Term
Enterprise Risk Management
(ERM) |
|
Definition
| A process, effected by an entity's board of directors, management, and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives. |
|
|
Term
|
Definition
| The possiblity that an event will occur and adversely affect the achievement of objectives. |
|
|
Term
|
Definition
| Consists of: (1) Identifying potential events that may affect the entity, and (2) Managing the associated risk to be within the entity's risk appetite. |
|
|
Term
|
Definition
Senior Management
Board of Directors
Risk Committee & Chief Risk Officer
Internal Auditors |
|
|
Term
|
Definition
| Allows management to optimize stakeholder value by coping effectively with uncertainty and the risks and opportunities it presents; helps management to: (1) reach objectives, (2) prevent loss of reputation and resources, (3) report effectively, and (4) compy with laws and regulations. |
|
|
Term
|
Definition
1. Consideration of risk appetite and strategy
2. Risk response decisions
3. Reduction of operational surprises and losses via enhanced contingency planning.
4. Encompasses Multiple/Cross Enterprise Risks
5. Quick response to opportunities
6. Better deployment of capital |
|
|
Term
|
Definition
| The degree of willingness of senior management to accept risk. Should be assessed when, (1) evaluating strategic options, (2) setting objectives, (3) developing risk management techniques |
|
|
Term
|
Definition
Risks (negative)
Opportunities (positive) |
|
|
Term
|
Definition
Mnemonic: CRIM RISE
- Control Activities
- Risk Assessment
- Information & Communication
- Monitoring
- Risk response consistency w/ tolerance & appetite
- Identification of events
- Set objectives before considering events
- Environment (internal) sets the tone of the entity
|
|
|
Term
|
Definition
- Faulty human judgment
- Cost-benefit considerations
- Simple errors or mistakes
- Collusion
- Management overrides
|
|
|
Term
|
Definition
Mnemonic: I Ate Pie For Money
- Identify risks
- Assess risks
- Prioritize risks
- Formulate risk responses
- Monitor risk responses
|
|
|
Term
|
Definition
| Requires CEO & CFO certification of fair representation in quarterly & annual reports to the SEC. |
|
|
Term
| Risk Response Strategies (5) |
|
Definition
- Risk Avoidance (cease activity)
- Risk Retention (self insurance)
- Risk Reduction (antivirus software)
- Risk Sharing (hedging, joint venture)
- Risk Exploitation (for high return)
|
|
|
Term
| Two Most Significant Requirements of SOX Section 404 |
|
Definition
- Management must establish and document a system of internal control.
- Management must include in the annual report a report on the adequacy & functioning of the system of internal control over financial reporting.
|
|
|
Term
| Management's report on internal control must include what five statements? |
|
Definition
- Acknowledgement that the system of internal control is management's responsibility.
- Management's assessment of the effectiveness of internal control
- Identification of the framework used to assess the effectiveness
- Disclosure of material weaknesses and statement of changes in controls after assessment
- Statement that an external auditor has issued an attestation report on management's assessment.
|
|
|
Term
| Inherent Limitations of Internal Control |
|
Definition
- Human error
- Employee misunderstanding, carelessness, fatigue
- Collusion
- Management override
- Cost in excess of benefit
|
|
|
Term
| 7 Areas of COSO Framework's Control Environment |
|
Definition
Mnemonic: HIS CPA Responsibilty
- HR policies
- Integrity and ethics
- Structure of the organization
- Competence
- Philosphy and operating style
- Audit committee/board of directors
- Responsibility and authority
|
|
|
Term
| 5 Components of Internal Control |
|
Definition
Mnemonic: CRIME
- Control Activities
- Risk Assessment
- Information and communication
- Monitoring
- Control Environment
|
|
|
Term
| 3 Objectives of Internal Control |
|
Definition
Mnemonic: Everything Really Counts
- Effective/efficient operations
- Reliability of FAR
- Compliance w/ laws & regulations
|
|
|
