Internal Auditing - Risk Management

Card Set Information

Author:
acelaker
ID:
283727
Filename:
Internal Auditing - Risk Management
Updated:
2014-09-21 18:41:28
Tags:
Internal Auditing Risk Management
Folders:

Description:
Internal Auditing - Risk Management
Show Answers:

Home > Flashcards > Print Preview

The flashcards below were created by user acelaker on FreezingBlue Flashcards. What would you like to do?


  1. What framework do we use
    COSO
  2. COSO
    Committee of Sponsoring Organization of the Treadway Commission
  3. Explain why external auditors, regulators and other external bodies play
    Additional lines of defense
  4. What layer in the governance structure is risk management
    Middle
  5. Risk Management does what?
    • Id and mitigate risks
    • exploit opportunities that enable success

    Define: possibility that an even will occur and adversely affect objectives

    NOT A SINGLE POINT
  6. ERM - Enterprise Risk Management (COSO DEFINITION)
    Process effected by all, designed to id potential events that may affect entity and manage risk within the risk appetite and provide reasonable assurance regarding achievement of entity's objective

    ONGOING
  7. ERM - Enterprise Risk Management (OVERVIEW)
    • Ongoing
    • Effected by all
    • Applied to organization strategy
    • Across Organization
    • ID Potential risks
    • Provide reasonable assurance
    • Geared toward achievement of objective
  8. ERM Framework
    • Top - Objectives
    • Front - Components
    • Side - Business Structure
  9. Objectives (ERM)
    Top

    • Strategic
    • Operations
    • Reporting
    • Compliance
  10. ERM -  Objective - STRATEGIC
    High level goals aligned with and support of organizations mission
  11. ERM - Objective - OPERATIONS
    Broad goals promoting the effective and efficient use of resources
  12. ERM - Objective - REPORTING
    Goals focusing on reliability of external and internal reporting
  13. ERM - Objective - COMPLIANCE
    Goals enforcing compliance with applicable laws and regulations
  14. ERM - Components - INTERNAL
    • Tone of organization
    • Basis for all other components of ERM
    • Discipline and Structure
    • Basis for how risk and control are viewed and addresses
  15. ERM - Components - OBJECTIVE SETTING
    • Set at strategic level
    • Serve as basis for ops, reporting, compliance
    • must be aligned with risk appetite
  16. ERM -  Objective STEPS
    • (SORC)
    • Strategic
    • Operations
    • Reporting
    • Compliance
  17. ERM -  Component STEPS
    • (IOERRCIM)
    • Internal Environment
    • Objective Settings
    • Event identification
    • Risk Assessment
    • Risk Response
    • Control Activities
    • Info and Communication
    • Monitoring
  18. ERM -  Business Structure STEPS
    • (EDBS)
    • Entity level
    • Division
    • Business Unit
    • Subsidiary
  19. ERM - Components - EVENT IDENTIFICATION
    • Id potential events that may adversely affect entity
    • Events with negative impact require management assessment and response
  20. ERM - Components - RISK ASSESSEMENT
    • Consider extent to which potential events have impact
    • Likelihood and Impact
    • Qualitative and Quantitative
  21. ERM - Components - RISK RESPONSE
    • (ARSA)
    • Avoidance
    • Reduction
    • Sharing
    • Acceptance
  22. ERM - Components - CONTROL ACTIVITIES
    • Policies and procedures that help ensure mgmnt risk responses are carried out
    • Top Level, Activity mgmt, Physical controls
  23. ERM - Components - INFO/COMMUNICATIONS
    • Pertinent info is id, captured and communicated
    • info mus be: Timely, current, accurate and reliable, appropriate and accessible
  24. ERM - Components - MONITORING
    • Ongoing
    • Separate evaluation
    • Combination
  25. ERM Roles and Responsibilities: BOARD
    provides oversight and direction to management
  26. ERM Roles and Responsibilities: MGMNT
    Responsible for all activities of organization
  27. COSO Outlines responsibilities of CRO as
    • Establish ERM polocies
    • Framing authority and accountability
    • Guiding integration 
    • report to CEO on progress and outliers
  28. Top Down View of ERM (FUNNEL)
    Inherent Risk (GROSS RISK)

    • Entity level controls:
    • *Governance controls/Mgmt oversight controls
    • *Process level controls
    • *Transaction level controls

    Residual Risk (NET RISK)
  29. Internal Audit Role in ERM (FAN)
    • Core ERM(Green-left)
    • *assurance on risk mgmt process
    • *assurance risk correctly evaluated
    • *evaluate risk mgmt process
    • *evaluate report of key risks
    • *review mgmt of key risks
    • Legitimate to safeguard(Yellow-middle)
    • *facilitate is of risks
    • *coach mgmt in responding to risks
    • *coordinate ERM activities
    • *consolidate reporting on risks
    • *maintain an develop ERM framework
    • Roles should not do(Red-right)
    • *setting risk appetite
    • *imposing risk mgmt process
    • *mgmt assurance on risks
    • *taking decisions on risk appetite
    • *implementing risk response on mgmt behalf
    • *accountability for risk mgmt

What would you like to do?

Home > Flashcards > Print Preview