1 / 95

ERM 57 Review

ERM 57 Review. Mike Elliott, CPCU, AIAF, MBA Rich Berthelsen, JD, CPCU, AIC, ARM, AU, ARe , MBA RIMS – April 2014. Exam Basics – What to Expect Test-Taking Tips Review of Sections Students Find the Most Challenging. Overview. What to Expect on the Exam. Educational Objectives

Download Presentation

ERM 57 Review

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. ERM 57 Review Mike Elliott, CPCU, AIAF, MBA Rich Berthelsen, JD, CPCU, AIC, ARM, AU, ARe, MBA RIMS – April 2014

  2. Exam Basics – What to Expect Test-Taking Tips Review of Sections Students Find the Most Challenging Overview

  3. What to Expect on the Exam • Educational Objectives • Balanced Exam • Pretest Items

  4. Test-Taking Tips • Get the easy ones • Don’t get bogged down early • Use the “mark for later review” feature • Eliminate the obviously wrong answers • Use your scratch paper to keep track

  5. Assignment 1 • Introduction to Enterprise Risk Management

  6. ERM Definition • RIMSA strategic business discipline that supports the achievement of an organization’s objectives by addressing the full spectrum of its risks and managing the combined impact of those risks as an interrelated risk portfolio.

  7. Traditional Risk Management Department

  8. ERM Governance Model

  9. Classifications of Risk

  10. Risk Quadrants

  11. Risk quadrants differ from risk classifications. While risk classifications focus on specific characteristics of the risk itself, risk quadrants focus on • A: pure and subjective risks. • B: subjective and objective risks. • C: risk diversification. • D: sources of risk.

  12. Assignment 2 • Enterprise Risk Management • in an Organization

  13. Purpose and Types of Maturity Models • The purpose of a maturity model is to evaluate or improve a business process. • Two types of particular interest are: • Capability Maturity Model • RIMS Risk Maturity Model

  14. Capability Maturity Model (CMM) and Capability Maturity Model Integration • Has five levels: • Ad hoc • Initial • Defined • Managed • Optimizing

  15. Based on the Capability Maturity Model (CMM) developed by Carnegie Mellon, an organization that has basic risk management processes with no attempt at enterprise-wide risk management is at which one of the maturity levels? • A: Managed • B: Initial • C: Ad hoc • D: Defined

  16. RIMS Risk Maturity Model • Uses 5 maturity levels based on CMM applied to 7 attributes: • Adoption of ERM-based approach • ERM process management • Risk appetite management • Root cause discipline • Uncovering risks • Performance management • Business resiliency and sustainability

  17. A risk maturity model that uses five maturity levels based on the Capability Maturity Model, determining the maturity level for each of seven attributes by evaluating the degree to which key drivers are present, is known as the • A: Capability Maturity Model • B: Standard and Poor’s (S&P) Risk Maturity Model • C: RIMS Risk Maturity Model • D: Aon Risk Maturity Index

  18. Organizational Functions Related to ERM

  19. Assignment 3 • Enterprise Risk Management Framework and Process

  20. Framework and Process

  21. ISO 31000 Framework and Process Source: ISO 31000:2009

  22. COSO ERM Source: COSO – Enterprise Risk Management – Integrated Framework

  23. Applying Risk Management Framework • The main purpose of the framework is to integrate risk management throughout the organization. The framework has 4 components • Lead and establish creditability • Align and integrate • Allocate resources • Communicate and report

  24. Assignment 4 • Risk Oversight

  25. The European Corporate Law Directive on Auditing has produced a recommended framework that defines the corporate governance roles. Under this framework, which one of the following is responsible for converting strategy into operational objectives? • A: Board of directors • B: Chief executive officer • C: Operational management • D: Senior management

  26. Which statement describes one of the responsibilities of an executive-level risk committee? • A: Assist the board in establishing risk appetite and risk tolerance levels • B: Monitor the organization’s compliance with established risk limits • C: Approve the organization’s risk management strategies, including their design and implementation • D: Oversee exposures of the organization’s critical risks and advise the board on risk strategy

  27. Assignment 5 • Strategic Planning and Enterprise • Risk Management

  28. Strategy Implementation • Some organizations apply a balanced scorecard approach to implement strategy and to provide a foundation for strategy evaluation. The balanced scorecard approach translates an organization’s strategy into specific goals and actions assigned to each department within the organization.

  29. SWOT Analysis Table

  30. Organizational Levels

  31. Which one of the following types of strategy determines how individual departments within an organization direct their activities? • A: Functional strategy • B: Business strategy • C: Corporate strategy • D: Operational strategy

  32. Assignment 6 • Risk-Based Performance and Process Management

  33. Key Performance Indicators • A key performance indicator (KPI) measures progress toward an organization’s goals, provides an attainable standard for a specific activity, and gives the focus or direction the activity is to take.

  34. Successful organizations have goals and objectives. A financial or nonfinancial measurement that defines how successfully an organization is progressing toward its long-term goals is referred to as • A: an operating standard (OS). • B: a critical success factor (CSF). • C: a key performance indicator (KPI). • D: an objective gauge (OG).

  35. Purpose of Key Risk Indicators (KRIs) • Effective KRIs provide objective, quantifiable information about emerging risks and trends in existing risks that can affect an organization’s success. A KRI can reveal an upward trend in the level of a risk that, if it continues, will exceed the designated risk threshold for that risk.

  36. Which one of the following is an example of an external key risk indicator (KRI) that a manufacturer might monitor? • A: Number of employee injuries • B: Age of accounts payable • C: Amount of budget variances • D: Cost of raw materials

  37. Assignment 7 • Internal Audit and Control

  38. Internal Control and Risk Management • Internal control – a system or process that an organization uses to achieve its operational goals, internal and external financial reporting goals, or legal and regulatory compliance goals.

  39. COSO Internal Control Framework Source: COSO Internal Control – Integrated Framework

  40. Three Lines of Defense Model Source: FERMA/ECIIA

  41. According to the Three Lines of Defense Model, internal audit’s role in risk assessment techniques is to • A: design them. • B: implement them. • C: provide assurance on their effectiveness. • D: perform a control risk self-assessment (CRSA).

  42. Evolution of Internal Audit Transaction Approvals Assurance of Internal Controls Risk-based Approach

  43. Risk-Based Auditing • Aligns audit resources with the areas that pose the greatest organizational risk.

  44. The modern approach to internal auditing differs from the traditional approach by focusing on • A: the effectiveness of internal controls. • B: the relative riskiness of various activities. • C: transaction approvals. • D: systems-based compliance.

  45. Assignment 8 • Regulation and Compliance

  46. Regulation Rules-Based Principles-Based More flexible and focuses on outcomes Responds more quickly in a changing environment Requires more communication between the regulator and the regulated • More certainty and predictability • Less responsive to change • Inflexible • Often circumvented

  47. NAIC ORSA • Principles-based (guidelines) • Applies ERM to insurance companies

  48. The NAIC Own Risk and Solvency Assessment (ORSA) model law represents a change from past NAIC directives because it is • A: specific in terms of reporting. • B: retrospective. • C: voluntary. • D: principles-based.

More Related