CHAPTER 5

avatar
Created by
マライア

Cards (31)

  • Control Activities
    Specific risk management policies and procedures throughout the organization, at all levels and in all functions, to ensure that risk responses are properly executed
    View source
  • Event Identification
    Component of risk management whereby management identifies potential events, internal or external, that may affect the company's ability to achieve its strategic, operational, reporting, and compliance objectives
    View source
  • Impact
    Pertains to the magnitude, significance, or consequence of the event or risk to the company
    View source
  • Internal Environment
    Component of enterprise of risk management that reflects the company's risk management philosophy, risk appetite, board oversight, commitment to ethical values and competence of the human resource, and the assignment of authority and responsibility
    View source
  • Information and Communication
    Component of enterprise risk management that identifies, captures, and communicates pertinent information from internal and external sources to enable personnel in carrying out their responsibilities
    View source
  • Inherent Risk
    The susceptibility of the company to risk in the absence of any actions management might take to alter the risk's likelihood or impact. These inherent risks may result from the nature of the company's operation, industry, strategy, environmental, and other factors
    View source
  • Likelihood
    Pertains to the probability of the occurrence of an event
    View source
  • Monitoring
    Ongoing activities and separate evaluations that aim to assess both the existence and effective functioning of the risk management components and the quality of their performance over time
    View source
  • Objective Setting
    Component of enterprise risk management that deals with what the entity seeks to achieve. Objective setting is a prerequisite to the identification and assessment of risks
    View source
  • Residual Risk
    The risk that remains after applying management's response to the risk
    View source
  • Risk Assessment
    Evaluation of the identified risks through assessing their likelihood and impact to the company
    View source
  • Risk Map
    A visual representation of assessed risks whereby significant and insignificant risks are distinguished through color-coding
    View source
  • Risk Response
    Component of enterprise risk management that deals with what management plans to do with assessed risks. Responses could be to accept, reduce, share, or avoid the risk
    View source
  • COSO cube
    A diagram on how 2004 COSO-ERM framework is illustrated
    View source
  • Internal Environment
    • Risk Management Philosophy
    • Risk Appetite
    • Board of Directors
    • Integrity and Ethical Values
    • Commitment to Competence
    • Organizational Structure
    • Assignment of Authority and Responsibility
    • Human Resources Standards
    View source
  • Objective Setting
    • Strategic Objectives
    • Related Objectives
    • Selected Objectives
    • Risk Appetite
    • Risk Tolerance
    View source
  • 8 Components of Risk Management
    1. Internal Environment
    2. Objective Setting
    3. Event Identification
    4. Risk Assessment
    5. Risk Response
    6. Control Activities
    7. Information and Communication
    8. Monitoring
    View source
  • Potentially negative events
    Risks
    View source
  • Potentially positive events
    Opportunities
    View source
  • Event Identification
    • Events
    • Influencing Factors
    • Event Identification Techniques
    • Event Interdependencies
    • Event Categories
    • Distinguishing Risks and Opportunities
    View source
  • Risk Assessment
    • Inherent and residual risk
    • Establishing likelihood and impact
    • Data sources
    • Assessment techniques
    • Event relationships
    View source
  • Portfolio view of Risks

    Enables management to analyze their (risks) enterprise-wide effects
    View source
  • Risk Response
    • Evaluating Possible responses
    • Selected responses
    • Portfolio view
    View source
  • Types of Control Activities
    • Preventive
    • Detective
    • Corrective
    View source
  • Control Activities
    • Integration with risk response
    • Types of control activities
    • Policies and procedures
    • Controls over info system
    • Entity specific
    View source
  • Monitoring
    • Ongoing monitoring activities
    • Separate evaluations
    • Reporting deficiencies
    View source
  • Professional Judgment
    Applied in selecting the appropriate risk rating
    View source
  • Risks on the bottom left corner of the risk map
    Low Likelihood/Low Impact
    View source
  • Risks on the top right corner of the risk map
    High Likelihood/High Impact
    View source
  • Moderate Risks
    High Likelihood/Low Impact and High Impact/Low Likelihood
    View source
  • 2 ways of monitoring
    • Ongoing monitoring activities (routine mgt reviews)
    • Separate evaluations (internal auditors)
    View source