RM 6

Question 1

WHAT IS THE DIFFERENCE BETWEEN TRAD SILO BASED RISK MANAGEMENT & ERM

Answer 1

Trad
– Risks are viewed WITHIN the line of business
– RM work in ISOLATION
– Multiple and invomparable Risk metrics
– Risk aggregation mostly absent
– Risk type managed using specific risk transfer instruments
– management and transfer of risk cant be integrated with balance sheet management and financing strats

ERM
– Risks are viewed ACROSS business lines, risk types, functional units
– RM work in an integrated environment (interact w/ dept heads, l. managers, CRO)
– RM gramework revolve around cross risk universal metrics
– Tools and integrated frameworks make it possible to measure ERM
– multitrigger instruments can be deployed, cutting costs.
– enable env for integrating balance sheet maangement and financing strats

Question 2

ERM according to _____

the approach to managing all of an organization’s key business risks and opportunities with the intention of maximizing stakeholder value.

Answer 2

BS 31100

Question 3

ERM according to _____

Enterprise risk management is designed to enhance corporate decision-making with tools being developed and implemented to support actions ranging from optimization of the insurance programme to analysis of overseas expansion plans, business mix or capital allocation.

Answer 3

ACT (Association of Corporate Treasurers)

Question 4

ERM according to _____

Enterprise risk management is a process, effected by an entity’s board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, manage risk to be within its risk appetite and to provide reasonable assurance regarding the achievement of entity objectives.

Answer 4

COSO ICAEW (Institute of Chartered Accountants in England and Wales)

Question 5

ERM according to _____

A rigorous and co-ordinated approach to assessing and responding to all risks that affect the achievement of an organization’s strategic and financial objectives.

Answer 5

IIA (Institute of Internal Auditors)

Question 6

ERM according to _____

All the processes involved in identifying, assessing and judging risks, assigning ownership, taking actions to mitigate or anticipate them and monitoring and reviewing progress.

Answer 6

HM Treasury

Question 7

10 FEATURES OF ERM

(give first 5 para di ma mental overload)

Answer 7

1. Encompasses all AREAS of organizational exposure to risk (financial, operational, reporting, compliance, governance, strategic, reputational, etc.
2. Prioritizes and MANAGE those EXPOSURE as an interrelated risk portfolio rather than as individual ‘silos’ of risk.
3. Evaluates the RISK PORTFOLIO in the context of all significant internal and external contexts, systems, circumstances and stakeholders.
4. Recognizes that individual risks across the organization are INTERRELATED and can create a COMBINED EXPOSURE that differs from the sum of the individual risks.
5. Provides a STRUCTURED PROCESS for the management of all risks, whether those risks are primarily QUANTI or QUALI in nature

Question 8

10 FEATURES OF ERM

(give last 5 para di ma mental overload)

Answer 8

6. Seeks to EMBED RM as a component in all critical DECISIONS throughout the organization.
7. Provides a MEANS for the org to identify the risks that it is willing to take in order to ACHIEVE STRATEGIC OBJ.
8. Constructs a means of COMMUNICATING on RISK ISSUES, so that there is a common understanding of the risks faced by the organization, and their importance.
9. Supports the activities of INTERNAL AUDIT by providing a structure for the PROVISION of assurance to the board and audit committee.
10. Views the effective management of risk as a COMPETITIVE ADVANTAGE that contributes to the achievement of business and strategic objectives.

Question 9

7 REASONS WHY ADOPT ERM PROGRAM

Answer 9

1. Improved risk assessment, increased risk awareness
2. An integrated response to the full range of risks
3. Alignment of the organization’s tolerance for risk with its strategies and practices
4. Fewer operational surprises and losses
5. Increased competitive advantage
6. Reduced earnings volatility
7. Better compliance with corporate governance guidelines

Question 10

7 BARRIERS TO IMPLEMENTATION OF ERM PROGRAM

Answer 10

1. Rigid organizational culture
2. Lack of committed leadership
3. Turf battles between departments over responsibilities
4. Lack of a formal process
5. Lack of information sharing and transparency
6. Technological deficiencies
7. Lack of commitment to the design and implementation of the program

Question 11

FINANCIAL BENEFITS OF ERM

Answer 11

Reduced cost of funding and capital
Better control of CapEx approvals
Increased profitability for organization
Accurate financial risk reporting
Enhanced corporate governance

Question 12

Infrastructure

Answer 12

Efficiency and competitive advantage
Achievement of the state of no disruption
Improved supplier and staff morale
Targeted risk and cost reduction
Reduced operating costs

