enterprise risk management Questions and Answers 100% Solved correctly

Enterprise Risk Management (ERM) - includes methods and processes used by organizations to manage risks and seize opportunities related to the achievement of objectives Risk Oversight - the board's supervision of the risk management framework and risk management process Risk Management - the responsibility(s) of a company's management team in relation to risk understanding an organization: step 1 - identifying the organization's objectives, stakeholder obligations, statutory duties, and the enviroment in which the organization operates understanding an organization: step 2 - identifying the activities, assets/resources, including those outside the organization, that support the delivery of these product services (process mapping) understanding an organization: step 3 - assessing the impact/consequences over time of the failure of these activities/assets/resources understanding an organization: step 4 - identifying/evaluating the perceived threates that could disrupt the organization's key products and services and the critical activities/assets/resources that support them preparing to manage risk: step 1 - utilize a proper steering committee. assign these people to participate in a cross-functional forum to provide oversight on business continuity and information security risk preparing to manage risk: step 2 - establish and document the right management structure according to authority preparing to manage risk: step 3 - determine and document a formal risk management methodology to ensure consistency and integrity of risk management throughout the organizationpreparing to manage risk: step 4 - initiate and formalize the risk management business process by providing appropriate formal risk management training to all individuals involved in risk identification, business impact assessment, and risk treatment principle of ERM: 1 - Risk management creates and protects values principle of ERM: 2 - Risk management is an integral part of all organizational processes principle of ERM: 3 - Risk management is part of decision making principle of ERM: 4 - Risk management should explicitly address uncertainty principle of ERM: 5 - Risk management is systematic, timely, and structured principle of ERM: 6 - Risk management is based on the best available information principle of ERM: 7 - Risk management is tailored principle of ERM: 8 - Risk management takes human and cultural factors into account principle of ERM: 9 - Risk management is transparent and inclusive principle of ERM: 10 - Risk management is dynamic, iterative, and responsive to change principle of ERM: 11 - Risk management facilitates continual improvement of the organization major step to ERM: 1 - establish the risk organization (Risk management architecture)major step to ERM: 2 - define what ERM is, and what it should accomplish (Risk strategy) major step to ERM: 3 - Define and document how risk assessment and risk management processes are executed (Risk protocols) establishing the risk organization step 1 - Mandate and commitment: mandate and commitment from the board is critically important and it needs to be continuous and high-profile. establishing the risk organization step 2 - Designing a framework program for managing risk role of management: 1 - define and endorse the risk management policy role of management: 2 - ensure that the organization's culture and risk management policy are aligned role of management: 3 - determine risk management performance indicators that align with performance indicators of the organization role of management: 4 - align risk management objectives with the objectives and strategies of the organization role of management: 5 - ensure legal and regulatory compliance role of management: 6 - assign accountabilities and reposnsibilities at appropriate levels with the organization role of management: 7 - ensure that the necessary resources are allocated to risk management role of management: 8 - communicate the benefits of risk management to all stakeholdersrole of management: 9 - ensure that the framework for managing risk continues to remain appropriate communication and consultation: step 1 - developing a communication plan communication and consultation: step 2 - defining the context appropriately communication and consultation: step 3 - ensuring that the interests of stakeholders are understood and considered communication and consultation: step 4 - bringing together different areas of expertise for identifying and analyzing risk communication and consultation: step 5 - ensuring that different views are appropriately considered in evaluating risks communication and consultation: step 6 - ensuring that risks are adequately identified communication and consultation: step 7 - securing endorsement and support for a treatment plan risk context - by establishing risk context the organization articulated its objectives, defines the external and internal parameters to be taken into account when managing risk, and sets the scope and risk criteria for the remaining process external risk context - the social, cultural, political, legal, regulatory, financial, technological, economic, natural/competitive environment (whether international, national, regional, or local) internal risk context - governace, organization structure, roles and accountabilities policies, objectives, and the strategies that are in place to achieve them capabilities, understood in terms of resources and knowledgeinformation systems, information flows, and decision making processes (both formal and informal) relationships with, and perceptions/values of, internal stakeholders the organization's culture standards, guidelines, and models adopted by the organization the form and extent of contractual relationships risk classification - Risk classification systems are based on the division of risks into those related to financial control, operational efficiency, reputation exposure, and commercial activities and are customized to each organization's specifications, needs, and abilities. high level risk management policy - formalizes management's requirements, goals, and objectives - once they are determine definitively risk management policy includes: 1 - the organizations' rational for managing risk risk management policy includes: 2 - links between the organization's objectives/policies and the risk management policy risk management policy includes: 3 - accountabilities and responsibilities for managing risk risk management policy includes: 4 - the way in which conflicting interests are dealt with risk management policy includes: 5 - commitment to make the necessary resources available to assist those accountable and responsible for managing risk risk management policy includes: 6 - the way in which risk management perfomance will be measured/reported risk management policy includes: 7 - commitment to review and improve the risk management policy/framework periodically and in response to an event or change in circumstanceswhen developing a risk management policy, the organization should consider: - risk assessment and treatment resources defining the risk principles, guidelines, and minimum standards for the organization refernecing any relevant standartds, regulations, or policies that must be included or can be used as a benchmark risk policy sections: 1 - risk management and internal control objectives (governance principles) risk policy sections: 2 - statement of the attitude of the organization to risk (risk strategy) risk policy sections: 3 - statement of scope risk policy sections: 4 - description of the risk aware culture or control environment risk policy sections: 5 - level and nature of risk that is acceptable (Risk tolerance and appetite)