SU5.3 Flashcards
(16 cards)
What are the five interrelated components of the COSO framework for ERM?
Governance and Culture, Strategy and Objective-Setting, Performance, Review and Revision, Information, Communication, and Reporting
Each component is essential for effective Enterprise Risk Management.
What does Governance and Culture establish within an organization?
Governance sets the entity’s tone and establishes responsibilities; culture is reflected in decision-making.
Governance and culture are the foundation for all other components.
How is ERM integrated into an organization’s strategy?
Through objectives that align with understanding the business context and setting risk appetite.
This integration allows for insight into internal and external factors of risk.
What is the purpose of the Performance component in ERM?
To identify and assess risks affecting achievement of objectives, categorize risks, select risk responses, and monitor performance.
This helps develop a portfolio view of risk levels.
What does the Review and Revision component focus on?
Reviewing performance relative to targets to determine the effectiveness and value of ERM.
This is crucial for ongoing improvement in risk management practices.
What is the role of Information, Communication, and Reporting in ERM?
To ensure continual processes for obtaining and sharing information related to risk, culture, and performance.
Both internal and external information support ERM efforts.
What are the three ribbons representing common processes in ERM?
Blue, Green, and Purple ribbons.
These ribbons illustrate the interconnected processes within the ERM framework.
What do the yellow and red ribbons represent in the ERM framework?
Supporting aspects of ERM.
They complement the main processes represented by the other ribbons.
What is the relationship between ERM integration and value enhancement?
When ERM is integrated across Governance, Strategy, and Performance, it can enhance value.
This integration is vital for effective decision-making.
What does assessing ERM involve?
Assuring stakeholders that risks are managed to an acceptable level through evaluation of ERM culture, capabilities, and practices.
This assessment can be voluntary or required by law.
True or False: ERM can provide absolute assurance on achieving objectives.
False
ERM can provide reasonable assurance but not absolute assurance.
What should be considered during the assessment of ERM?
Presence and functioning of components and principles, integrated operation of components, and relevant controls.
These factors ensure a comprehensive evaluation of ERM effectiveness.
What factors can increase the complexity of assessing ERM?
Geography, industry, nature, technology, regulatory oversight.
These factors must be tailored for the entity’s specific context.
Fill in the blank: The _______ component of ERM includes establishing operating structures and defining risk appetite.
[Governance and Culture]
Fill in the blank: The _______ component is concerned with categorizing risks according to severity and probability.
[Performance]
What does the term ‘risk appetite’ refer to in the context of ERM?
The amount and type of risk an organization is willing to pursue or retain in alignment with its strategy.
It is essential for effective strategy and objective-setting.
