Friday

Question 1

PESTLE classificatipn system

Answer 1

PESTLE risk classification system is often seen as most relevant for external risks

should be used in conjunction with SWOT

Advantages of PESTLE
simple framework
facilitates an understanding of the wider business enviornment
encourages external and strategic thinking
anticipates future business threats
helps ID actions to avoid or minimise impacts of threats
facilitates ID of business opportunities

Disadvantages of PESLE
1.over simply amount of data used for decisions
2.needs to be undertaken regularly to be useful
3. requires different people being ivnvoled with different perspective
4. access to quality external data sources can be time consuming and costly
5.difficult to anticipate development that may effect an org in the future
6.risk of capturing too much data = difficult to ID priorities
7. can be based on assumptions that subsqeuently prove to be unfounded

Question 2

Horizon Scan

Answer 2

An organised and formal process of gathering, analysing and disseminating value added information to support decision making

A systematc examination of info to identify potetial threats, risks, emerging issues and opportunities - allowing for better prepardness and mitigation

exploration of what the future looks like

IRM :
Good technique for people to look at complexity, challenge assumptions
and
Review multiple ways that events could unfurl in order to increase resilience and reliability of their organisations

examination of what the future might look like to understand uncertainties
annd
to analyse wether the org is adequately prepared for potential opportunties and threats

Question 3

Uses of a horizon scan process

Answer 3

1.deepen understanding of driving forces affecting future development of policy or strategy area
2. ID gaps in understanding bring focus into new areas of research to understand driving forces better
3. to build a consensus amongst a range of stakeholders about issues and how to tackle them
4. to ID and make explicit some of the difficult policy choice and trade offs that may need to happen in future
5. to create a new stategy that is resilience and adaptable to changing ecternal conditions
6. to mobilise stakeholders to action

Question 4

steps for horizon scan

Answer 4

1.ID key stakeholders
2. Kick off Explain what horizon scan means, how its conducted, how results will be utilised.
3. Research - working to timeframe assigne single isssues to stakeholders to research - (proffessional journals, online content) to id potential riss
4.output - stakeholders to document their research
5. collab/ combine - collate report and present that back to group for discussion. Visualise the risks where possible.
6. monitor and reviiew - decide which key risks you wish to look into further. conduct in depth analysis using future tools.

Question 5

risk criteria

Answer 5

ISO31000 states orgs should define risk criteria to evaluate the significance of risk and to support decision making

risk criteria measures how much risks matter to an org in relation to its ability to achieve objectives

Question 6

KPIS

Answer 6

critical indicators of progress toward an intended result

provide focus for strategic and operational improvement

analytical basis for deicsion making

Question 7

RISK articulation

Answer 7

Cause - is an element which alone or combination has the potential to give risk to a risk

An event - occurance or change or set of circumstances. Can be something expected which does not happen or sometihng that is unexpected which does not happen. Events can have multiple causes and conse

Question 8

Risk Identification

Answer 8

1. Risk identification -What are they
   identifying risk
2. Risk analysis - How important are they
   deciding on the severity of the risk
3. Risk evaluation - So what now - do we need to take action. Wether risks need treatment

Question 9

Risk assessment techniques

Answer 9

(1) checklists and questionaires
(2) workshops and brainstorming
(3) inspections and audits
(4) flowcharts and dependency analysis
(5) crowd sourcing technology

Question 10

Risk asssessment techniques - description

Answer 10

(1) checklists and questionaires
structured questionnaire checklist to collect information
assists with the recognition of significant risks

(2) workshops and brainstorming
collection and sharing of ideas at workshops to discuss events that could impact objectives, core processes or key dependencies

(3) inspections and audits
phyiscal inspections of premises and activties and audits of compliance with established systems and procedures

(4) flowcharts and dependency analysis
analysis of the processes and operations within the org to identify critical components which hare key to success

(5) crowd sourcing technology
use of mobile applications to enable individuals to upload their views on risks to a data platform

