Professional Documents
Culture Documents
Risk Response
Risk Response
Risk Response
Risk Response
a) Risk Avoidance - ends the activity
Ex. Risk of having a pipeline sabotaged can be
avoided by selling the pipeline
b) Risk Retention - accepts the risk
Ex. self-insurance; sinking funds
Risk Management Framework
c.) Risk Reduction
ISO 31000:2018 Risk Management – Guidelines
lowers the level of risk
- Published by the International Organization for
Ex. Risk of system penetration can be reduced by
Standardization (ISO)
maintaining a robust information security function
- Provides principles and guidelines for effective risk
within the entity
management.
d.) Risk Sharing
- Provides foundations for discussing risk management
transfer some loss potential
and undertaking a critical review of an organization’s
Ex. Risk of car crash can be accepted through
risk management process
insurance
e.) Risk Exploitation
pursue a high return on investment
Ex. Risk of winning or losing a lottery
4. Risk Monitoring
- Tracks identified risks
- Evaluates current risk response
- Monitors residual risks
- Identifies new risks
Practice Question
Which of the following is the correct order of steps in the
risk management process?
1. Identify risks
2. Monitor risk responses
1. Risk Identification 3. Formulate risk responses
- Performed for the entire entity 4. Assess and prioritize risks
- Audit/ Risk Universe 5. Identify context
- Brainstorming, SWOT, scenario analysis A. 5, 1, 4, 3, 2.
B. 1, 4, 3, 2, 5.
2. Risk Assessment and Prioritization C. 1, 3, 5, 4, 2.
- Probabilities and potential effects of the risk events D. 1, 5, 4, 3, 2.
identified are used to prioritize risks A chief audit executive is reviewing the following
Involves enterprise-wide risk map:
- Estimate significance/impact
- Assess likelihood
- Consider means to manage
Risk Modeling
- Qualitative methods – listing, ranking and mapping
- Quantitative methods – probabilistic models, weighted
Four basic purposes of internal control
Which of the following is the correct prioritization of risks, (1) Safeguard assets.
considering limited resources in the internal audit (2) Promote operating efficiency.
activity? (3) Ensure financial statement reliability.
A. Risk B, Risk C, Risk A, Risk D. (4) Encourage compliance with management directives.
B. Risk C, Risk A, Risk D, Risk B.
C. Risk C, Risk A, Risk B, Risk D. CoCo Internal Control Framework
D. Risk A, Risk B, Risk C, Risk D. - Guidance on Control (commonly referred to as CoCo
based on its original title Criteria of Control)
Which risk response reflects a change from acceptance - Published by the Canadian Institute of Chartered
to sharing? Accountants (CICA)
A. An insurance policy on a manufacturing plant was not
renewed.
B.Management purchased insurance on previously
uninsured property.
C. Management sold a manufacturing plant.
D. After employees stole numerous inventory items,
management implemented mandatory background
checks on all employees.