Question 13

Reputational

Answer 13

Regulators satisfied
Improved utilization of company brand
Enhanced shareholder value
Good reputation and publicity
Improved perception of organization

Question 14

Marketplace

Answer 14

Commercial opportunities maximized
Better marketplace presence
Increased customer spend (and satisfaction)
Higher ratio of business successes
Lower ratio of business disasters

Question 15

Achieving Successful ERM

Answer 15

1. Engage senior management and board of directors to provide organizational support and resources.
2. Establish an independent ERM function reporting directly to a board member.
3. Establish the risk architecture at executive and board levels, supported by internal

(insert RM archi)

4. Develop the ERM framework that incorporates an appropriate risk classification system.

(insert RM components)

5. Develop a risk aware culture fostered by a common language, training and education.
6. Provide written procedures with a clear statement of the risk appetite of the organization.
7. Agree monitoring and reporting against established objectives for risk management.
8. Undertake risk assessments to identify accumulations and interdependencies of risk.
9. Integrate ERM into strategic planning, business processes and operational success

(insert RM business model)

10. Contribute to the success of the origanization by delivering measurable benefits

Question 16

4 ERM Process steps in order

Answer 16

1. Risk Ident
2. Risk Analysis
3. Selection of Risk Treatment
4. Implement & Monitor the Program

Question 17

one of the 4 ERM Process

during Risk I. (which is broader under ERM),

In addition to the property, liability, personnel related, and financial risks that an organization faces, additional risks are considered such as _____, _____, and other risks that may affect organization’s ____ (give 6), …….

Answer 17

perational risks
strategic risks

reputation

political risks,

supply chain risks,

cybersecurity,

regulatory risk and

compliance with legal and reporting requirements, and

other organizational specific exposures

Question 18

one of the 4 ERM Process

during Risk A.

Additional analysis tools may be employed. Some of these tools are _______ (give 4)

Answer 18

risk mapping and catastrophe modeling), financial analysis tools, predictive modeling, etc.

Question 19

one of the 4 ERM Process

Implementation stage of a “new” ERM program may be difficult, it requires ___

Answer 19

a commitment to the program and a fundamental change in how many employees in the organization view risk.

terrorism risk
climate change risk
cyber liability risk

Question 20

what are the 6 management tools in erm

Answer 20

1. Risk Management Information System (RMIS)
   .
2. Risk Management Intranet
3. Predictive Analytics
4. Risk Maps

Value at Risk (VAR) Analysis

Catastrophe Modeling

Question 21

One of the 4 management tools in erm

is a computerized database that permits the risk manager to store, update, and analyze risk management data and to use such data to predict and attempt to control future loss levels.

Answer 21

RM INformation SYstem

informations stored and managed:

Risk management policy and protocols

Risk profile data, values and information

Risk management action plans (risk register)

Risk improvement plans and implementation

Insurance values and cost of risk data

Insurance claims handling and management protocols

Insurance policy coverage and other information

Historical loss/claims experience/information

Business continuity plans and responsibilities

Disaster recovery plans and responsibilities

Corporate governance arrangements and reports

Emergency contact arrangements and contact details

Question 22

One of the 4 management tools in erm

is a private network with search capabilities designed for a limited, internal audience.

Answer 22

RM Intranet

Question 23

One of the 4 management tools in erm

is the analysis of data to generate information that will help make more informed decisions.

Answer 23

predicitive analystics

Question 24

One of the 4 management tools in erm

are grids detailing the potential frequency and severity of risks faced by the organization.

Answer 24

risk maps

Question 25

RM framework: defines roles, responsibilities, communication and risk reporting structure

Answer 25

risk archi

Question 26

RM framework: are defined in the risk guidelines for the organization and include the rules and procedures, as well as the risk management methodologies, tools and techniques that should be used

Answer 26

risk protocols

Question 27

_____ _______ are defined in the risk management policy

Answer 27

Risk strategy, appetite, attitude and philo

Question 28

One of the 4 management tools in erm is the worst probable loss likely to occur in a given time period under regular market conditions at some level of confidence. it is often applied to a portfolio of assets, such as a mutual fund or a pension fund and similar to the concept of "maximum probable loss" in traditional property and liability risk management

Answer 28

value at risk (var) analysis

Question 29

One of the 4 management tools in erm is a computer assisted method of estimating losses that could occur as a result of a catastrophic event. Input variables include such factors as seismic data, meteorological data, historical losses, and values exposed to loss (e.g., structures, population, business income). The output from the computer analysis is an estimate of likely results from the occurrence of a catastrophic event, such as a category 5 hurricane or an earthquake of magnitude 7.8 on the Richter scale.

