Beruflich Dokumente
Kultur Dokumente
Page 1
Overview
Page 2
What to Expect on the Exam
Educational Objectives
Balanced Exam
Pretest Items
Page 3
Test-Taking Tips
Page 4
Assignment 1
Page 5
ERM Definition
RIMS
A strategic business discipline that supports the achievement
of an organizations objectives by addressing the full spectrum
of its risks and managing the combined impact of those risks
as an interrelated risk portfolio.
Page 6
Traditional Risk Management Department
Page 7
ERM Governance Model
Page 8
Classifications of Risk
Page 9
Risk Quadrants
Page 10
Risk quadrants differ from risk classifications. While risk
classifications focus on specific characteristics of the
risk itself, risk quadrants focus on
A: pure and subjective risks.
B: subjective and objective risks.
C: risk diversification.
D: sources of risk.
Page 11
Assignment 2
Page 12
Purpose and Types of Maturity Models
Page 13
Capability Maturity Model (CMM) and Capability
Maturity Model Integration
Has five levels:
Ad hoc
Initial
Defined
Managed
Optimizing
Page 14
Based on the Capability Maturity Model (CMM)
developed by Carnegie Mellon, an organization that has
basic risk management processes with no attempt at
enterprise-wide risk management is at which one of
the maturity levels?
A: Managed
B: Initial
C: Ad hoc
D: Defined
Recording of this session via any media type is strictly prohibited.
Page 15
RIMS Risk Maturity Model
Uses 5 maturity levels based on CMM applied
to 7 attributes:
Adoption of ERM-based approach
ERM process management
Risk appetite management
Root cause discipline
Uncovering risks
Performance management
Business resiliency and sustainability
Recording of this session via any media type is strictly prohibited.
Page 16
A risk maturity model that uses five maturity levels
based on the Capability Maturity Model, determining
the maturity level for each of seven attributes by
evaluating the degree to which key drivers are present,
is known as the
A: Capability Maturity Model
B: Standard and Poors (S&P) Risk Maturity Model
C: RIMS Risk Maturity Model
D: Aon Risk Maturity Index
Recording of this session via any media type is strictly prohibited.
Page 17
Organizational Functions Related to ERM
Page 18
Assignment 3
Page 19
Framework and Process
Page 20
ISO 31000 Framework and Process
Source: ISO
31000:2009
Page 21
COSO ERM
Page 22
Applying Risk Management Framework
Page 23
Assignment 4
Risk Oversight
Page 24
Recording of this session via any media type is strictly prohibited.
Page 25
The European Corporate Law Directive on Auditing has
produced a recommended framework that defines the
corporate governance roles. Under this framework,
which one of the following is responsible for converting
strategy into operational objectives?
A: Board of directors
B: Chief executive officer
C: Operational management
D: Senior management
Recording of this session via any media type is strictly prohibited.
Page 26
Recording of this session via any media type is strictly prohibited.
Page 27
Which statement describes one of the responsibilities
of an executive-level risk committee?
A: Assist the board in establishing risk appetite and
risk tolerance levels
B: Monitor the organizations compliance with
established risk limits
C: Approve the organizations risk management
strategies, including their design and implementation
D: Oversee exposures of the organizations critical
risks and advise the board on risk strategy
Recording of this session via any media type is strictly prohibited.
Page 28
Assignment 5
Page 29
Strategy Implementation
Page 30
SWOT Analysis Table
Page 31
Organizational Levels
Page 32
Which one of the following types of strategy
determines how individual departments within an
organization direct their activities?
A: Functional strategy
B: Business strategy
C: Corporate strategy
D: Operational strategy
Page 33
Assignment 6
Page 34
Key Performance Indicators
Page 35
Successful organizations have goals and objectives. A
financial or nonfinancial measurement that defines
how successfully an organization is progressing toward
its long-term goals is referred to as
A: an operating standard (OS).
B: a critical success factor (CSF).
C: a key performance indicator (KPI).
D: an objective gauge (OG).
Recording of this session via any media type is strictly prohibited.
Page 36
Purpose of Key Risk Indicators (KRIs)
Page 37
Which one of the following is an example of an external
key risk indicator (KRI) that a manufacturer might
monitor?
A: Number of employee injuries
B: Age of accounts payable
C: Amount of budget variances
D: Cost of raw materials
Page 38
Assignment 7
Page 39
Internal Control and Risk Management
Page 40
COSO Internal Control Framework
Page 41
Three Lines of Defense Model
Source: FERMA/ECIIA
Page 42
According to the Three Lines of Defense Model,
internal audits role in risk assessment techniques
is to
A: design them.
B: implement them.
C: provide assurance on their effectiveness.
D: perform a control risk self-assessment (CRSA).
Page 43
Evolution of Internal Audit
Page 44
Risk-Based Auditing
Page 45
The modern approach to internal auditing differs
from the traditional approach by focusing on
A: the effectiveness of internal controls.
B: the relative riskiness of various activities.
C: transaction approvals.
D: systems-based compliance.
Page 46
Assignment 8
Page 47
Regulation
Rules-Based Principles-Based
More certainty and More flexible and focuses
predictability on outcomes
Less responsive to change Responds more quickly in a
Inflexible changing environment
Often circumvented Requires more
communication between
the regulator and the
regulated
Page 48
NAIC ORSA
Risk Prospective
Assessment of
Management Solvency
Risk Exposure
Framework Assessment
Principles-based (guidelines)
Applies ERM to insurance companies
Page 49
The NAIC Own Risk and Solvency Assessment
(ORSA) model law represents a change from past
NAIC directives because it is
A: specific in terms of reporting.
