BEC 1 - ERM

Home > Preview

The flashcards below were created by user BethG on FreezingBlue Flashcards.


  1. What is the purpose of ERM according to COSO? What does ERM stand for?
    • Enterprise Risk Management
    • A process applied in strategy setting
    • designed to identify potential events that may affect the entity,
    • and then manage these events within its risk appetite,
    • to provide reasonable assurance regarding the achievement of entity objectives.
  2. What are the ERM objectives and a brief definition?
    • Strategic: high-level goals designed to achieve the mission
    • Operations: effective & efficient use of resources
    • Reporting: dissemination of timely, accurate information
    • Compliance: with laws and regulations
  3. What are the 8 components of ERM?
    • OR-I-CRIME
    • Objective setting
    • Risk Response
    • ---
    • Internal Environment
    • ---
    • Control Activities
    • Risk Analysis
    • Information and communication
    • Monitoring
    • Event identification
  4. What are the key elements of the ERM Internal Environment?
    • EBOCA-HAP
    • Ethical values and integrity (and what happens when these are violated)
    • Board oversight
    • Organizational structure (such as centralized vs decentralized structure)
    • Commitment to Competence
    • Accountability = authority & responsibility
    • Human resources standards (hiring, promoting, compensating)
    • Appetite for Risk
    • Philosophy on Risk
  5. What is Risk Appetite? To which component does this key element belong?
    • The amount of risk an organization will accept in the pursuit of value maximization. It is used to balance strategy with return.
    • Belongs in the Internal Environment element.
  6. What is the difference between Risk Appetite and Risk Tolerance?
    • Risk Appetite refers to the risk associated with balancing acceptable levels of risk vs return (or growth).
    • Risk Tolerance is the accepted level of variation relative to the achievement of objectives. Ex: An airline's objective is 95% on time arrivals; the acceptable tolerance is 85-95%.
  7. What are some internal and external event influencing factors (categories)?
    • EXTERNAL
    • STEP-N
    • social (demographics)
    • technological (new distr channels)
    • economic (recession, new competitors)
    • political (change in regs)
    • natural (storm)
    • INTERNAL
    • TIPP
    • technology (theft of intellectual property)
    • infrastructure (assets, capital)
    • personnel
    • process
  8. What are some event identification techniques?
    • Event Inventories = lists of potential events common to companies in an industry
    • Internal Analysis
    • Escalation or Threshold Triggers = A comparison of an activity to predefined criteria (such as variances from standards)
    • Brainstorming
    • Analytics such as trend analysis
  9. What is inherent risk?
    The risk to an organization that exists if management takes no action.
  10. What is residual risk?
    The risk to an organization that exists after management takes action.
  11. What are the four ERM Risk Responses to risk?
    • Avoidance -- Divest of the activity giving rise to the risk. Ex; Terminate an underperforming product line rather than improve its performance; or outsource
    • Reduction -- Actions to reduce risk. Ex; hire competent people
    • Sharing -- offload a portion of the risk to someone else. Ex; purchase insurance; use hedges
    • Acceptance -- This is based on risk appetite, or realizing it can't be avoided but has little impact
  12. What are specific examples of ERM control activities can be utilized by management?
    • Reviews
    • Segregation of duties
    • Use of written policies and procedures to ensure consistency and carryover
    • Physical Controls
    • Information processing
  13. What is ERM Information and Communication and its key elements?
    • Make certain the right people have the right info, in a timely manner
    • OIE
    • Obtain and use data
    • Internal Reporting
    • External Reporting
  14. Even if an entity properly utilizes an ERM or Internal Control framework, what are some limitations that can derail these efforts?
    • Bad decisions
    • Human error
    • Poor objective setting
    • External events beyond the entity's control
    • Circumvention of policies through collusion
    • Management override of policies or procedures
  15. Ethics is considered part of which type of objective: (1) reporting, (2) operations, (3) strategic, (4) compliance
    Ethics is a compliance issue.
  16. Attempting to rank in the top quarterile for the industry is considered part of which type of objective: (1) reporting, (2) operations, (3) strategic, (4) compliance
    strategic
  17. Responding to the needs of customers and suppliers is considered part of which type of objective: (1) reporting, (2) operations, (3) strategic, (4) compliance
    operations
  18. Developing a uniform chart of accounts is considered part of which type of objective: (1) reporting, (2) operations, (3) strategic, (4) compliance
    reporting
  19. Developing objectives such as the entity comforms to GAAP is considered part of which type of objective: (1) reporting, (2) operations, (3) strategic, (4) compliance
    Reporting
  20. Developing an objective to maintain a safe level of carbon dioxide emissions during production is considered part of which type of objective: (1) reporting, (2) operations, (3) strategic, (4) compliance
    Compliance
  21. Which of the following provides oversight of an entity's ERM? (1) financial executives, (2) the risk officer, (3) management, (4) the board of directors
    The board of directors
  22. What is the purpose of the event identification activity?
    To identify events that could influence the corporation, and then distinguish whether the event is positive (opportunity) or negative (risk)
  23. What are the 4 stages of the monitoring-for-change continuum?
    • (1) Control Baseline = understanding the internal control systems design and whether controls have been implemented
    • (2) Change Identification = The use of evaluations to identify and address changes in internal control effectiveness
    • (3) Change Management = the possibility of establishing a new control baseline in response to revised needs
    • (4) Control Revalidation/Update = the confirmation of a control's effectiveness
  24. Establishing an ethics hotline and assigning a corporate officer to conduct ethics training and to monitor the hotline is considered part of which type of objective: (1) reporting, (2) operations, (3) strategic, (4) compliance
    Compliance

Card Set Information

Author:
BethG
ID:
330473
Filename:
BEC 1 - ERM
Updated:
2017-05-18 00:02:38
Tags:
BEC
Folders:

Description:
Becker BEC 1 ERM Review
Show Answers:

Home > Flashcards > Print Preview