Professional Documents
Culture Documents
Answer Keys
Answer Keys
The primary purpose of internal control activities is to help the organization achieve its objectives.
The purpose of the control environment is to ensure consistent responses to risks that materialize.
Internal financial controls are just one part of a charity’s overall control framework.
The internal control system includes internal control activities and the structure and responsibilities that
relate to them.
Standardized approach: calculates the value for operational risk, using a broad financial indicator,
multiplied by operational loss experience.
Advanced approach: uses the internal loss data and a combination of qualitative and quantitative
methods to calculate the operational risk capital.
The US-based Risk and Insurance Managers Society (RIMS) has undertaken an evaluation of the causes of
the global financial crisis.
ISO Guide 83 suggests that the term ‘interested party’ is preferred, but stakeholder is an acceptable
alternative.
Corporate governance models require the involvement of stakeholders and adequate stakeholder
dialogue.
The Basel II definition includes legal risk but excludes strategic and reputational risk. /
The Basel II definition identifies four types of risk categories: people, process, system, and external risks.
External risks include action by regulators, unsatisfactory performance by service providers and fraud,
both internal and external.
The purpose of our enterprise risk management (ERM) approach is to mitigate risks to the delivery of a
safe, reliable, and cost-effective service to our customers. /
The ERM framework provides a standardized approach to the identification, assessment, recording and
reporting of significant risks. /
Control risks will have a cost associated with controlling the risks, and this cost can be described as the
control acceptance. /
A risk-aware culture requires good communication of risk information from senior management. /
The normalized organization is successful in achieving competent or desirable behaviours, but these are
not yet automatic. /
RMIS have been used for some time to record details of insurance claims. /
internal
CoCo is an external control framework, but it is described in this chapter because it is an established
framework.
Internal
External audit is primarily concerned with risk assurance, and this will be the concern of the non-
executive audit committee in a large organization.
Include
Risk performance and certification reports exclude operational management reports as well as more
formal declarations and certified reports to stakeholders.
compulsory
should
The risk management manual shouldn’t describe the control environment or risk culture.
The Basel II definition includes legal risk, strategic and reputational risk.
Process risks /
System risks /
Process risks include failure of applications systems to meet user requirements and the absence of built-
in control measures.
Credit risk /
Market risk is the risk that there will be a failure by a customer/client to repay the principal and/or
interest on a loan or other outstanding debt in a timely manner, or at all.
Market risk /
Credit risk is the risk that the value of investments may decline over a period.
Basel III /
Basel II requirements have been developed but may not be introduced until 2019.
Ericsson’s /
Ekurhuleni’s risk management is integrated into the operational processes of the business to ensure
accountability, effectiveness, efficiency, business continuity and compliance with corporate governance,
legal and other requirements.
Hazard risks /
Control risks will always have a negative outcome associated with the risk.
Control risks /
Hazard risks will have a cost associated with controlling the risks, and this cost can be described as the
control acceptance.
Naïve
Involvement /
The risk culture of the organization can be defined by leadership, influential, learning, accountability and
communication (LILAC).
Analytical skills range widely and require strategic and not logical thinking /
Corporate governance covers a small range of topics, and risk management is an integral part of the
successful corporate governance of every organization.
ISO Guide 73 /
ISO Guide 83 defines a stakeholder as a ‘person or group concerned with, affected by, or perceiving
themselves to be affected by an organization’.
IDENTIFICATION
Data security
It is essential that the security of customer, colleague and company confidential data is maintained.
Internal control
The elements include resources, systems, processes, culture, structure and tasks.
ISO Guide 73
An internal control framework, but it is described in this chapter because it is an established framework.
People risk
Bank
The largest financial services institution listed on the national stock exchange and is among the 30 most
profitable financial services organizations in the world. /
Selflessness
Holders of public office should act solely in terms of the public interest and should not seek benefits for
themselves, their family or friends. /
Integrity
Holders of public office should not place themselves under any financial or other obligation to outside
individuals or organizations. /
Accountability
Holders of public office are accountable for their decisions and actions to the public and must submit
themselves to appropriate scrutiny.
Openness
Holders of public office should be as open as possible about all the decisions and actions that they take
and give reasons for their decisions.
Honesty
Holders of public office have a duty to declare any private interests relating to their public duties and to
take steps to resolve any conflicts.
Leadership
Holders of public office should promote and support these principles by leadership and example.
Shareholder information
Market risk
The risk that the value of investments may decline over a period.
Model that can be used to measure the current level of risk culture within the organization.
Risk Appetite /
Risk Capacity /
Corporate Governance /
A technique to ensure that an organization has the most effective and efficient processes and operations.
Financial data /
Annual report and financial statements Archived financial information for the past three years.
Operational risk /
ERM /
WAG
CSFSRS
RIMS (4 points)
GRC (3 points)
IIA (3 points)
FOIL
1. Compliance management
2. Hazard management
3. Control management
4. Opportunity management
The awareness campaign could include all the LILAC components and may extend to: (5 points)
1. Naïve
2. Novice
3. Normalized
4. Natural
1. