Enterprise Risk Management (ERM) EXAM(Graded A+ actual test)

What is risk? - Answer-Risk is the possibility that events will occur AND affect the achievement of strategy and business objectives What is the underlying premise of ERM? - Answer-Every entity exists to provide value for stakeholders AND they face RISK in pursuit of value. Value CPER - Answer-Creation Preservation Erosion Realization - stakeholders receive What is Enterprise Risk Management? - Answer-the culture, capabilities, and practices, integrated with strategy-setting and performance, that organizations rely on to MANAGE RISK in creating, preserving, and realizing value. Risk Appetite - Answer-Types and amounts of risk an org is willing to assume in pursuit of value Risk Inventory - Answer-ALL RISK that could impact the entity Risk Capacity - Answer-MAXIMUM amount of risk entity is able to absorb in pursuit Risk Profile - Answer-Composite view of risk assumed at particular level Risk Portfolio / Portfolio View - Answer-Composite view of risk the entity faces What is the acronym for ERM? - Answer-GOPRO What is the G in GOPRO? - Answer-Governance and culture - forms base for all other componentsWhat is the first O in GOPRO? - Answer-strategy and Objective setting What is the P in GOPRO? - Answer-Performance - identification and assessment of risks; selects risk and monitors performance What is the R in GOPRO? - Answer-Review and Revision - reviews entity performance relative to targets, considers how well ERM practices have increased value What is the second O in GOPRO? - Answer-Information, Communication, and Reporting (Ongoing) - obtaining information and sharing it throughout the entity How many principles are in ERM? - Answer-20 What is the acronym for Governance and Culture? - Answer-DOVES What is the acronym for Strategy and Objective setting? - Answer-SOAR What is the acronym for Performance? - Answer-VAPIR What is the acronym for Review and Revision? - Answer-SIR What is the acronym for Information, communication, and Reporting (ongoing?) - Answer-TIP D in DOVES - Answer-Defines Desired culture (culture influences risk - averse, neutral) O in DOVES - Answer-exercises board Oversight (oversight for entity's strategy) V in DOVES - Answer-demonstrates commitment to core Values (tone at the top, code of conduct)E in DOVES - Answer-attracts, develops, and retains capable individuals / Employees (selection of exec, competence, retention) S in DOVES - Answer-establishes operating Structure (how entity organizes and carries out day-to-day operations) S in SOAR - Answer-evaluates alternative Strategies (effect on risk profile, possible does not align with vision, implications) O in SOAR - Answer-formulates business Objectives (steps to take to achieve strategy; specific and measurable) A in SOAR - Answer-Analyzes business context (consider internal and external environments effect on risk profile) R in SOAR - Answer-defines Risk appetite (qualitative or quantitative terms) V in VAPIR - AnswerA in VAPIR - Answer-Assesses severity of risk (after identification; assess at multiple levels; severity and impact) P in VAPIR - Answer-Prioritizes risk (higher priority given to risk close to risk appetite) I in VAPIR - Answer-Identified risks (that affect their performance in achieving objectives) R in VAPIR - Answer-implements risk Responses (accept - no change; avoid - remove risk; pursue - seeks out; reduce - mitigation techniques; share - with third party like insurance) S in SIR - Answer-assess Substantial change (internal and external environment changes that may impact objectives)I in SIR - Answer-pursues Improvement in ERM (revisit and improve efficiency in all areas) R in SIR - Answer-Reviews risk and performance (were assumptions incorrect, practices poorly implemented, etc) T in TIP - Answer-leverages information and Technology (for relevant information that supports decision making) I in TIP - Answer-communicates risk Information (to internal and external stakeholders) P in TIP - Answer-reports on risk, culture, and Performance (at multiple levels and across the entity to wide range of users; portfolio view or profile view of risk reports)