2. Risk Management – Flashcards

1. The maturity model approach is based on the principle that effective risk management processes develop as value is added at each stage of maturation. 2. The process element approach determines whether each element has been implemented 3. The key principles approach determines the extent to which risk management creates and protects value, is fully integrated with management at all levels, etc.

Control activities are policies and procedures to ensure the effectiveness of risk responses

Risk modeling in a consulting service is done by ranking the engagement's potential to (1) improve management of risks, (2) add value, and (3) improve the organization's operations (Impl. Std. 2010.C1). Senior management assigns a weight to each item based on organizational objectives. The engagements with the appropriate weighted values are included in the annual audit plan.

Directors' attitudes are a key component of the internal environment. They must possess certain qualities to be effective.•A majority of the board should be outside directors. •Directors generally should have years of experience either in the industry or in corporate governance. •Directors must be willing to challenge management's choices. Complacent directors increase the chances of adverse consequences.

Inherent risk is the risk when management has not taken action to reduce the impact or likelihood of an adverse event. Thus, it is risk in the absence of a risk response.

1.Evaluating strategies, 2.Setting related objectives, and 3.Developing risk management methods.

1. Design of framework. 2. Continual improvement. 3. Monitoring and review.

1. Ability of the internal audit staff. 2. Local conditions and customs of the country. 3. Organizational culture.

Risk exploitation seeks risk to pursue a high return on investment

The enterprise risk management approach set forth by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) attempts to approach an organization as a whole instead of focusing on any specific area or risk

Judgment of the internal auditors. Assessing the risk of an activity entails analysis of numerous factors, estimation of probabilities and amounts of potential losses, and an appraisal of the costs and benefits of risk reduction. Consequently, in assessing the magnitude of risk associated with any factor in a risk model, informed judgment by the internal auditor is required.

The maturity model approach is based on the principle that effective risk management processes develop as value is added at each stage of maturation. Accordingly, this approach determines where risk management is on the maturity curve and whether it (1) is progressing as expected, (2) adds value, and (3) meets organizational needs.

Strategic and operational matters are affected by external events that the entity may not control. Thus, ERM should provide reasonable assurance that management and the board receive timely information about whether those objectives are being achieved. Reporting and compliance are within the entity's control. Accordingly, ERM should provide reasonable assurance of achieving those objectives

The use of derivatives by the organization. The organization designs risk management processes based on its culture, management style, and business objectives. For example, the use of derivatives or other sophisticated capital market products by the organization could require the use of quantitative risk management tools. But the internal auditor determines that the methodology chosen is sufficiently comprehensive and appropriate for the nature of the organization

The internal audit activity's role in the risk management process of an organization can change over time and may include responsibilities along a continuum that extends from (1) no role; (2) auditing the risk management process as part of the internal audit plan; (3) active, continuous support and involvement in the risk management process, such as participation on oversight committees, monitoring activities, and status reporting; and (4) managing and coordinating the process (PA 2120-1, para. 4).

When ERM is effective regarding all of the objectives, the board and management have reasonable assurance that (1) reporting is reliable, (2) compliance is achieved, and (3) the extent of achievement of strategic and operations objectives is known.

Preventing loss of reputation and resources.

The correct order for performing the first four phases of the enterprise risk management (ERM) process is as follows: internal environment, objective setting, event identification, risk assessment.

High significance, medium likelihood.

Monitors risk as part of the enterprise risk management team. A chief risk officer is a member of management assigned primary responsibility for enterprise risk management processes. The chief risk officer is most effective when supported by a specific team with the necessary expertise and experience related to organization-wide risk.

Risk response is a separate component of the COSO ERM model from the internal environment component.

Significant risks and ongoing monitoring activities are assessed by the internal audit activity as part of the risk management process (Inter. Std. 2120). But review of previous risk evaluation reports is a means of obtaining evidence for an assessment.

Residual risk. It is the risk after a risk response.

1.Quicker response to opportunities. 2.Better capital allocation. 3.Reduction of operational surprises and losses

Increasing the net present value of investments is an operational objective. It would be determined after consideration of the entity's risk appetite and other strategic factors.