The objective-setting component of COSO ERM outlines some necessary preconditions that must be established before management can establish an effective ERM environment.
Ans: False
Explanation: Enterprise risk management would be the starting point for assessing completeness and maturity of what the Organisation has previously built as a risk management.
COSO Enterprise Risk Management 19 March 2019 Implementing ERM with New COSO ERM 2017 Framework The PwC’s GAP analysis on the existing enterprise risk management would be the starting point for assessing completeness and maturity of what the Organisation has previously built as a risk management.
The whole concept behind ERM is to develop precise, actuarial-level calculations regarding risks that organizations face:
Ans: TRUE
Enterprise risk management (ERM) in business includes the methods and processes used by organizations to manage risks and seize opportunities related to the achievement of their objectives. ERM provides a framework for risk management, which typically involves identifying particular events or circumstances relevant to the organization's objectives (risks and opportunities), assessing them in terms of likelihood and magnitude of impact, determining a response strategy, and monitoring process. By identifying and proactively addressing risks and opportunities, business enterprises protect and create value for their stakeholders, including owners, employees, customers, regulators, and society overall.
ERM can also be described as a risk-based approach to managing an enterprise, integrating concepts of internal control, the Sarbanes–Oxley Act, data protection and strategic planning. ERM is evolving to address the needs of various stakeholders, who want to understand the broad spectrum of risks facing complex organizations to ensure they are appropriately managed. Regulators and debt rating agencies have increased their scrutiny on the risk management processes of companies.
According to Thomas Stanton of Johns Hopkins University, the point of enterprise risk management is not to create more bureaucracy, but to facilitate discussion on what the really big risks are.
COSO ERM defines what it calls control activities as the policies and procedures necessary to ensure that identified risk responses are carried out:
Ans: FALSE
The Framework defines essential enterprise risk management components, discusses key ERM principles and concepts, suggests a common ERM language, and provides clear direction and guidance for enterprise risk management. Engaged by COSO to lead the study, PricewaterhouseCoopers was assisted by an advisory council composed of representatives from the five COSO organizations.
This is relevant to COSO control activities.
Control Activities: Control activities are the actions established through policies and procedures that help ensure that management’s directives to mitigate risks to the achievement of objectives are carried out.
Project Risk Management is the art and science of identifying, assessing, and responding to project risk throughout the life of a project and in the best interests of its objectives.
Ans: TRUE
Project risk management is the process of identifying, analyzing and then responding to any risk that arises over the life cycle of a project to help the project remain on track and meet its goal.
The Sarbanes-Oxley Act (SOX) requires disclosure of major investments, such as large projects, that may affect operating performance.
Ans: FALSE
The Sarbanes–Oxley Act of 2002 enacted July 30, 2002), also known as the "Public Company Accounting Reform and Investor Protection Act" (in the Senate) and "Corporate and Auditing Accountability, Responsibility, and Transparency Act" (in the House) and more commonly called Sarbanes–Oxley or SOX, is a United States federal law that set new or expanded requirements for all U.S. public company boards, management and public accounting firms. A number of provisions of the Act also apply to privately held companies, such as the willful destruction of evidence to impede a federal investigation.
Risk avoidance is the concept of giving another party responsibility – some or full – for the liability of the risk.
Ans: FALSE
Risk avoidance:
An informed decision not to become involved in a risk situation.
Example 1: The club will no longer provide a training area for weight-training as it is deemed too great a risk.
Example 2: The club will not bid for the state championship because we have insufficient volunteers.
The objective-setting component of COSO ERM outlines some necessary preconditions that must be established before management...