ERM

Question 1

ERM Manual

Answer 1

A document outlining policies and procedures for managing risks and carrying out ERM processes at PC Limited, applying to all sub-functional areas within the ERM function.

Question 2

Risk Appetite

Answer 2

A guide used to determine the acceptable level of risk at PC Limited,

Question 3

PC Limited’s approach to measuring identified risks related to its business processes

Answer 3

Risk Assessment Approach

Question 4

Four Risk Treatment Approaches adopted by PC Limited for risk treatment

Answer 4

Tolerate (Acceptance)
Treat (Reduce)
Transfer (Share)
Terminate (Avoid)

Question 5

Risk Map

Answer 5

Illustrates the effect of implemented mitigation plans on gross risk, resulting in residual risk moving towards the bottom left-hand corner of the grid.

Question 6

Quality Assurance and Improvement Program

Answer 6

Involves ongoing assessment and monitoring of GRC’s performance and effectiveness at PC Limited, covering all main aspects of quality assurance.

Question 7

How often QAQC assessments are carried out

Answer 7

internal assessments conducted annually and
external assessments every three years.

Question 8

PC Quality Assurance Review Tool

Answer 8

A key tool used to
- check the quality assurance of the GRC Function at PC Limited,
- documenting variance analysis results and
- defining next steps for each GRC team member involved in reviews.

Question 9

Investigation Processes and Procedures

Answer 9

Established for conducting investigations into alleged incidents of bribery, corruption, fraud, and misconduct,

Question 10

Whistle-blower Policy

Answer 10

Outlines the requirements for reporting whistle-blower complaints to the GRC Function at PC Limited.

Question 11

Investigation Planning Phase

Answer 11

Includes
- protocols for information storage and sharing,
- report distribution lists at PC Limited. - Third parties need to be notified of certain allegations to be investigated.
> regulators,
> external auditors, and
> law enforcement agencies may

Question 12

PC Risk approach is based on

Answer 12

likelihood ranking criteria provided in the ERM manual.

Question 13

How is the level of risk obtained?

Answer 13

A combination of likelihood of occurrence and magnitude of impact

Question 14

Approach adopted by PC Limited to improve risk management

Answer 14

Enterprise risk management (ERM)

Question 15

How is the company risk apetite derived

Answer 15

derived from annual strategy/goal setting processes and based on strategic, operational, compliance, and reporting objectives.

Question 16

Responsible for investigations processes and procedures with review and administration.

Answer 16

GRC Function and the Chief Compliance Officer

Question 17

Risk is

Answer 17

The probability that the occurrence of an event may positively or
negatively impact the achievement of the organization’s objectives.

Question 18

Four (4) key elements
of PC Limited’s ERM model:

Answer 18

a) Risk strategy and appetite;
b) Risk culture;
c) Risk governance; and
d) Risk management process.

Question 19

Purpose of ERM manual

Answer 19

Sets out policies, guidelines and practices to be adopted in
managing risks and carrying out ERM processes.

Question 20

Who grants exceptions to ERM policy

Answer 20

GCEO, ratified by Board

Question 21

Review and update of ERM takes place

Answer 21

every 2 years

Question 22

ERM Key result Areas

Answer 22

Enterprise Risk
- Identification
- Assessment
- Mitigation and Control
- Monitoring and Reporting

Question 23

ERM SIPOC Suppliers

Answer 23

Business Units

Question 24

ERM SIPOC Outputs

Answer 24

1. Risk Register
2. Risk Heat map/Assessment report
3. Risk & Control Register
4. Risk report

Question 25

Risk Register (SIPOC)

Answer 25

BU - Strategy & Action Plans - Risk Identification - BU/ERM/GRC

Question 26

Risk Heat map/Assessment report (SIPOC)

Answer 26

BU - Risk Ratingss - Risk Assessment - Risk Heat map - Audit /BU

Question 27

Risk & Control Register (SIPOC)

Answer 27

BU - Mitigation action plans - Risk mitigation - Control Register - Audit / BU

Question 28

Risk report (SIPOC)

Answer 28

BU - Info requirements - Monitoring & Reporting - Reports - ERM/Audit/GRC/BU

Question 29

PC Risk management strategy

Answer 29

Establish and sustain a robust ERM model that is proactive and embedded in all processes to ensure that responses to risks are effective and dynamic.

Question 30

Risk appetite is

Answer 30

The amount of risk PC Limited is willing to accept in order to be in alignment with its strategic objectives.

Question 31

Risk appetite purpose

Answer 31

- Guide to determine how much risk is acceptable; - A benchmark for key risk indicators; - Guide in strategy and goal setting process.

Question 32

ERM Action "I" means

Answer 32

Initiate

Question 33

ERM Action "C" means

Answer 33

Consult

Question 34

ERM Action "R" means

Answer 34

Recommend

Question 35

ERM Action "E" means

Answer 35

Endorse

Question 36

ERM Action "A" means

Answer 36

Approve

Question 37

ERM Action "IMP" means

Answer 37

Implement

Question 38

ERM Action "INF" means

Answer 38

Inform

Question 39

ERM roles include

Answer 39

1. PC Ltd Board 2. Board Audit OCmmittee (BAC) 3. Management Committee 4. HODs / Process owners / Project managers 5. Risk & COntrol Function P26

Question 40

Risk three lines of defence

Answer 40

1. Risk Management (BOD, BAC, MRC, Heads) 2. Risk Oversight 3. Assurance (Audit fn, External Audit, Regulators)

Question 41

Who doubles as the chief risk officer?

Answer 41

Chief compliance officer P32

Question 42

4 major components addressed by ERM Process

Answer 42

1. Risk Identification 2. Risk Assessment 3. Risk Mitigation 4. Risk monitoring and reporting

Question 43

2 Types of Risk Ranking Criteria used in PC Ltd

Answer 43

Likelihood and Impact (Non-financial & Financial)

Question 44

What are the risk likelihood factors used in PC Ltd.?

Answer 44

1. Rare (Not expected) 1-19% 2. Unlikely (little chance of 1 in 3yrs) 20-39% 3. Possible (50% chancce in 3 yrs) 40-64% 4. Likely (>50% chance in 3 yrs) 65-89% 5. Almost Certain (at least 1 in 3 yrs) 90-100%

Question 45

Risk Impact criteria are:

Answer 45

1. Insignificant 2. minor 3. Moderate 4. Major 5. Extreme

Question 46

The level of risk is a combination of

Answer 46

Likelihood of occurence and Magnitude of impact results in heat map - Hight, Medium, low

Question 47

Risk levels are

Answer 47

**high** - material influence on objectives - BOD, SMT **medium** - influence short term objectives - BOD, SMT, Middle Mgt. **low** - negligible influence - middle mgt

Question 48

RCSA means

Answer 48

Risk and control self-assessment