Chapter 5

Question 0

Define enterprise risk management (ERM)

Answer 0

comprehensive approach to managing all an organization’s risk to maximize shareholder value.

Question 1

What is the focus of traditional Risk Management?

Answer 1

Focuses on pure risk and, thus, addresses only hazard risks and operational risks.

Question 2

Define pure risk

Answer 2

A chance of loss or no loss, but no chance of gain

Question 3

Define speculative risk.

Answer 3

A chance of loss, no loss, or gain

Question 4

Devine chief risk officer.

Answer 4

Is the senior risk professional involved in enterprise wide risk management

Question 5

Define business model

Answer 5

The core aspects of an organization, including its vision, mission, strategies, infrastructure, policies, offerings, and processes

Question 6

Define hazard risk.

Answer 6

is a pure risk associated with accidental loss, such as loss of a factory by fire.

Question 7

Define operational risk.

Answer 7

is a pure risk associated with an organizations operations, such as adequacy of utilities or reliability of a supplier.

Question 8

Define financial risk.

Answer 8

is a speculative risk associated with organizations financial activities, such as a change in the cost or the availability of capital.

Question 9

Define strategic risk.

Answer 9

is a speculative risk directly linked to a management decision or the business plan, such as planning and product design.

Question 10

Define upside risk.

Answer 10

is the risk that a firm will outperform its strategic goals.

Question 11

What are the major differences between Traditional Risk Management & ERM

Answer 11

1) Risk Categories
2) Strategic Integration
3) Performance Measures
4) Organizational Struture

Question 12

What are the steps to integrate ERM?

Answer 12

1) Develop ERM Goals
2) Analyze, Evaluate ERM Goal
3) Treat Critical Conditions
4) Monitor

Question 13

What are ERM goals based upon?

Answer 13

1) Organization Risk Apetite
2) Why an organization is developing ERM goals
3) Business’s need for ERM
4) Intended scope of the ERM
5) How ERM will help meet companies goal
6) Whether an organization has a function or department focused culture.

Question 14

What are the categories of practical techniques to treat risk?

Answer 14

1) Avoid
2) Accept
3) Transfer
4) Mitigate
5) Optimize

Question 15

How does ERM optimize decision making?

Answer 15

1) Increase profitablity
2) Reduced Volatility
3) Improved ability to meet strategic goal
4) Increase Mgmt accountability

Question 16

How does ERM enhance risk communication?

Answer 16

1) Management Consensus

2) Stakeholder acceptance

Question 17

What is the ERM process framework?

Answer 17

Requires an organization to establish its internal and external contexts, assess risks, choose appropriate treatments, and then monitor the treatment and the ERM plan

Question 18

What is the exposure spaces model?

Answer 18

3 dimensional chart showing the attributes of resources, events, and impacts to consider the range of potential impact from positive to negative

Question 19

What is optimization?

Answer 19

Both an eventuality and a process through which the organization searches for the equilibrium between risk and outcome in relationship to strategic goals.

Question 20

Define chief risk officer.

Answer 20

A generic term for the senior risk professional engaged in ERM in an enterprise; distinct from “Chief Risk Officer,” a title given to some risk professionals who report to senior management

Question 21

What is strategic planning?

Answer 21

Process by which an organization’s board and executives develop, refresh, and refine its strategies in line with its view of the future

Question 22

How does an organization develop ERM goals?

Answer 22

The board and executive team develops or reviews the organization’s vision statement, mission statement, strategic objectives, and financial projections to develop the organization’s goals

Question 23

ISO 31000:2009

Answer 23

Publication of the International Organization for Standardization. Contains three parts; principles, a framework, and processes for managing risks. It provides an international standard for risk management and creates a generic approach to risk management. It focuses on commonly accepted principles and emphasizes the vital role of risk management to a firm’s structures, strategies and goals.

Question 24

BS 31100

Answer 24

2008 Publication of the British Standard Institution n. A risk management code of practice that sets principles and terminology for risk management and makes recommendations about the model, framework, process and implementation of risk management.

