Lesson 10 Flashcards
1.1 Explain why culture is an integral component of the enterprise risk management framework
Culture reflects an entity’s ethics, values, belief, attitudes, desired behaviours and understanding of risk.
ERM helps people understand risk and a risk aware culture stresses the importance of managing risk and encourages transparent and timely flow of risk information
1.2 Explain the significance of the board’s role in ERM
The board has the responsibility for risk oversight and in many countries has a fiduciary responsibility to its stakeholders including conducting reviews of the ERM practices
1.2 Explain the significance of board member independence in ERM
Independence allows directors to be objective and evaluate the performance and well being of the entity without any conflict of interest or undue influence of interested parties.
The board should serve as a check and balance
1.3 Provide 7 examples of things that may impede a board member’s independence
Independence may be impeded if a board member:
1) Holds a substantial financial interest in the entity
2) Is currently or has recently ben employed in an executive role by the entity
3) Has recently advised the board of directors of the entity in a material way
4) Has a material business relationship with the entity (supplier/customer)
5) Has donated a significant financial amount to the entity
6) Has business or personal relationships with key stakeholders within the entity
7) Sits as a board member of other entities that represent potential conflicts of interest
1.4 Explain how the concept of suitability of enterprise risk management influences an entity’s decision about its risk management approach
Suitability of ERM refers to an entity’s ability to manage risk to an acceptable amount.
The ERM capability needed for a given entity is influenced by the complexity of the entity which in turn influences its needs and the benefits it wants or expects from ERM
2.1 Explain how an entity’s choice of governance and operating model influences its risk management practies
Risk governance sets the tone, reinforcing ERM and establishing oversight responsibilities.
Different operating models may result in different perspectives of a risk profile.
For example assessing risk within a decentralized model may indicate few risks whereas a centralized model may indicate a concentration of risk - perhaps relating to a certain customer type, foreign exchange or tax exposure
2.2 Outline factors that influence an entity’s choice of operating model (6)
1) The entity’s strategy and business objectives
2) Nature, size and geographic distribution of the entity’s business
3) Risks related to the entity’s strategy and business objectives
4) Assignment of authority, accountability, and responsibility in all levels of the entity
5) Type of reporting lines (direct/solid line vs secondary reporting) and communication channels
6) Financial, tax, regulatory and other reporting requirements
2.3 Outline the role and characteristics of risk management oversight structures and explain how these structures differ by type of entity
Entities may delegate the responsibility to an oversight committee that gathers information on how risk associated with the strategy occurs across the entity.
Entities with complex legal structures may have several committees with some overlapping members. This committee structure should be aligned with the entity’s reporting structure to allow decisions to be made with full awareness of the risks of those decisions
In smaller entities the structure may be less formal with management more involved in day-to-day execution of the ERM strategy
3.1 Explain the role of culture in risk aware decision making
Culture influences how risk is identified, what risks are accepted and how they are managed.
A culture in which people do the right thing at the right time is critical to an entity being able to pursue opportunities and minimize risk in achieving the strategy and business objectives
3.2 Explain the concept of culture spectrum and provide an example of how it works in ERM
The culture spectrum goes from Risk averse to risk aggressive. The higher on the spectrum the greater the propensity for and acceptance of the amount of risk necessary to achieve goals
For example a hedge fund is likely a risk aggressive entity.
3.3 Outline factors that influence where an entity falls on the culture spectrum (4 internal 3 external)
Internal:
- how EEs interact with one another and managers
- the standards and rules of conduct
- the physical layout of the workplace
- rewards system
External
- regulatory requirements
- expectations of customers
- expectations of investors
3.4 Describe strategies for fostering a risk aware culture (7)
1) Maintaining strong leadership
2) Employing a participative management style
3) Enforcing accountability for all actions
4) Embedding risk in decision making
5) Having open and honest discussions about the risks facing the entity
6) Encouraging risk awareness across the entity
Employees should know what the entity stands for and the boundaries in which they can operate.
4.1 Define organizational “tone” and “tone in the middle”
Tone is defined by the operating style and personal conduct of both management and the board. Lead by example
Tone in the middle is a view o tone taken in larger entities that from time to time different markets and challenges may put pressure on different levels of the entity resulting in a change in tone
The more tone can remain consistent throughout the entity the more consistent the performance of ERM strategies will be.
4.2 Explain the role of standards of conduct in ERM (3 reasons + overall purpose)
3 reasons for establishing a code of conduct are:
1) Establishing what is acceptable and unacceptable
2) Providing guidance for navigating what lies between acceptable and unacceptable
3) Reflecting laws, regulations, standards and other expectations that the entity’s stakeholders may have, such as corporate social responsibility
The purpose of a code of conduct is to communicate the entity’s expectations of ethics and desired behaviours, including behaviours relating to ERM and decision making.
4.3 Explain why responding to deviations in standards of conduct is critical to ERM
Appropriate responses ensure that the entity’s culture is not undermined.
4.3 List 8 reasons why codes of conduct may not be adhered to
1) Tone at the top doesn’t convey expectations
2) Board does not provide oversight of management’s adherence to standards
3) Middle management and functional managers are not aligned with the entity’s mission, vision, core values, strategy and risk response
4) Risk is an afterthought to strategy setting and business planning
5) Performance targets create incentives to compromise ethical behavior
6) Process for investigating and resolving excessive risk taking is inadequate
7) Intentional or deliberate non-compliance exists
4.4 Explain the role of individual accountability in enterprise risk management
Individuals make up the entity and individual accountability is fundamental to ethics and enterprise risk management
4.5 Explain how perceptions of communication, transparency and retribution impact ERM
Management is responsible for cultivating open communication and transparency about risk and risk taking. Management should make sure that this this is valued .
Providing a variety of channels for both management and employees to report concerns about potentially inappropriate risk taking, business conduct or behaviour without fear of retribution or intimidation is evidence of open communication and transparency.
5.1 Identify measures that provide evidence of enforcement of accountability for enterprise risk management (4)
1) Management and the board of directors are clear on the expectations
2) Management ensures that information on risk flows through the entity - how decisions are made and how risk is considered as part of decisions are communicated
3) Employees are committed to collective business objectives (individual targets and objectives align)
4) Management responds to deviations from standards and behaviours (corrective actions are taken)
5.2 Explain how performance incentives and rewards influence ERM
Performance is significantly influenced by the extent to which EEs are held accountable and how they are rewarded.
Incentives should align with the ERM strategy
5.3 Describe how pressure affects individuals in an entity
Pressure can motivate individuals to meet expectations or cause them to fear the consequences of not achieving strategy and business objectives
5.3 List 7 things that excessive pressure can be associated with
1) Unrealistic performance targets, particularly with short term results
2) Conflicting business objectives of different stakeholders
3) Imbalance between rewards for short term financial performance and those for long term focused stakeholders such as corporate sustainability targets
4) Certain points during the regular cycles of specific tasks
5) Unexpected external factors such as a sudden dip in the economy
6) Change in the business context such as increased market competition or other market competitor action
7) Change in strategy, operating model, acquisition or divestiture activity
5.4 Explain how an entity’s compensation structure can influence enterprise risk management
Aligning an employees compensation to the organizational structure can help achieve strategy and business objectives.
If these are not aligned an entity can end up encouraging detrimental behaviour.
6.1 Outline HR factors considered by an entity when developing ERM competence
1) Knowledge, skills and experience with ERM
2) Nature and degree of judgement and limitations of authority to be applied to a specific position
3) Costs and benefits of different skill levels and experience
Succession planning should also take place
