Module 2 - Unit 5: Risk Assurance & Reporting Flashcards Preview

International Certificate In Risk Management (IRM) > Module 2 - Unit 5: Risk Assurance & Reporting > Flashcards

Flashcards in Module 2 - Unit 5: Risk Assurance & Reporting Deck (8)
Loading flashcards...

What do we mean by the 'control environment'?

The whole range and interaction of controls that address risks and support the achievement of objectives including resources, systems, processes, culture, structure and tasks.


Describe the 'three lines of defence' used to provide assurance of good risk management

1. Business managers (responsible for applying the risk man. framework)

2. Risk management function (responsible for supporting and challenging the RM activities and designing the RMF)

3. Internal audit (responsible for providing independent and objective assurance on the robustness of the RMF and the effectiveness of internal control


How do the Institute of Internal Auditors define internal auditing?

Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organisation's operations.

It helps an organisation accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.


How does internal audit fit into the “three lines of defence” model?

Internal audit represents the third line of defence.

Its role is to provide assurance over the effectiveness of the control environment and it also assesses the operation of the risk management strategy and activities in the organisation.


What are the four overarching responsibilities of an audit committee?

1. External audit

2. Internal audit

3. Financial reporting

4. Regulatory reports


What information on risk are companies required to disclose in their annual report and accounts?

Companies are required to disclose their principal risks and uncertainties in their annual report and accounts.


Why do many organisations not regard “reputation” as a risk category?

Most organisations regard damage to reputation as a consequence of the occurrence of risk events, rather than a risk in itself


The Nolan principles of public life underpin governance activities within government departments, agencies or authorities. List all 7.