Module 1 - Unit 3: Enterprise risk management Flashcards Preview

International Certificate In Risk Management (IRM) > Module 1 - Unit 3: Enterprise risk management > Flashcards

Flashcards in Module 1 - Unit 3: Enterprise risk management Deck (19)
Loading flashcards...

List 6 features of an ERM approach

1. Covers all areas of orgs risk exposure
2. Sees risks as interrelated
3. Evaluates risk in the context of internal and external contexts, systems and stakeholders
4. Provides a structured process for the management of all risks
5. Constructs a means of communicating on risk issues so there is a common understanding
6. Views effective management of risk as contributing to the achievement of business and strategic objectives.


Compare and contrast ERM with traditional forms of risk management



Use a sentence to define "internal environment"

People's attitudes, entity's risk management philosophy and risk appetite.


Use a sentence to describe "objective setting"

Establishing what the org is setting out to achieve in order to identify events that could obstruct this.


Use a sentence to describe "event identification"

Identifying internal and external events or circumstances that could impact the achievement of the org's objectives.


Use a sentence to describe "risk assessment"

Assessing the inherent and residual risk levels of a potential event based on likelihood and impact in order to plan how it is managed.


Use a sentence to describe "risk response"

The decision to either avoid, accept, reduce or share risk. Actions aligned to tolerance and appetite of the organisation.


Use a sentence to describe "control activities"

Policies and procedures to ensure risk responses are effectively carried out.


Use a sentence to describe "information and communication/monitoring"

Relevant information identified and communicated in a form and timeframe that enables people to carry out their responsibilities.


Explain why the first element on the side face of the COSO ERM Cube is described as "Entity-Level"

ERM begins at entity level (where tolerance, appetite and objectives are agreed) and is cascaded through the organisation


Full implementation of ERM across a large org is likely to be measured
a) up to 6 months
b) 6 months to 1 year
c) 1-3 years
d) more than 3 years

More than three years.


List 4 ways in which an organisation can benefit from an ERM approach


F - inancial e.g. Reduced cost of capital, increased profitability
I - nfrastructure e.g. Reduced disruption, efficiency, reduced operating costs
R- eputational e.g. Regulators satisfied, enhanced shareholder value, improved perception of organisation
M - arketplace e.g. Commercial opportunities maximised, better presence, higher ratio of business success, low ratio of disasters


Identify one method you could use to assess the benefits of an investment in ERM

Identify performance measurements aligned to the FIRM scorecard


Provide four difficulties or barriers with the implementation of the ERM approach. Try to provide solutions!

1. Lack of support/commitment from senior management
🅰 identify a sponsor on the main board and confirm shared and common priorities.

2. Not seen as a core part of b/s activity, too time consuming
🅰 align with core processes and achievement of the objectives of the org

3. Approach too complicated and over-analytical
🅰 establish appropriate level of sophistication for framework and undertaking of risk assessments

4. Risk Management seen as static, not required for a dynamic org
🅰 - align with objectives and business decision making activities


Briefly describe the three levels of context for risk management

1. Internal Context
- mission, culture, processes, environment, capacity

2. External Context
- product, market forces, social and political circumstances, legal & regulatory

3. Risk Management Context
- the aim of risk management within the org, who is responsible, resources available


Define ERM

Identifying and evaluating significant and interdependent risks, assigning ownership and responding in line with the orgs risk appetite in order to produce useful information for decision making and assurance of achieving objectives.


What 8 elements appear on the front face of the COSO ERM cube and describe the risk management process?

Internal environment
Objective setting
Event identification
Risk assessment
Risk response
Control activities
Information and communication
Monitoring and review


What are the 4 types of objectives that make up the top of the COSO ERM cube?



What 4 levels of implementation appear on the side of the COSO ERM cube?

Cascading from the front:

Entity level
Business unit