M2 Enterprise Risk Management Frameworks

Question 1

Framework to assist organizations in developing a comprehensive response to risk management

Answer 1

COSO - Enterprise Risk Management (ERM)

Question 2

The possibility that events will occur and affect the achievement of strategy and business objectives

Answer 2

RISK

Question 3

Defined by the entity type but usually shaped by strategies that balance market opportunities against the risks of pursing those opportunities

Answer 3

Value

Question 4

Management decisions will affect the development of value, including its ___, ___, ___, ____ (CPER)

Answer 4

C = Creation
P = Preservation
E = Erosion
R = Realization

Question 5

Value (CPER) - when benefits of value exceed the costs of resources used

Answer 5

Value creation

Question 6

Value (CPER) - faulty strategy and inefficient/ineffective operations cause value to decline

Answer 6

Value erosion (cost > benefit)

Question 7

Value (CPER) - when ongoing operations efficiently and effectively sustain created benefits (sustainable operating profit)

Answer 7

Value Preservation

Question 8

Value (CPER) - when benefits created by the organization are received by stakeholders in either monetary or nonmonetary form

Answer 8

Value Realization

Question 9

As defined by COSO - the culture, capabilities, and practices, integrated with strategy-setting and performance, that organizations rely on to manage risk in creating, preserving and realizing value

Answer 9

Enterprise risk management (ERM)

Question 10

Mnemonic to remember the definition of Enterprise Risk Management (CCPIS)

Answer 10

Culture
Capabilities
Practices
Integration with Strategy-setting and performance

Question 11

Represents the types and amounts of risk, on a broad level, that an organization is willing to accept in pursuit of value; range provides guidance on the practices an organization is encouraged to pursue or not pursue

Answer 11

Risk appetite

Question 12

All risk that could impact an entity

Answer 12

Risk Inventory

Question 13

the amount of risk of having strategy and business objectives that is appropriate for an entity, recognizing that no one can predict risk with precisioin

Answer 13

Reasonable Expectation

Question 14

What are the 5 components of Enterprise Risk Management

Answer 14

GOPRO
G = Governance and culture (DOVES)
O = strategy and Objective setting (SOAR)
P = Performance (VAPIR)
R = Review & Revision (SIR)
O = information, communication, and reporting (ONGOING) (TIP)

Question 15

Component of Enterprise Risk Management that together form a base for all other components of ERM; sets entity tone at the top and is reflected in decision making

Answer 15

Governance and Culture (G in GOPRO)

Question 16

What are the 5 principles of Governance and culture (G in GOPRO)

Answer 16

DOVES
D = defines Desired culture
O = exercises board Oversight
V = demonstrates commitment to core VALUES
E = attracts, develops an retains capable EMPLOYEES
S = establishes operating STRUCTURE

Question 17

Component of Enterprise Risk Management that considers both internal and external factors and their effect on risk framed by business context; risk appetite, and allow strategy to be put into practice and shape the entity’s day-to-day operations and priorities

Answer 17

strategy and OBJECTIVE-setting (O in GOPRO)

Question 18

What are the 4 principles of strategy and Objective-Setting (O in GOPRO)?

Answer 18

SOAR
S = evaluates alternative STRATEGIES
O = formulates business OBJECTIVES
A = ANALYZES business context
R = defines RISK appetite

Question 19

Component of ERM that identifies and assesses risks that may affect and entity’s ability to achieve its strategy and business objectives represent the performance component; risk is prioritized according to severity; responses are selected and monitored; resulting portfolio view

Answer 19

Performance (P in GOPRO) - similar to risk assessment in internal control framework

Question 20

What are the 5 principles of Performance (P in GOPRO)?

Answer 20

VAPIR
V = develops portfolio VIEW
A = ASSESSES severity of risk
P = PRIORITIZES risk
I = IDENTIFIES risk
R = implements risk RESPONSES (ARTS)

Question 21

What are the risk responses (ARTS)?

Answer 21

A = Avoid
R = Reduce (diversification)
T = Transfer (sharing - joint ventures, insurance)
S = Self-insured

Question 22

Risk Responses (ARTS) Chart
Frequency/Likelihood
HIGH LOW
Severity HIGH
LOW

Answer 22

Frequency/Likelihood
HIGH LOW
Severity HIGH Avoid Transfer (share)
LOW Reduce Self-insured (accept)

Question 23

Component of ERM that allows an organization to consider how well the enterprise risk management capabilities and practices have increased value over time and will continue to drive value in light of substantial changes

Answer 23

Review and Revision (R in GOPRO)

Question 24

What are the 3 principles of Review and Revision (R in GOPRO)

Answer 24

SIR
S = assess SUBSTANTIAL change
I = pursues IMPROVEMENT in ERM
R = REVIEWS risk and performance

Question 25

Component of ERM that is the continual, iterative process of obtaining information and sharing it throughout the entity; both internal and external

Answer 25

Information, communication and Reporting (ONGOING) (O in GOPRO)

Question 26

What are the 3 principles of ONGOING information, communication and reporting? (O in GOPRO)

Answer 26

TIP T = leverages information & TECHNOLOGY (OIE) I = communicates risk INFORMATION P = reports on risk, culture, and PERFORMANCE

Question 27

Risk to an organization if management does nothing to alter the likelihood or impact of a negative event

Answer 27

Inherent Risk

Question 28

Risk to an organization after management takes actions to reduce the likelihood or impact of a negative events

Answer 28

Residual Risk | = Inherent risk - impact of management actions

Question 29

An organizations risk appetite has been exceed when the combined likelihood and impact of ___ events

Answer 29

When the combined likelihood and impact of negative events significantly exceed residual risks

Question 30

All risk that could impact an entity

Answer 30

Risk Inventory

Question 31

The amount of risk of having strategy and business objectives that is appropriate for an entity, recognizing that no one can predict risk with precision

Answer 31

Reasonable expectation

Question 32

The trends, events, relationship, and other factors that may influence, clarify or change an entity's current and future strategy and business objectives

Answer 32

Business context

Question 33

The maximum amount of risk that an entity is able to absorb in the pursuit of strategy and business objectives

Answer 33

Risk Capacity

Question 34

A composite view of the risk assumed at a particular level of the entity of aspect of the business that positions management to consider the types, severity, and inter-dependencies of risk and how they may affect performance relative to the strategy and business objectives

Answer 34

Risk profile

Question 35

A composite view of the risk the ENTITY FACES (parent level) which positions management and the board to consider the types, severity and interdependencies of risk and how they may affect the entity's performance relative to its strategy and business objectives

Answer 35

Portfolio view

Question 36

The ability of an entity to withstand the impact of large-scale events (i.e. financial crisis)

Answer 36

Organizational sustainability

Question 37

the measurement of efforts to achieve or exceed the strategy and business objectives

Answer 37

Performance management