Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Corporate Governance > Risk > Flashcards

Risk Flashcards

1
Q

List four important corporate governance roles with risk

A

DMCC

  1. Defining the risk that the organization is prepared to take in delivering its strategy
  2. Ensuring risks are managed and understood
  3. Ensuring that robust internal controls are in place to manage risk
  4. Creating a risk culture
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

List four Business Risks

A
  1. Reputational risk: the risk of loss in customer loyalty or support due to an event that has damaged the company’s reputation.
  2. Competition risk: the risk that business performance will be affected because of the actions of the company’s competitors.
  3. Business environment risks: the risk that the business environment in which the company operates will change significantly. This may be due to political factors, regulatory factors, economic factors, social and environmental factors or technological factors.
  4. Liquidity risk: the risk that the company will have insufficient cash to settle all of its liabilities on time.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

List four Governance Risks

A

SIPP

1.Structure – from boards and steering groups to business models and policy frameworks.
2. Processes – from new product processes and communication channels to operations, strategic planning and risk appetite.
3. Information – from financial performance and audit reporting to management, risk and compliance reporting.
4. People and culture – from leadership at the top to accountability and transparency throughout the organisation, including relationships with regulators.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the three main types of Internal Controls

A
  1. Preventative controls intended to prevent an adverse risk event from occurring, e.g. fraud by employees.
  2. Detective controls for detecting risk events when they occur, so that the appropriate person is alerted, and corrective action taken.
  3. Corrective controls for dealing with risk events that have occurred and their consequences.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are the five stages for the development of a Risk Management System

A

DARM-R

  1. Definition & Identification
  2. Assessment
  3. Response
  4. Monitoring
  5. Reporting
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

List the six categories of risk used for purpose of identification

A
  1. Financial
  2. Liquidity
  3. Credit
  4. Operational
  5. Strategic
  6. Reputational
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the formula to calculate a risk assessment

A

Risk Assessment = Likelihood Rating X Impact Rating

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

List 5 benefits of a risk management system?

A

OMPVC

  1. Increases the likelihood of achieving business objectives.
  2. Facilitates monitoring and mitigation of risk in key projects and initiatives.
  3. Provides a platform for regulatory compliance For financial performance
  4. Protects and enhances value by prioritising and focusing attention on managing risk across an organisation.
  5. Builds investor, stakeholder and regulator confidence.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are examples of Corporate Governance roles within Risk

A
  1. Defining the risk that the organization is prepared to take in delivering its strategy
  2. Ensuring risks are managed and understood
  3. Ensuring that robust internal controls are in place to manage risks
  4. Creating a risk culture
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

List 4 benefits of a company having a risk committee

A
  1. Focused only on Risk
  2. Audit Committee may not have the required skills and experience
  3. The composition of the committee is not restricted by the requirements of the corporate governance code.
  4. It can give the board advice and make specific recommendations on risk appetite, the organisation’s risk tolerance and strategies to manage risk.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is the recommended constitution for a Risk Committee?

A
  1. The risk committee should consist of at least three members, all of whom should be independent directors.
  2. The Committee should include at least one member of the audit committee and/or remuneration committee and/or include one non-executive director specifically responsible for risk.
  3. Members of the committee should have appropriate knowledge, skills, and expertise to fully understand risk appetite and strategy/members as a whole should have relevant risk expertise.
  4. The committee as a whole should have relevant competence relevant to the sector in which the company operates.
  5. The finance director/CFO and the chief risk officer should attend committee meetings regularly.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Provide five functions of a Risk Committee

A
  1. Overseeing the CRO’s role and responsibilities and providing direction on them.
  2. Monitoring the behaviour of management to ensure that there is not excessive risk taking and take appropriate actions if such behaviours are discovered.
  3. Providing assurance to the board that risk management and processes for control over risk are effective.
  4. Providing information to the board to help with strategy formulation
  5. Reviewing and approving statements to be included in the annual report concerning internal controls and risk management.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

List 5 tasks of Internal Audit

A
  1. Value for Money (VFM) audits.
  2. Reviewing compliance by the organisation with particular laws or regulations.
  3. Risk management assessment
  4. Assessing Suitability of controls
  5. Reports To Audit Committee/Risk Committee and Board
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are five benefits of an internal Audit function

A
  1. Understands the organisation, its culture, operations and risk profile and can add value to the organisation’s processes
  2. Can build networks throughout the organisation, become integrated into the company’s business and as such become the ‘eyes and ears’ of the board
  3. Provide assurance to stakeholders on the integrity of the organisation’s systems
  4. Become an essential part of the checks and balances within the organisation
  5. could be a lower-cost option, depending on the make-up of the team.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

List five areas of illicit activity is a whistleblowing policy designed to uncover?

