RSK2601 – Suggested Solutions – Oct/Nov 2018 Examination
Question Answer Explanation
1 3
2 2 The framework is composed of five steps: Mandate and commitment, Design and
framework, Implement framework, Monitor framework, Improve framework
3 3
4 1 According to ISO 31000, as discussed in Topic 1 (par. 1.10.6), ERM is one that
systematically applies management policies, procedures, and practices to a set of activities
intended to establish the context, communicate and consult with stakeholders, and identify,
analyse, evaluate, treat, monitor, and review risk.
5 2 Information security is the protection of information from a wide range of threats in
order to ensure business continuity, minimise business risk, and maximise return on
investments and business opportunities.
6 3
7 2
8 4
9 4 The business objectives will be the criteria against which the business strategy’s success
will be measured.
10 2
11 2
12 2 Certain process mechanisms are used in the first stage to obtain information on the
business. They are financial analysis tools, risk management process diagnostic, SWOT
analysis and PEST analysis.
13 1
14 1 The resolution strategy is a technique used by business to respond to a particular
recurring risk.
15 2 Pareto analysis is used to identify those risks that will have a dramatic impact on
business projects/activities and objectives.
16 4 Latin hypercube sampling : This sampling method is used to re-create the probability
distributions specified by distribution functions accurately and is a more modern
technology method than the Monte Carlo simulation method.
17 3 The definition for risk appetite is the amount of risk a business is prepared to tolerate (be
exposed to) at any point in time.
18 1
19 3 The process inputs in the risk treatment process will be the risk register, industry betas and
a description of the business risk appetite, and details of existing insurance policies. The
process outputs will be the risk response (i.e. remove, reduce or transfer) actions. (Pg 40
SG)
20 2 There are distinct advantages in not selecting a facilitator from the a business function (or
the business as a whole) as it avoids problems of bias, lack of independence, hidden
agendas and distortion of focus to permit pursuit or departmental goals.
21 3 KPI’s refer to high level snapshots of the health and performance of a business
based on specific predefined measures for example statistical information on the
business. (Pg 45 SG) (SU4 Pg 29 Edge Notes)
22 4 Causal analysis: The causes of any risk must be identified. It is important for the
business to learn from past events to implement risk management measures for future
events.
23 3 The internal view examines the transformation process , where inputs are transformed to
outputs through the application of the process mechanism.
24 2
, RSK2601 – Suggested Solutions – Oct/Nov 2018 Examination
25 4
26 1 They also known as activity ratios
27 3
28 2
29 1
30 3
31 2 People risk may therefore be defined as a combination of the detrimental impact of
employee behaviour and employer behaviour.
32 2
33 3 IT is the collection, storage, processing, and communication of information by electronic
means
34 2 Risk evaluation typically looks at the combined net effect of the identified risks and
opportunities
35 4
36 2 Insider Trading is acting on material, non-public information
37 4 Market risk can be defined as “the exposure to a potential loss arising from diminishing
sales or margins due to changes in market conditions, outside of the control of the
business”.
38 1 Copyright: The issues covered under copyright include ownership, duration and
infringement.
39 3
40 3 Currency risk is the risk that the expected cash flow from overseas investments are
adversely
affected by fluctuations in exchange rates.
SECTION B
Question 1 ( 14 Marks)
ERM Structure
ERM is composed of seven elements namely: corporate governance, internal control, implementation, risk
management framework, risk management policy, risk management process and sources of risk.
1. Corporate governance (board oversight) - Corporate governance is the framework of rules and practices by
which a board of directors ensures accountability, fairness and transparency in a company's relationship with
all its stakeholders (financiers, customers, management, employees, government and the community). The
corporate governance framework consists of:
Explicit and implicit contracts between the company and the stakeholders for distribution of
responsibilities, rights, and rewards;
Procedures for reconciling the sometimes conflicting interests of stakeholders in accordance with their
duties, privileges, and roles, and
Procedures for proper supervision, control and information flows to serve as a system of checks and
balances.