Question 11

Risk assessment techniques - Ad/Disadvantages

Answer 11

1. checklist and questionnaire
   +ADVANTAGES
   1.Consistent structure - provides consistency
   2.greater INVOLVEMENT than in a workshop
   - DISASDVANTAGES
   1.RIGID approach may result in risks being missed
   2.questions will be based on historical KNOWLEDGE
2. workshops and brainstorming
   + ADVANTAGES
   1.consolidated opinions from all interested parties
3. greater INTERACTION produces more ideas
   - DISASDVANTAGES
4. Senior management tend to dominate
5. Issues missed if incorrect people involved
6. inspections and audit
   +ADVANTAGES
7. physical evidence forms the basis of opinion
8. audit approach results in good structure
   - DISASDVANTAGES
   1.inspections are more suitable for hazard risks
9. audit approach tends to focus on historical EXPERIENCE
10. flow chart and dependency analysis
    +ADVANTAGES
    1.useful outputs that can be used elsewhere
    2.analysis produces better understanding of the processes
    – DISASDVANTAGES
    1.difficult to use for strategic risks
    2.may be very detailed and time consuming
11. Crowdsurf technology
    +ADVANTAGES
12. SPEED of collection of data
13. analysis of responses enables a DASHBOARD approach
14. diverse inputs enabled
15. encourages visual representation
    – DISASDVANTAGES
16. individuals may abuse system maliciously OR
17. find other ways to affect the system to produce incorrect outcomes

Question 12

Risk assessment workshop - brainstorming, SWOT and PESTLE

Answer 12

to have a structured decision at a risk workshop brainstorming structures are commonly used

most commonly - SWOT
benefit of SWOT - considers the upside of risk by evaluating opportunities in the external enviornment

Stregnth of SWOT - it can be linked to strategic decisions

Weakeness of SWOT - because it is not structured risk classification system its possible not all risks will be indentified

PESTLE another common approach
PESTLE is a well established risk classification system
qualitative approach
well established structure with proved results for undertaking brainstorming sessions during risk assessment workshops

Question 13

Risks can be classified in 3 ways

Answer 13

Short term risks - immediate impact. primarily operational impact
OPERATIONAL
medium term - risks that become apparent between a few months and a year
TACTICS
long term - impacting between one and 5 years after the event
STRATEGY

Question 14

FIRM scorecard classifies risks as

Answer 14

Model can be used as a tool to determine the organisations objectives, consequences of risks and sources of risk

Financial

Infrastructure

Reputational

Marketplace

Second dimension of FIRM is to classify risks that are derived:

Internally - from within the business - staff fraud (financial, infastructure risks) internal context

Externally from outside the business (for example exchange rate variability) which can be seen as repuational and market place risks. external context

Question 15

FIRM risk scorecard info

Answer 15

builds on aspects of risk - timescales of impact, nature of impact, wether risk is hazard, control opportunity and overall exposure of risk capacity

headings on FIRM scorecard provide classification of risk as financial, infastructure, reputational, marketplace

FIRM scorecard can also be used as a template for the ID of corperate objectives, stakeholder expectatinos, key dependencies.

Question 16

Qualitative evaluation of the possiblity of a risk event occuring

Answer 16

HAZOP and FMEA

both structured approaches to ensure few risks are omitted

downside - investment of a wide range of experts required

HAZOP most easily applied to manufacturing operations.

Question 17

ISO 31000:2018 defines a control as

Answer 17

a “measure that maintains and/or modifies risk,” with two additional notes:

Note 1 to entry: Controls include, but are not limited to, any process, policy, device, practice, or other conditions and/or actions which maintain and/or modify risk.

Note 2 to entry: Controls may not always exert the intended or assumed modifying effect.