Question 25

COSO II

Answer 25

2004 publication of the Committee of Sponsoring Organizations of the Treadway Commission. Creates a framework that promotes communication between the board and the executives about incorporating ERM goals into the strategic management process. Focuses on threats and controls, rather than on the details of risk management approaches.

Question 26

AS NZ/4360

Answer 26

Joint Australian / New Zealand standard for ERM published in 2004. Provides a broad overview of risk management designed for directors, elected officials, CEO's, executives, line managers and staff in a wide range of organisations. It is intended as a guide to help organizations structure their own ERM approaches.

Question 27

FERMA

Answer 27

he Federation of European Risk Management Associations. Adopted it Risk Management Standard in 2002. The standard contains consistent terminology, a process for executing risk management, an organized structure for risk management, and risk management goals.

Question 28

Basel II

Answer 28

was published by the Basel Committee on Banking Supervision in 2004. Provides recommendations on banking laws and regulations for banks in the international market t. It sets risk and capital management rules that ensure that banks hold sufficient capital reserves based on their lending and investment risks.

Question 29

Solvency II

Answer 29

was developed by the European Commission in 2007 to provide consumer protection and regulatory requirements for a unified insurance market in the European Union.

Question 30

explain the differences between traditional risk management and ERM

Answer 30

tradition considers only hazard and operations risks that can affect an organization. ERM expands an organization's risk focus to include financial and strategic risks, allowing it to account for all eventualities that can affect its ability to achieve its goals

Question 31

List 4 areas in which traditional risk management differs from ERM

Answer 31

1. risk categories 2. strategic integration 3. performance metrics 4. organization structure

Question 32

describe 2 categories of risk ( pure risks) associated with traditional risk management

Answer 32

1. hazards- pure risks include damage to property from perils such as fire and exploration or losses stemming from accidents and injuries to employees or customers 2. operational risks- pure risks that arise out of service, processing, or manufacturing activities

Question 33

describe 2 categories of risk specially associated with ERM

Answer 33

1. financial risks- interest rate risk, competitive risk, inflation, and market timing among others 2. strategic risks- management decisions regarding new products, emerging competitors, and planning issues

Question 34

provide an example of an "upside risk"

Answer 34

risk that the org. will outperform its strategic risks. ex.- situations in which a business venture experiences an unexpected increase in revenue or market share. such changes an present the organization with both opportunities and threats

Question 35

explain how ERM's strategic integration varies from traditional risk management

Answer 35

by linking risk to the entire enterprise the org. decouples its financial, strategic, operations, hazards, and other risks from individual operational silos and addresses them within strategy as a whole. thus, ERM considers the global array of risks that affect the organization

Question 36

explain how ERM differs from traditional risk management with regard to organizational structure

Answer 36

traditional risk manager reports to an organizational department such as finance, operations, or legal. the responsibility for pure risk management may be localized within a risk management department, which then orchestrates the risk management plan as a central authority. ERM- risk management responsibility is decentralized and integrated into all levels of the organization

Question 37

explain the role of the chief risk officer in an organization's strategic process

Answer 37

help the org. develop tools that identify and manage events and perils that may cause variation from the achievement of specific strategic goals

Question 38

explain the iterative and recursive process of ERM

Answer 38

interative- risk mamangent process is engaged to identify and management each discoverable risk recursive- risk management process is revisited on a regular basis to maintain its optimization in relationship to strategic goals

Question 39

an organization develops ERM goals as the first step in integrating ERM into its strategic planning. what type of considerations are included in an organization's ERM goals

Answer 39

1. considerations regarding the organization's risk appetite 2. why the organization is establishing the ERM program 3. the business or org. need for an ERM program 4. the intended scope of ERM program 5. how ERM will assist the org. in meeting its strategic goals 6. how the org. defines ERM, whether the org. has a 7.function or department focused culture or a collaborative culture, and how that will affect ERM implementation

Question 40

possible treatments of risks to an organization's strategy include some traditional risk management treatments, such as avoidance and transfer. what additional treatments are applied in ERM

Answer 40

1. accept- accept the risk by planning for way to deal with the uncertainty if it occurs 2. mitigate- initiate activities to reduce the probability, impact, or timing, of risk event to an acceptable risk tolerance 3. optimize/exploit- develop actions to optimize positive consequence to achieve gains

