COSO - Enterprise Risk Management Questions + Answers Graded A+

COSO Framework - Enterprise Risk
Management (ERM)
Managing risk - Risk response - ✔️✔️is an action taken to bring identified risks within
the organization's risk appetite.

Managing risk - Residual Risk Profile - ✔️✔️includes risk responses.

Managing risk - Target residual risk - ✔️✔️is the risk the entity prefers to assume
knowing that management has acted or will act to alter its severity.

Value Created - ✔️✔️when the benefits obtained from the resources used exceed their
costs.

Value Preserved - ✔️✔️when the value of resources used is sustained.

Value Realized - ✔️✔️when benefits are transferred to stakeholders.

Value Eroded - ✔️✔️when management's strategy does not produce expected results
or management does not perform day-to-day tasks.


Mission - ✔️✔️is the organization's core purpose.

Vision - ✔️✔️is the organization's aspirations for what it intends to achieve over time.

Core values - ✔️✔️are the organization's essential beliefs about what is acceptable or
unacceptable.

Capabilities - ✔️✔️are the skills needed to carry out the entity's mission and vision.

Practices - ✔️✔️are the collective methods used to manage risk.

Integrating strategy setting and performance - ✔️✔️- Risk must be considered in
setting strategy, business objectives, performance targets, and tolerance.
- The organization considers the effect of strategy on its risk profile and portfolio view.

Strategy - ✔️✔️- communicates how the organization will
(a) achieve its mission and vision and
(b) apply its core values.

, - must support the organization's mission, vision, and core values.

Business objectives - ✔️✔️are the steps taken to achieve the strategy.

Tolerance - ✔️✔️- is the range of acceptable variation in performance results.
- identical term in the COSO internal control framework is "risk tolerance"

Risk profile - ✔️✔️- is a composite view of the types, severity, and interdependencies
of risks related to a specific strategy or business objective and their effect on
performance.
- may be created at any level (e.g., entity, division, operating unit, or function) or aspect
(e.g., product, service, or geography) of the organization.

Portfolio view - ✔️✔️- is similar to a risk profile.
- The difference is that it is a composite view of the risks related to entity-wide strategy
and business objectives and their effects on entity performance.

Managing risk - Risk - ✔️✔️is "[t]he possibility that events will occur and affect the
achievement of strategy and business objectives."

Managing risk - Opportunity - ✔️✔️is any action or potential action that creates or
alters goals or approaches for the creation, preservation, or realization of value.

Managing risk - Reasonable expectation - ✔️✔️- provided through effective ERM
practices
- cannot provide absolute assurance that the risk assumed is appropriate

Managing risk - Risk Inventory - ✔️✔️consists of all identified risks that affect strategy
and business objectives.

Managing risk - Risk Capacity - ✔️✔️is the maximum amount of risk the organization
can assume.


Enterprise Risk Management - Integrating with Strategy and Performance (COSO ERM
framework) - ✔️✔️is a framework that complements, and incorporates some concepts
of, the COSO internal control framework.

The COSO ERM framework provides - ✔️✔️a basis for coordinating and integrating all
of an organization's risk management activities.

Effective integration: - ✔️✔️1. Improves decision making and
2. Enhances performance.