Question 18

Hopkin and Thompson consider the treatment of threats using loss control which has three parts:

Answer 18

Loss prevention – controls designed to stop a risk from occurring (managing the causes).
Damage limitation – controls designed to reduce the size of the risk as soon as it has occurred (managing the impacts)
Cost containment – controls designed to reduce the long-term effect of the risk, such as business continuity managemen

Question 19

Control effectivness checklist

Answer 19

1. easy to design
   2 easy to implemenent
2. easy to maintain
   4.reduces or increases likelihood of risk (threat or op)
3. reduced or increases impact of risk
4. cost of control

Question 20

ISO 31000 (2018) combines monitoring and reviewing of risks, stating tha

Answer 20

“the purpose of monitoring and review is to assure and improve the quality and effectiveness of process design, implementation and outcomes

Question 21

Key risk indicatiors

Answer 21

key risk indicators provide information on the changes in risks,

Question 22

Key control indicators

Answer 22

key control indicators measure the effectiveness and, therefore, changes in controls.

Question 23

Reviewing a control

Answer 23

When we review a control, we need to answer two questions:

Is the control we chose to implement really the best control for the risk?
Is that control effective in practice?

We could add a third question:

Does the control provide good value for money?

Question 24

The Financial Reporting Council (FRC), in their ‘Guidance on Risk Management, Internal Control and Related Financial and Business Reporting’ goes further in expecting a number of disclosures relating to risk management in annual reports and accounts:

Answer 24

The principal risks
Whether directors have a reasonable expectation that the company will be able to continue and operate to meet its liabilities
The going concern basis of accounting
A review of and the main features of the risk management and the internal control system

Question 25

IRM risk culture definition

Answer 25

‘values, beliefs, knowledge and understanding about risk share by a group of people with a common purpose, in particular the employees of an organisation or of teams or groups within an organisation.’

Question 26

Positive apporoach to risk culture requires

Answer 26

1.Good communication of the orgs expectations of all staff - policies, presentations, staff newsletters, induction processses, job descriptions 2, convincing employees that they will personally benefit from good risk management practises 3. involvement in the risk ID process- gain buy in 4. training programmes that instil right practises and knowledge 5. investment in the use of effective IT security tools and activite and transparent monitoring of IT usage made clear to all employees

Question 27

Personality profiling - risk culture

Answer 27

scientific method of determining human personality characteristics is called personality profiling, which can help: individuals explore their core personality, work preferences and strengths. It also helps them understand how others might perceive them, how they work with others how they may need to adapt those characteristics to suit their business environment and in different crisis situations.

Question 28

IRM culture framework

Answer 28

illustrates personal predisposition at the centre of the risk cuulture then it interacts with personal ethics then behaviour and how org culture can affect risk culture IRM defined a risk culture framework to analyse, plan and act to influence risk culture within any organisation

Question 29

IRM risk culture framework

Answer 29

1. personal predisposition, personal perception of risk. spontenous or cautious traits measured using personality assessment tools - risk type compass. 2. personal ethics. ethics profile of staff. every individual how own morals which impact decisions measured using moral DNA to consider which 3 ethical conscience they have result in ethic of obedience, care or reason 3. behaviours 4. org culture individual values, beliefs and attitudes towards risk contribute to and are affected by the wider overall culture of the org double s model considers sociability - people focus how people get on social solidarity - task focus - goal orientation and team performance 5. risk culture

Question 30

Risk perceptions

Answer 30

How people perceive risk- objectively and subjectively risk has an objective reality - it will rain tomorrow or not and a subjective reality - human perception of the risk shaped by psycological, cultural factors and other - leading to people to under/over state the serverity of risk

Question 31

Identifcation of risks - why some risks might be missed

Answer 31

Misperception of risk results in incorrect or inconsistent data being collected to fully assess or correctly treat risks -different perceptions of risk (ID) - people might hide risks or present false risks for their own self-interest (ID) -different views of likelihood risk occuring (analyis) -different knowledge of the way & level in which the risk can impact (analysis) -deliberate over/understate risk severity for self-interest (analysis) -different view of an acceptable level of risk to accept (evaluation) misperce