Answer 29

catastrophe modeling

Question 30

is the likelihood of losses resulting from changes in the financial market. It arises through countless transactions of a financial nature such as sales & purchases; investments & loans, legal transactions, new projects, mergers & acquisitions, debt financing; the energy component of costs or through the activities of management, stakeholders, competitors, foreign

Answer 30

financial risk

Question 31

Three Main Sources of Financial Risk

Answer 31

1. exposure to changes in market prices, such as interest rates, currency exchange rates, and commodity prices. 2. arising from the actions of, and transactions with other organizations . 3. resulting from internal actions or failures of the organization,

Question 32

____ may be considered to be the type of risk that will disrupt normal everyday activities. In financial institutions, it is differentiated by the fact that there is a need to quantify these risks in terms of potential financial loss.

Answer 32

Operational risk

Question 33

_____ defines operational risk as 'the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events'.

Answer 33

Basel II

Question 34

Types of Risks Associated with Basel II

Answer 34

1. internal fraud, including misappropriation of assets, tax evasion and bribery 2. external fraud including theft, hacking and forgery 3. employment practices and workplace safety 4. clients, projects and business practices 5. damage to physical assets 6. business interruption and systems failures 7. execution, delivery and process management

Question 35

4 Categories of Risks Associated with Basel II

Answer 35

People risks process risks system risks external risks

Question 36

an approach to risk management associated, in particular, with banks, insurance companies and other financial institutions, where the measurement of the level of 'operational risk' is required by Basel II, Solvency II or similar requirement.

Answer 36

Operational Risk Management

Question 37

Principles of Operational Risk Management (Basel II)

Answer 37

1. The board is responsible for establishing the operational risk strategy. 2. Senior management is responsible for implementing the operational risk strategy. 3. Information, communication and escalation flows must be established. 4. Operational risks inherent in activities, processes, systems and products should be identified. 5. Processes necessary for assessing operational risk should be established. 6. Systems should be implemented to monitor operational risk exposures and loss events. 7. Policies, processes and procedures to control or mitigate operational risks should be in place 8. Supervisors should require banks to have an effective system to identify, measure, monitor and control operational risk. 9. Supervisors should conduct regular independent evaluations of these principles. 10. Sufficient public disclosure should be made to allow stakeholders to assess the operational risk exposure and the quality of operational risk management.

Question 38

is concern about the risks embedded within the delivery of the project on time, within budget and to quality, and the reason why the project was undertaken. it is a type of control management. is a well-developed discipline, with risk control and (especially) event management as the risk management activities that are most important. It is one of the more sophisticated and successful areas for the application of risk management tools and techniques.

Answer 38

Project Risk Management

Question 39

Responses to Uncertainties in Project Management

Answer 39

1. Accept the risk or uncertainty 2. Adapt activities and procedures 3. Adopt contingency plans and responses 4. Avoid the risk or uncertainty

Question 40

______ is defined as a business approach to achieving long term value for shareholders and broader stakeholders through responsible environmental, social and governance practices. It is an active process of managing risks and seizing opportunities arising from environmental, social and governance practices, at both strategic and operational levels. This stipulates that responsible environmental performance, social engagement and economic growth, can co exist to create profit while safeguarding communities and the environment.

Answer 40

sustainability

Question 42

6 benefits of srm

Answer 42

reputation and brand strength ----- According to UN Global Compact, reputation accounts to 10% of the marketing value of a company and 45% of a company's reputation is based on social performance. competitive advantage and productivity ----- 53% of the companies surveyed indicated that much of theirs sustainability behavior is motivated by innovation improved stakeholder's value ------- shareholders resolutions filed with public companies in 2010 increased by 45% compared to 2009. operational efficiency financial efficiency improved human and intellectual capital

Question 43

read only ERM and Business Continuity Planning (BCP) The risk assessment that is required as part of the ERM process and the business impact analysis that is the basis of BCP are closely related. . Ensuring continuity is obviously part of an ERM approach. It should be considered that BCP is part of ERM, but it is not the whole of ERM activity. There is a strong similarity in approach and the business continuity and disaster recovery activities should take place within the context of a broader ERM initiative, as appropriate.

Answer 43

ERM and Internal Audit internal auditors will need to establish their priorities for the testing of controls. Having identified the critically important controls, the auditor will need to check that the controls are implemented in practice and that they are the correct and effective controls. The outcome of testing of controls is to ensure that the intended level of risk is actually achieved in practice. In other words, the control actually moves the level of risk from the inherent level to the intended current level in the way that was planned and often assumed. If the control is not effective and efficient, it will need to be modified. The ultimate decisions on the controls and their effectiveness have to be made by the members of line management who are responsible for the controls.