2. Internal control (sound system of internal control) - The report of the Committee of Sponsoring
Organizations of the Treadway Commission (COSO), Internal Control – Integrated Framework (1992),
defines internal control as “a process, effected by an entity’s board of directors, management and other
Question Answer Explanation
1 3
2 2 The framework is composed of five steps: Mandate and commitment, Design and
framework, Implement framework, Monitor framework, Improve framework
3 3
4 1 According to ISO 31000, as discussed in Topic 1 (par. 1.10.6), ERM is one that
systematically applies management policies, procedures, and practices to a set of activities
intended to establish the context, communicate and consult with stakeholders, and identify,
analyse, evaluate, treat, monitor, and review risk.
5 2 Information security is the protection of information from a wide range of threats in
order to ensure business continuity, minimise business risk, and maximise return on
investments and business opportunities.
6 3
7 2
8 4
9 4 The business objectives will be the criteria against which the business strategy’s success
will be measured.
10 2
11 2
12 2 Certain process mechanisms are used in the first stage to obtain information on the
business. They are financial analysis tools, risk management process diagnostic, SWOT
analysis and PEST analysis.
13 1
14 1 The resolution strategy is a technique used by business to respond to a particular
recurring risk.
15 2 Pareto analysis is used to identify those risks that will have a dramatic impact on
business projects/activities and objectives.
16 4 Latin hypercube sampling : This sampling method is used to re-create the probability
distributions specified by distribution functions accurately and is a more modern
technology method than the Monte Carlo simulation method.
17 3 The definition for risk appetite is the amount of risk a business is prepared to tolerate (be
exposed to) at any point in time.
18 1
19 3 The process inputs in the risk treatment process will be the risk register, industry betas and
a description of the business risk appetite, and details of existing insurance policies. The
process outputs will be the risk response (i.e. remove, reduce or transfer) actions. (Pg 40
SG)
20 2 There are distinct advantages in not selecting a facilitator from the a business function (or
the business as a whole) as it avoids problems of bias, lack of independence, hidden
agendas and distortion of focus to permit pursuit or departmental goals.
21 3 KPI’s refer to high level snapshots of the health and performance of a business
based on specific predefined measures for example statistical information on the
business. (Pg 45 SG) (SU4 Pg 29 Edge Notes)
22 4 Causal analysis: The causes of any risk must be identified. It is important for the
business to learn from past events to implement risk management measures for future
events.
23 3 The internal view examines the transformation process , where inputs are transformed to
outputs through the application of the process mechanism.
24 2
, RSK2601 – Suggested Solutions – Oct/Nov 2018 Examination
25 4
26 1 They also known as activity ratios
27 3
28 2
29 1
30 3
31 2 People risk may therefore be defined as a combination of the detrimental impact of
employee behaviour and employer behaviour.
32 2
33 3 IT is the collection, storage, processing, and communication of information by electronic
means
34 2 Risk evaluation typically looks at the combined net effect of the identified risks and
opportunities
35 4
36 2 Insider Trading is acting on material, non-public information
37 4 Market risk can be defined as “the exposure to a potential loss arising from diminishing
sales or margins due to changes in market conditions, outside of the control of the
business”.
38 1 Copyright: The issues covered under copyright include ownership, duration and
infringement.
39 3
40 3 Currency risk is the risk that the expected cash flow from overseas investments are
adversely
affected by fluctuations in exchange rates.
SECTION B
Question 1 ( 14 Marks)
ERM Structure
ERM is composed of seven elements namely: corporate governance, internal control, implementation, risk
management framework, risk management policy, risk management process and sources of risk.
1. Corporate governance (board oversight) - Corporate governance is the framework of rules and practices by
which a board of directors ensures accountability, fairness and transparency in a company's relationship with
all its stakeholders (financiers, customers, management, employees, government and the community). The
corporate governance framework consists of:
Explicit and implicit contracts between the company and the stakeholders for distribution of
responsibilities, rights, and rewards;
Procedures for reconciling the sometimes conflicting interests of stakeholders in accordance with their
duties, privileges, and roles, and
Procedures for proper supervision, control and information flows to serve as a system of checks and
balances.
2. Internal control (sound system of internal control) - The report of the Committee of Sponsoring
Organizations of the Treadway Commission (COSO), Internal Control – Integrated Framework (1992),
defines internal control as “a process, effected by an entity’s board of directors, management and other