A
  1. Fraud
  2. A serious violation of a law or regulation by the company or by directors, managers or employees within the company
  3. A miscarriage of justice
  4. Bribery
  5. Price-fixing
  6. Danger to public health or safety, such as dumping toxic waste in the environment or supplying food that is unfit for consumption
  7. Neglect of people in care
  8. Waste or misuse of public funds
  9. Bullying
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are the six procedures for the introduction of a whistleblowing procedure

A

PPPPRM

1.Identify purpose, scope and coverage
2.Develop procedures for reporting a matter
3.Develop process for dealing with, ensuring anonymity and protection of the whistleblower, whilst ensuring ongoing communication
4.Create policy and circulate throughout company
5.Provide reports to to the board (or audit committee)?
6.Ongoing monitoring of procedure

17
Q

Define Risk

A

the effective of uncertainty on objectives, whether positive or negative.’
International Standard ISO31000

Risk refers to the possibility that something unexpected or not planned for will happen.

18
Q

How should you respond to Risk?

A

ARTA
1. Avoidance: responses which reduce the likelihood of the risk occurring. This usually means that the organisation shuts down or sells that part of the business that is causing the risk.
2. Reduction: responses that reduce the negative impact or take advantage of opportunities for positive impact.
3. Transfer: responses that transfer the risk somewhere else.
5. Acceptance: responses that retain the risk because it is deemed to be not a significant threat or the organisation has no control over it.

19
Q

What the ways to identify risk?

A
  1. Mind mapping
  2. Process mapping
  3. Stress testing
  4. Use of internally generated documents
    - Business impact studies
    - Market research reports
    - Expert reports on areas such as health and safety, development,
20
Q

What Steps should you put in place for a disaster recovery plan?

A

Identifying the team of employees who are responsible for dealing with
the breach and for putting the disaster recovery plan in place.

Identifying the key company operations that are reliant on IT systems and which are essential to the company’s business continuity.

Having a back-up IT system which is ring-fenced and could operate as a replacement whilst the IT systems are down and considering how and where employees will be able to access that system.

Setting out the process for identifying the source and impact of the cyber-attack and how it can be halted or contained.

Setting out immediate steps that are needed to control and contain the
incident in the first 24 hours.

Setting out the longer-term steps needed to respond to the incident.

Procedures and protocols for immediate and on-going internal communications to relevant stakeholders

21
Q

What Steps should you put in place for a disaster recovery plan?

A

Identifying the team of employees who are responsible for dealing with
the breach and for putting the disaster recovery plan in place.

Identifying the key company operations that are reliant on IT systems and which are essential to the company’s business continuity.

Having a back-up IT system which is ring-fenced and could operate as a replacement whilst the IT systems are down and considering how and where employees will be able to access that system.

Setting out the process for identifying the source and impact of the cyber-attack and how it can be halted or contained.

Setting out immediate steps that are needed to control and contain the
incident in the first 24 hours.

Setting out the longer-term steps needed to respond to the incident.

Procedures and protocols for immediate and on-going internal communications to relevant stakeholders

22
Q

What Steps should you put in place for a disaster recovery plan?

A

Identifying the team of employees who are responsible for dealing with
the breach and for putting the disaster recovery plan in place.

Identifying the key company operations that are reliant on IT systems and which are essential to the company’s business continuity.

Having a back-up IT system which is ring-fenced and could operate as a replacement whilst the IT systems are down and considering how and where employees will be able to access that system.

Setting out the process for identifying the source and impact of the cyber-attack and how it can be halted or contained.

Setting out immediate steps that are needed to control and contain the
incident in the first 24 hours.

Setting out the longer-term steps needed to respond to the incident.

Procedures and protocols for immediate and on-going internal communications to relevant stakeholders

Corporate Governance (11 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions