards

Flashcards in Chapter 3 Deck (27):

The Health and Safety Executive (HSE) identified five activities that promote a risk-aware culture



The Companies Act 2006 requires directors to have 'regard among other matters to the'

- likely long term consequences of their decisions
- interests of the company's employees
- need to foster the company's business relationships with suppliers, customer and others
- impact of the company's operation sin the community and the environment
- desirability of maintaining a reputation for high standards of business conduct
- need to act fairly between members (shareholders) of the company


The UK Corporate Governance Code charges directors with

- setting the company's strategic aims and providing leadership to put them into effect
- supervising management of the business
- reporting to shareholders on their stewardship


The UK Corporate Governance Code is based on principles of

focus on the sustainable success of an entity over the longer term


What two responsibilities does the Board have under the Accountability principle of the UK Corporate Governance Code

- Determine the nature and extent of significant risks it is willing to take to achieve its corporate objectives
- Maintain sound risk management and internal control systems


What five responsibilities do most Boards have

- Regulation of the executive to ensure they uphold shareholder interests and laws governing the conduct of the business
- Approving the report and accounts, annual budgets, strategy and other important plans
- Selecting, appraising and rewarding the CEO and ensuring successful planning is actively address
- Supervising the risk assessment process and ensure adoption of key actions to mitigate against risks
- Ensuring that company integrity and principles are upheld on critical matters such as financial reporting accuracy, legal and regulatory compliance


What are four recommendations of the Turnbull guidance

- Separation of the roles of Chairperson and CEO
- CEO employment contracts to have a time limit
- Establishes minimum numbers of non-exec directors on the board
- Board subcommittees to be established


what are the recommended practices in competence risk management and internal control.
Boards of listed companies should..

possess relevant skills,
conduct regular review of risk,
specify the company risk appetite,
agree and implement board policies on risk and control,
establish a prudent and effective internal control,
report on the effectiveness of the internal control at least annually.


name the 11 titles of SOX 2002

Title 1. public company accounting oversight board.
Title two. Auditor independence.
Title three. Corporate responsibility.
title four. Enhanced financial disclosures.
Title V. Analyst conflict of interest.
title VI. Commission resources and authority.
title VII. Studies and reports.
Title 8. Corporate and criminal fraud accountability.
Title IX. White Collar crime penalty enhancements.
Title 10. Corporate tax returns.
Title 11. Corporate fraud and accountability.


How often is the UK Corporate Governance Code reviewed?

Every 2 years


What does section 404 of SOX act require

section 404 requires that publicly traded corporations use a formal risk control framework and it management and the external auditor report on the adequacy of internal control on Financial Reporting.


JOBS Act 2012

jump-start our business startups act, or jobs act, of 2012 relaxed SOAS compliance requirements period this requirements included exemption for new public companies from section 404 reporting for a period of 5 years instead of 2.


the committee of sponsoring organisations of the treadway commission (coso) define internal controls as a process in five categories:

Effectiveness and Efficiency of operations.
Reliability of Financial Reporting.
Compliance with applicable laws and regulations.
Safeguarding of assets.


5 essential components of COSO

Control environment.
Risk assessment.
Control activities.
Information and communication.
Monitoring activities.


What is enterprise risk management (ERM)?

Enterprise risk management is the structure and organisation sets up to control risk management across the whole of its organisation.


What are the benefits of successful risk management

inform strategic decisions;
successful management of change and higher operational efficiency;
organisations can expect more accurate Financial Reporting
reduce borrowing costs
improved competitive advantage.


A successful ERM system has two key elements:

a workable framework Clarifying functional responsibilities and interactions, and the systems for internal communication, reporting and control.
a set of terms of reference for key staff. This clarifies individual functional responsibilities and individual requirements for communication, reporting and control.


In a typical ERM system, there are two subcommittees which are independent information channels to the Board.

a risk sub committee and an audit subcommittee.


Responsibility for risk control throughout an organisation lies with

the board of directors.


what is risk management architecture

the structure by which the risk subcommittee intends to manage risk


what does the risk architecture define:

specify the board member or subcommittee responsible for risk management
stating general terms of how it is perceived
specify the roles and responsibilities of any senior risk professionals or departments


how often should the risk management architecture document be reviewed?

The risk management architecture document should be reviewed at least every 1 to 2 years, to reflect major changes in an organisation or its environment.


The chief risk officer is responsible for

establishing and maintaining an effective ERM work in line with risk sub committee recommendations
that in detail targets and objectives within the board remit
there must training within those objectives having made
one crucial objective will be to improve with awareness in the organisation


what is the aim of an internal audit according to the Institute of internal auditors

the aim of internal audit is to evaluate and contribute to the improvement of governance, risk management and control process using a systematic and disciplined approach.
there's definition and Alliance the link between internal audit, governance and management of risk.


Audit functions will include

Assurance that. Are adequately reported and managed
insurance that rests are correctly evaluate it
insurance risk management processes are effective


audit functions will not include

accountability for risk management
changing risk management processes
setting risk management appetite


the head of group compliance is responsible for

identifying and evaluating all rests that threatened to result in non-compliance period compliance activities or a subset of both audit and risk management activities cutting it fine