Question 32

LILAC

Answer 32

1.Leadership- strong leadership within org 2. Involvement - involvement of all stakeholders in all stages 3.Learning - emphasis on training in RM and learning from events 4,Accountability- no blame culture, appropriate accountability for actions 5.Communication - openess and communication on all RM issues and lessons learn

Question 33

ABC model - risk culture

Answer 33

Risk attitude- chosen position adopted by an individual or group towards risk influence by risk perception Behaviour- external observable risk related actions of an individual Culture - values beliefs knowledge and understanding about risk share by a group with common purpose

Question 34

Double S model

Answer 34

Socialbility - vertical axis - people focus - how well people interact socially Solidarity - horizontal axis - task focused - goals and team performance model suggests strong sociability encourages - cohesion, common purpose and working in interconnected enviornment strong soldarity ensures risk controls and actions are implemented effectively

Question 35

Double S model

Answer 35

high sociability/high solidarity - communal high sociability low solidarity - networked high solidarity/ low sociability - mercenary low sociability/low solidarity - fragmented

Question 36

Risk appetite and tolerance - External stakeholder expectation

Answer 36

FRC - complying with external stakeholder expectations guidance for premium listed companies on UK stock exhcange boards responsibility - determining to nature and extend of principle risks faced and those risk which the org is willing to take to achieve its strategic objevtives - risk appetite annual review for an org should review effectiveness of RM and internal control and the companys willingness to take on risks - risk appetite notes for board to consider - how has the board agreed the companys risk appetite and whom has it conferred

Question 37

risk universe

Answer 37

a full range of risks that could impact either positively or negatively on the ability of the org to achieve its long term objectives

Question 38

risk appetite - criteria

Answer 38

needs to be measurable not a single fixed concept should be developed in the context of an orgs risk management capability risk appetite should take into account differing views at strategic tactical and operational level

Question 39

risk tolerance

Answer 39

the range between the risk appetite and risk capacity is risk tolerance area where risks can be tolerated for a certain amount of time whilst RM is working on bringing those risks to an acceptable level can be expressed in terms of absolutes e.g we will not expose more than x% of capital to losess in a certain line of business we will not deal with certain types of cumstomer 'deviation from the expected level of risk leading to implementation of risk escalation procedures' IRM - 'the boundaries of risk taking outside of which the org is not prepared to venture in persuit of its long term objectives

Question 40

risk capacity

Answer 40

maximum level of risk the org should be exposed to in regard to financial and other resources

Question 41

risk appetite

Answer 41

The amount of risk an org is willing to seek or accept in persuit of long term objectives- IRM two terms associated with this risks they are willing to seek and risks they are willing to accept

Question 42

4 principles of risk appetite

Answer 42

1. acknowledging interconnectivness - what is acceptable in one business unit may be out of appetite in another. There should be a way of dealing with this complexity 2. Measurability - use of KRI and KCI based on data from inside or out on org is needed to apply risk appetite consistently and realiscally. 3. variability - risks may be assessed consistently and scored against similar matrixes there will be a range of appetites for different risks 4. maturtiy - how adept an org is at managing risk will affect risk appetite. confidence of RM maturity should not be misplaced - maybe external validation?

Question 43

benefits of risk appetite

Answer 43

reduce uncertainty improving consistency across governance and decision making focus on priority areas improved on resource prioritisation

Question 44

ISO 31000 (2018) definition of risk

Answer 44

The effect of UNCERTAINTY on objectives. The effect is a deviation from the expected. Positive or negative or both.

Question 45

Benefits of IRM

Answer 45

Financial 1. increased PROFIT 2. improved FINANCIAL REPORTING 3. enhanced CORPERATE GOVERNANCE 4. REDUCED COST of funding and capital 5. better control of CAPEX approvals Infastructure 1. Improved STAFF and SUPPLIER morale 2. targeted risk and COST REDUCTION 3. efficiency and COMPETITIVE advantage 4. RESILIANCE Reputational 1. REGULATORS satisfied 2. Improved utilisation of company BRAND 3. Enhanced SHAREHOLDER value 4. Good reputation and publicity 5. Improved perception of org Marketplace 1. COMMERICAL opportunities maximised 2. better MARKETPLACE presence 3. increased CUSTOMER SPEND and satisfaction 4. Higher rate of business successes 5. Low rate of business disasters