Question 41

how do an organization's executives monitor risks to is strategy

Answer 41

by trends, triggering events, and warning signs that were identified during the assessment phase of each risk identified information will come from a variety of sources, such as newsletters, regulatory announcements, and surveys, for risks, that pose potentially high severity and likelihood, an organization may seek relationships with key individuals in positions to know when changes are imminent that can trigger conditions that could results in an event. with such information, the organization can be prepared to launch treatments

Question 42

summarize the 2 important benefits of the ERM approach

Answer 42

1. enhanced decision making- an ERM approach allows an organization to systematically explore new opportunities for economic efficiencies while managing threats that stem from internal and external contexts 2. improved risk communication - ERM also encourages an org. to widely communicate its risk mgmt approach across all of its layers this includes making all mangers aware of the need to identify obstacles that could interfere with achievement of the organization's strategic goals

Question 43

explain how an ERM approach increases profitability

Answer 43

an ERM approach monitors systemic risks inherent in the org. that can adversely affect its long term financial outlook. when an org. adopts an ERM approach, unexpected occurrences or variations cause much less disruption because the organization has already incorporated the possibly of such occurrences or variations into its decision making process, allowing it to increase its profitability

Question 44

explain how an ERM approach can result in reduced earnings volatility for an organization

Answer 44

in addition to maintaining cash flows and balancing its budget, an org. must manage its cash flows to ensure an adequate pipeline of capital to meet challenges and to explore strategic growth opportunities ERM provides a systematic framework that allows organizations to deploy capital through organization-wide decisions making, which ultimately results in stable earnings projections to fund futures projects

Question 45

summarize how an ERM approach improves an organization's ability to meet strategic goals

Answer 45

improves an organization's ability to meet strategic goals by providing for organization wide involvement in the strategic formulation and decision making process this process examines factors in the internal and external environments to identify risks that would impede growth and achievement of established goals

Question 46

explain how the ERM process can lead to increased management accountability

Answer 46

those closets to a particular risk are in the best position to evaluate and mange it the board and senior executives establish the organization's overall mission, vision, and strategic goals, but each manager is responsible and accountable for decision making about risks within his or her individual unit ERM increases management accountability, leading to improved corporate practices and greater managerial understanding of and consensus regarding corporate strategy

Question 47

summarize how management consensus is achieved in an organization utilizing an ERM approach

Answer 47

creates a corporate culture that embraces risks as an additional component of each division. by empowering all managers to consider risk optimization and the cost of risk, ERM provides them with complete information about the potential affects of a decision, including its downsides and upsides this builds a sense of management by consequences, as opposed to the traditional hierarchical model of management, in which a series of decisions is driven from the top down

Question 48

describe how an ERM approach will improve an organization's acceptance by internal and external stakeholders

Answer 48

ERM improves acceptance by internal stakeholder building a spirit of cooperation among management mangers will build an understanding that the way they manage risk will have a positive impact on the organization, which in turn will benefit them personally

Question 49

describe the purpose and focus of ISO 31000:2009

Answer 49

it is a publication issued by the international nal organization for standardization ISO 31000:2009 provides an international standard for risk management as well as a generic approach to risk management applicable within any industry sector it focused on a commonly accepted principles, such as meeting goals and the importance of risk communication. the standard emphasizes that risk management is integral to an organization;s structure, strategies, and goals

Question 50

excluding ISO 31000:2009, list 4 frameworks and standards that are recognized as best practices for risk management implementation

Answer 50

1. BS 31100 British standards 2. COSO II committee of sponsoring organizations of the tread way commission 3. SD/NZS 4360 Australian/ New Zealand standard for ERM 4. FERMA federation of European risk management association

Question 51

differentiate between Basal II and Solvency II

Answer 51

Basel II- issued by the Basel Comminittee on Banking Supervision in 2004. it establishes risk and capital management rules designed to ensure that a bank holds capital reserves appropriate to the risk the bank exposes itself to through its lending and investment practices Solvency II- developed by the EU in 2007, consists of regulatory requirements fro insurance firms that operate in the EU. it facilitated the development of a single market in insurance services in Europe while providing adequate consumer protection