ERM Framework Flashcards
(28 cards)
Demanding higher performance usually requires accepting more
Risk
ERM of a more risk aggressive entity demands
Greater Integration (must be able to access quickly)
5 components of ERM
Governance and Culture Strategy and objectives Performance Review and Revision Information, Communication, Reporting
Governance and Culture
- Exercises Board Risk Oversight
- Establishes Operating Structures
- Defines Desired Culture
- Demonstrates Commitment to Core Values
- Attracts, Develops, and Retains Capable Individuals
Strategy and Objective-Setting
- Analyzes Business Context
- Defines Risk Appetite
- Evaluates Alternative Strategies
- Formulates Business Objectives
Performance
- Identifies Risk
- Assesses Severity of Risk
- Prioritizes Risks
- Implements Risk Responses
- Develops Portfolio View
Monitoring, Review & Revision
- Assesses Substantial Charge
- Reviews Risk and Performance
- Pursues Improvements in Enterprise Risk Management
Information, Communication, and Reporting:
- Leverages Information Systems
- Communicates Risk Information
- Reports on Risk, Culture, and Performance
dual board of directors’ structure
The management board oversees operations while the governing board oversees strategy.
6 categories of external business context
PESTLE Political economic social technical legal environmental
Tolerance
acceptable range of variation in performance
Cognitive computing
use of AI methods of data mining and analysis to support risk identification
heat map
likelihood rating Y axis
impact ratings X axis
Hedging is what type of risk response?
Risk Sharing
Risk statement should include
- statement of the risk
2. impact of the risk
Risk Owner
responsible for effectively managing identified risks
3 Objectives of Internal Control (COSO Cube top)
- Operations (efficient and effective use of resources)
- Reporting (reliable info)
- Compliance (laws)
COSO Cube - 5 Components (front of cube)
- Control Environment
- Risk Assessment
- Information and Communication
- Monitoring
- Control Activities
Where do we have IC? (Cube side)
- Entity
- Division
- Operating Unit
- Function
Control Environment
Management’s philosophy. Foundation of any system of internal control.
Risk Assessment
Process if identifying, analyzing and managing risks associated with achieving objectives
Information and Communication
enable people to identify, process and exchange info needed to manage and control operations
Monitoring
must monitor and test the system and its data to ensure reliability of info
Control Activities
Policies and procedures that ensure that actions are taken to address risks related to achieving objectives