Question 46

Scope of ISO 31000

Answer 46

1. Provides guidelines in managing risks 2. follows a common approach 2. covers the entire lifecycle of org RM 3. applied at all levels and functions 4. Decision making

Question 47

Corperate governance

Answer 47

provides assurance orgs are directed and controlled in a way that ensures success and sustainability to protect shareholder and internal/external stakeholders interests (1992 first governance code) Cadbury 20224 corperate governance code only applies to companies listed on LDN stock exchange but used widely

Question 48

Main features of uk corperate governance code

Answer 48

1. leadership headed by an effective entrepenurial board collectively responsible for the long term success of the company 2. division of responsibilities clear devision if responsibilities between leadership of the board and executive leadership of the companys business 3. composition, succession and evaluation board and comittess should have a combo of skills exp and knowledge. annual evaluation of its composition,diversity and how effectively members work together yo achieve objectives. 4. audit risk and internal control board should establish procedures to maange, oversee international control framework and determine the nature and extent of the princple risks the company is willing to take to achieve strategic objevtives 5. remmuneration anything which mentioned remuneration

Question 49

Corperate governance code section 4

Answer 49

Principle O Board should establish and maintain effective risk management and internal control framework determine the nature and extent of principle risks the company will take to achieve long term strategic objectives The Code defines principal risks noting that they ‘should include, but are not necessarily limited to, those that could result in events or circumstances that might threaten the company’s business model, future performance, solvency or liquidity and reputation the board should also consider principal risks that offer singnicant improvement to the business model, future performance, solvency, liquidity and reptuation

Question 50

Wanted requirements (CG)/ compulsory requirements

Answer 50

wanted requirements often refered to as principles orgs are expected to comply with principles set out but not mandatory to do so if they do not comply they must explain why UK- principles based compulsary requirements often known as prescriptive based org must comply this these principles or penalty for non compliance this is refered to as 'comply and sign' US - prescriptive based

Question 51

Principle based approach (UK)

Answer 51

-companies avides to avoid tick box approach -operate comply or explain or principles based regime. -code not legal requirement however listed companies required to publish their annual report and accounts where they might not be complying with the code, together with reason why they are not complying -allows shareholders and interested parties to judge the materiality or importance of non complaicne

Question 52

Prescriptive based governance

Answer 52

-comply and sign -installed into law with penalities for non complaicne for directors of publicly listed orgs - Sarbanes oxley following Enron and Worldcom scandals approach provides org with clarity in terms of compliance and a set of rules for all listed orgs often felt this approach can lead to more box ticking to avoid law and penalties

Answer 53

G20/OECD principles of corp governance (OEDCD 2015) used in many countires around world. not mandatory France - french commercial code., not mandatory. (AFEP/MEDEV) Germany - Germance governance code (GCGC) 2019. not legally binding US - sarbanes oxley act 2002 South africa King IV - apply and explain.

Question 54

NLEDS

Answer 54

Non executive directors are not employees of the org and not involved in day to day running 'non exec directors provide creative contribution to the board by providing independant oversight and constructive challenge to exec directors' independant good practice- more NEDS on board than executive directors. bring perspective and experience

Question 55

Board structures

Answer 55

Unitary - Execs and non execs serve together on one board - UK,US, AUS, SA Two-tier - Responsibility for supervision (non execs) is seperated from the responsibility of day to day (the exec) the op board oversees managerial tasks and transactions supervistory board general manages long term strategic planning and decision making and oversees operation board. - europe.

