Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
13 Cards in this Set
- Front
- Back
Descriptions of risk
|
Appetite - risk co wishes to take
Capacity - max risk exposure acceptable without threatening stability Tolerance - amount co able to suffer but survive - numerical terms usually |
|
Business risks
|
CLERFS
Competition (rival action) Liquidity (to settle liabilities) Environment (business - PEST) Reputational (customer loyalty) eg Toyota Financial (condition, rates) eg Nestlé 1/2 milk on fixed contract Strategic (decisions re exposure) eg Citigroup CDOs |
|
Risk management system (poss carried out by internal audit)
|
Identification
Evaluation (probability, size) Management measures (avoid, insure, training, limit exposure) Control + review |
|
Turnbull categories of risk
|
Financial (error/fraud in accounting system, misreporting - SPAMSOAP)
Operational (failed internal processes/systems, external events) Compliance (non-compliance with regs) |
|
Internal control systems - financial areas
|
SPAMSOAP
Segregation of duties Physical control over assets Authorisation (approval) Management controls (monitoring) Supervision Organisation (lines of reporting) Arithmetical/accounting controls Personnel |
|
COSO Framework (Committee of Sponsoring Organisations - Treadway)
|
System to give reasonable assurance in FOC areas (s404 SOX)
CIIIM Control environment (culture) Identification/assessment Internal controls Information/communication Monitoring (audit + review) |
|
Turnbull guidance
|
Board set policies (consider extent, type, likelihood, impact, cost)
Mngt implements it + communicates to co so that it is embedded in bus (part of culture) Mngt monitors and gives feedback to board through reports, auditors, tests - reasonable assurance of effectiveness Board does annual review (clearness, env, monitoring) Shareholders informed - report req'd (system in place, reg reviewed, ack resp) |
|
Turnbull - requirements for effective ICS
|
CREME
Controls themselves effective Reassessment continual as sig risks change/develop Effective communication of risks/controls Monitoring must be done effectively Environment of control suitable |
|
Turnbull - policies and proecdures should do what
|
FEC
Facilitate effective/efficient operations Ensure quality of external reporting Compliance with laws/regs must be ensured |
|
Internal audit function investigations
|
RISC
Risk assessment ICS robustness Special investigations Circumventing possible |
|
Audit committee responsibilities
|
Financial statements integrity
ICS and RMS (unless separate committee) Internal audit function External auditor (app, rem, terms) Independence of external auditor Non-audit services by auditor WB |
|
Audit committee areas of review
|
FISC
Frequency if reporting by management Incidence of any sig failings/control weaknesses Scope/quality of monitoring Changes in sig risks |
|
Whistleblowing procedures
(BSI WB Arrangements Code of Practice - need confidence of employees) |
VERIDIC
Victimisation protected against but disciplinary action if false Examples of misconduct applicable Reporting procedure clear, to who and external option Investigation and procedure made clear Documented and say take it seriously/committed, be clear Informed of outcome Confidential |