B: retrospective.
C: voluntary.
D: principles-based.
Page 50
Assignment 9
Page 51
Risk Identification Tools
Facilitated workshops
Delphi technique
Scenario analysis
HAZOP
SWOT
Page 52
Which one of the following team approaches to
risk identification involves a select group of experts
in question-and-response cycles until a consensus
is achieved?
A: HAZOP
B: Scenario analysis
C: Delphi technique
D: SWOT
Page 53
Risk Treatment Techniques
Page 54
Assignment 10
Risk Modeling
Page 55
Influence Diagrams and Probabilities
GEV Industries hires inexperienced and experienced
workers to operate simple and complex machines.
Accident rates vary by worker experience and
complexity of machine.
Page 56
Influence Diagram
Worker ? Machine
Experience Complexity
Accident
Rate
Cost of
Risk
Page 57
Machine and Worker Data
Simple Complex Inexperienced Experienced
machines machines workers workers
40 160 60 140
Page 58
Random Worker Assignments Probabilities
Inexp. worker (30%) Exp. Worker (70%)
Simple machine (20%) 6% 14%
Complex machine (80%) 24% 56%
Accident Probability
Inexp. worker Exp. worker
Simple machine .3% 0.0%
Complex machine 9.6% 5.6%
Page 59
Worker Assignments by Experience
Inexp. worker (30%) Exp. Worker (70%)
Simple machine (20%) 20% 0%
Complex machine (80%) 10% 70%
Accident Probability
Inexp. worker Exp. worker
Simple machine 1% 0%
Complex machine 4% 7%
Page 60
Twenty percent of PDQ Transports trucks have advanced
safety equipment and 80% do not. Thirty of PDQs drivers are
inexperienced and 90 are experienced. Assuming drivers are
assigned randomly to trucks, what is the probability that an
inexperienced driver is assigned to a truck without advanced
safety equipment?
A: 18%
B: 20%
C: 24%
D: 60%
Page 61
Correlation
Page 62
Two variables are perfectly positively correlated.
If one of the variables increases, the other will
A: increase in direct proportion.
B: decrease in direct proportion.
C: increase at half the rate.
D: decrease at half the rate.
Page 63
Value at Risk (VaR)
Page 64
A $500,000, 2 percent VaR means losses are
expected to be
A: $10,000.
B: less than $500,000 2 percent of the time.
C: $490,000.
D: greater than $500,000 2 percent of the time.
Page 65
Assignment 11
Page 66
Cost of Equity
KE = rf + (rm rf )
Where:
= Beta of security
rm = Expected return on the market
rf = Risk-free rate
Page 67
Cost of Debt Equation
Page 68
Polytech Company
69
Page 69
Polytech Company
70
Page 70
Polytech Company Cost of Debt
71
Page 71
Polytech Company Cost of Equity
72
Page 72
Polytech Company Weighted Average Cost of Capital
73
Page 73
Market Value Surplus (MVS)
Page 74
Economic Capital
Page 75
Market Value Surplus Example
Autumn Assurance Group has assets at fair value of $100
million. The present value of Autumns liabilities is $85
million. The market value margin is $5 million. Using
probability models, Autumn determines that its VaR is $8
million because it expects to incur an $8 million or greater
loss of capital at a .5 percent probability over a one-year
period.
1. What is Autumns MVS?
2. What is Autumns economic capital?
3. Does Autumn have excess capital or a deficiency in
capital?
Recording of this session via any media type is strictly prohibited.
Page 76
Questions?
Page 77
Evolution of Risk Management
Page 78
ERM Value Proposition
Page 79
Solvency I and II (Insurance Cos)
Solvency I Solvency II
Early 1970s 3 pillars
Focused on capital 1 Risk-based capital
adequacy 2 Risk management and
governance
3 Transparent reporting
Includes an own risk and
solvency assessment (ORSA)
Page 80
Basel II and III (Banks)
Basel II Basel III
Issued in 2004 Response to the Great
Minimum capital Recession
requirements using weights Operational risk added
for different types of credit Risk management
risk framework
Board of directors role
(approve framework, risk
appetite, governance)
Page 81
ERM Process Model
Page 82
Risk Identification Tools Risk Register
Public University
Event Risk Scenario Likelihood Impact Risk Level Risk Treatment Proposed Next Review
ID (present) improvement Date
action
Loss of personal 3 1 None None Remove from
1 computer list
Page 83
Risk IdenficationTools - Risk Map
Public University
2 Damage to reputation
2
Page 84
Inherent and Residual Risk
Inherent
Treat
Residual
Treat
Optimum
Page 85
A risk map showing a large difference between
inherent and residual risk indicates that the
A: current risk treatment is ineffective.
B: risk does not need to be treated.
C: current risk treatment is effective.
D: risk exceeds the organizations risk tolerance.
Page 86
Decision Tree
Page 87
ERM Tools - Modern Portfolio Theory
Expected Value of the Return
X X
Risk Appetite
X
Page 88
The efficient frontier consists of portfolios that
A: are riskless.
B: provide the average market return.
C: provide the highest return at different risk
levels.
D: return the risk-free rate of return.
Page 89
Earnings at Risk
Page 90
Earnings at risk of $200,000 with 90 percent
confidence are projected to be
A: $180,000.
B: less than $200,000 10 percent of the time.
C: $200,000 90 percent of the time.
D: greater than $200,000 10 percent of the
time.
Page 91
Assignment 12
Page 92
Risk Centers and Owners
Page 93
Advantages of Risk Centers
Page 94
Risk Attitude
Risk
Risk Avoiding Risk Seeking
Optimizing
Page 95