Question 56

Advantages of two tiered board

Answer 56

Although execs have more control over the appointment of NEDS, members are appointed on their expertees, CEO is prevented as serving as chair of sopervisory board - reduction in bias in decision making process main disadvantage is that two tiered boards tend to be larger than unitary boards

Question 57

unitary board advantages

Answer 57

advantages board receives more detailed info greater involved in the org and is closer to organisational strategy. disadvantage external perspective there is little distinction between management and supervision conflict of interest and loss of independence may develop

Question 58

Committees of the board - three most common (required by the UK Code)

Answer 58

Most boards delegate work through comittees Nominaton: appointment of new directors ensuring succession plans are in place for the board and executive level immedietly below it Remuneration setting executive pay Audit orgs financial reporting reviewing effectiveness of internal control & RM whistle blowing, following up on issues of bad conduct

Question 59

Comittees of board - list

Answer 59

Nomination Remuneration Aduit Operations Sustainability, Finance Members Risk appetite Strategy Emerging risks outcomes of stress testting nad internal control appropriateness of value,culture and reward

Question 60

Financial reporting council (FRC) (2024)

Answer 60

Serve the public interest by setting high standards of corp governnace, reporting and audit independant fair effective originated 1980s 2004 - audit accountancy regs 2011independant entity

Question 61

Sarbanes Oxley (SOC) Section 302 and 404

Answer 61

response to enron, worldcom and global crossing scandals EST 2006 Comply and sign SOX requires a recognised RM framework to be implemented and recomended COSO. 302 - CEO and CFO directly responsible for accuracy, docs and submission of all financial reports and internal control structure 404 - annual financial reports must report that management are responsible for adequate internal control structure and an assessment by management of the effectiveness of the structure with weakenesses being reported - registered external audtors must attest to the accuracy of managers declaration.

Question 62

Organisation for economic Co-operation and development (OECD) (2023)

Answer 62

not- for - profit org that provides policies and standards for governments, parliments, international orgs Guidlines for state owned enterprises to give advice to COUNTIRES on how to manage their responsibilties EST 2005, updated 2015 updated in 2023. 3 fold approach 1.provide knowledge and advice to inform policies and steer decision making 2.to engage and influene policy makers to enable ideas and exp to be shared 3. encourage countries and partners to develop international standards to enable a consistent approach to reach shared objectives

Question 63

The CEO

Answer 63

Determine strategic approach to risk establish structure for RM understand most critical risks consider the risk implications of poor decisions manage org in crisis

Question 64

Location manager (1 below CEO)

Answer 64

build risk aware culture within the location agree risk management performance for location evaluate reports from employeees on RM matters ensure implementatiion of risk improvement recomendations identify and report changed circumstances/risks

Question 65

Individual employees

Answer 65

Understand, accept and implement RM proceses report inefficient, unceesary or bad controls report loss events & near miss incidents cooperate with management on incident investigations ensure that visitors & contractors comply with procedures

Question 66

The risk manager

Answer 66

develop the RM policy and keep up to date responsible for developing the RASP faciliate risk aware culture within org establish internal control policies and structures coordinate rm activties complile risk information and prepare reports for the board corperate learning - so people are aware of benefits of RM

Question 67

Specialist risk management functions

Answer 67

assist company in establishing specialist risk policies develop specialist contingency and recovery plans up to date in specialist areas support investigstions of incidents and near misses (same as individual employees) preare reports on specialist risks

Question 68

internal audit manager

Answer 68

develop audit based internal audit programme audit risk processes across org provide assurance on management of risk support and help develop the RM processess report on efficiency and effectiveness of internal controls

Question 69

The companies act 2k6 in the UK

Answer 69

consolidated the common law duties of directors and codified general duteus: act in accordance of allocated duties act in accordance with the constitution of the company promote the success of the compant exercise independant judgement exercise reasonable care, skill & diligence avoid/declar conflict of interests do not accept benefits from third parties

Question 70

Non exec directors

Answer 70

assisgt with formation of strategy & monitor performance role on nled: strategy: constructively challenge & help develop proposals on strategy Performance: scrutinize performance of managment Risk: challenge the integrity of financial info Controls: seek assurance that financial controls & system of RM are robust & defensive People: determine appropraite level of remmuneration/ succession planning confidence: seek to establish & maintain confidence in the CONDUCT of company independence: in judgement and promote openeness & trust knowledge: be well informed about company & external enviornment and strong commnand of relevant issues