Question 44

ERM and Corporate Governance Most countries in the world place corporate governance requirements on organizations. These requirements are particular to companies quoted on stock exchanges, organizations that are registered charities and government departments, agencies and authorities. Risk management is an integral part of the successful corporate governance of every organization. A basic definition of corporate governance is 'the system by which organizations are directed and controlled'. Corporate governance is therefore concerned with systems, processes, controls, accountabilities and decision-making at the highest level and throughout an organization. Because corporate governance is concerned with the way that senior management fulfils their responsibilities and authority, there is a large component of risk management contained in the overall corporate governance structure for every organization.

Answer 44

.

Question 45

The purpose of corporate governance is to:

Answer 45

o facilitate accountability and responsibility for efficient and effective performance and ethical behavior; o protect executives and employees in undertaking the work they are required to do; and o ensure stakeholder confidence in the ability of the organization to identify and achieve outcomes that its stakeholders value.

Question 46

There are two main approaches to the enforcement of corporate governance standards:

Answer 46

Rules-based approach - based on the view that companies must be required by law (or by some other form of compulsory regulation) to comply with established principles of good corporate governance. Principles-based approach (or "Comply or Explain" approach) - based on the view that a single set of rules is inappropriate for every company.

Question 47

intended to raise the corporate governance standards of Philippine corporations to a level at par with its regional and global counterparts adopts the comply and exchange approach

Answer 47

Securities and Exchange Commission’s Code of Corporate Governance for PubliclyListed Companies

Question 48

This approach combines voluntary compliance with mandatory disclosure. Companies do not have to comply with the Code, but they must state in their annual corporate governance reports whether they comply with the Code provisions, identify any areas of non-compliance, and explain the reasons for non-compliance.

Answer 48

comply and exchange approach

Question 49

_____ the system of stewardship and control to guide organizations in fulfilling their long-term economic, moral, legal and social obligations towards their stakeholders.

Answer 49

corporate governance

Question 50

is a system of direction, feedback and control using regulations, performance standards and ethical guidelines to hold the Board and senior management accountable for ensuring ethical behavior – reconciling long-term customer satisfaction with shareholder value – to the benefit of all stakeholders and society.

Answer 50

corporate governance

Question 51

SEC’s Code of Corporate Governance for Publicly-Listed Companies

Answer 51

The Board’s Governance Responsibilities 2. Disclosure and transparency Internal Control System and Risk Management Framework 4. Cultivating a Synergic Relationship with Shareholders Duties To Stakeholders

Question 52

Successful ERM initiatives

Answer 52

* Maturity of ERM capabilities enables partner organizations to be more agile and flexible in responding to business needs. * ERM is not a stand-alone or discrete activity, but a part of everyday life – a performance improvement effort. * Effective ERM is conducted at the corporate level in order to communicate policy and provide support to the entire organization. * ERM is successful when championed at the enterprise level and owned by the CEO and board of directors. * Formal ERM is provided in ERM, so that risk management is part of the strategic planning process and everybody becomes a risk manager. * Mature ERM practices leverage technology to automate data capture and report risk measures. * Measurement frameworks provide a comprehensive understanding of the value of ERM.

Question 53

SEC’s Code of Corporate Governance for Publicly-Listed Companies strategic guidance of the company, effective monitoring of management by the board, and accountability of the board to the company and shareholders

Answer 53

The Board’s Governance Responsibilities -

Question 54

SEC’s Code of Corporate Governance for Publicly-Listed Companies timely and accurate disclosure is made on all material matters, including the financial situation, performance, ownership, and governance

Answer 54

Disclosure and transparency

Question 55

SEC’s Code of Corporate Governance for Publicly-Listed Companies to ensure the integrity, transparency and proper governance in the conduct of its affairs, the company should have a strong and effective internal control system and ERM framework

Answer 55

Internal Control System and Risk Management Framework

Question 56

SEC’s Code of Corporate Governance for Publicly-Listed Companies - treat all shareholders fairly and equitably, and also recognize, protect and facilitate the exercise of their rights

Answer 56

Cultivating a Synergic Relationship with Shareholders

Question 57

SEC’s Code of Corporate Governance for Publicly-Listed Companies recognize the rights of stakeholders and encourage active cooperation in creating wealth, jobs and sustainabilit

Answer 57

Duties To Stakeholders