Question 71

CRO

Answer 71

-Champion of the ERM process -Bringing together different RM processes tailored for different requirements to form COHESIVE view - working with other to establish effective mgement of risk, monitor progress & assist in reporting relevant RI most senior exec with responsibility & accountability for RM process. Responsibilies: Insiight & context - use knowledge of internal & external influences to ensur robust RM in responsive and agile orgs Strategy and performance - develop a rm strategy to meet org needs risk management process - managing RM process ORG capability - developing & managing a skilled, agile & responsive risk org

Question 72

overarching role of internal audit

Answer 72

IIA - independent objecvtive assurance and consulting activity designed to add value and improve orgs operations 1.evaluating orgs management of risks 2.enhances the effeciveness and efficiency of the business 3. assessing management of risk & assisting in management of improving internal controls 4. remain indepedence from operatinoal management internal audit reports direcrtly to chair of audit comittee audit comittee may sit in finance team - head of internal audiy may report to finance director

Question 73

internal audit activites

Answer 73

REVIEWING management of key risks EVALUATING the reporting of key risks EVALUATING rm process GIVING ASSURANCE risks are correctly evaluated GIVING assurance on RM process roles with safeguards facilitating ID & evaluation of risks coaching management in responding to risks co-ordinating ERM activties consolidated ERM activies consolidated reporting on risks maintaining and developing ERM framework championing establishment of ERM developing RM strategy for board approval

Question 74

Internal audit team techniques to provide assurance

Answer 74

statistical sampling techniques, risk prioritisation techniques assurance mapping.

Question 75

Organisational viability

Answer 75

Going concern - Viable future - for next 12 months longer term viability statement - reasonable expectation - they will be ablev to continue in operation & meet liabilities - significantly longer than q12 months from approval of financial statements

Question 76

Risk articitecture

Answer 76

roles responsibilities communication and risk reporting structure

Question 77

Risk stategy

Answer 77

risk strategy appetite attitudes phiosolophy

Question 78

risk protocols

Answer 78

defined in risk guidlines for the org rules and procedures rm methedologies tools and techniques that should be used

Question 79

ISO 2018

Answer 79

8 prinicipels 1.customised proportionate 2. stakeholder involvement 3. structured compherehesive approach 4. rm integral part of all org activites 5. anctipates,detects, acknolowedges and responds to change 6. limitations of available info 7. human and cultural 8. continual improvement

Question 80

COSO double helix 2017 - concept

Answer 80

ERM should be embedded into activties of an org - including: mission vision and core values strategy development business objevtive formulation implementagtion and performance ehanced value

Question 81

COSO double helix 2017 - principles

Answer 81

1. Governance and culture sets tone establishes oversight responsibiltiies culture relates to ethical values, desired behaviours and understanding of risk 2. Strategy and objective setting ERM, strategy & objective setting work together in the strategic planning process risk appetite - alligned with stategy and business objectives 3. Performance risks that can impact achievement of strategy and business objectives. identify, assess, prioritise by severity in conext of risk appetite, so risks responses can be selected 4. Review & revision reviewing entity performance org can consider ERM effectiveness 5. Informatiotion, communication and reporting continual process of obtaining and sharing neccessary info both internal/enteral.

Question 82

Benefits of ERM - FIRM

Answer 82

Financial reduced cost of FUNDING and CAPITAL enhanced corperate governance accurate financial risk reporting increasred profitability better control of capex approvals Infastructure efficiency & competitive advantage resiliance improved supplier & staff morale targeted risk & cost reduction reduced OPERATIONAL COSTS Reputational regulators satisfied imrpoved company brand enhancecd shareholder value good reputation and publicity improved perception of org Marketplace commercial opportunities maximised better marketplace presence increased customer spend & satisfaction high ratio of business successses low ratio of business disasters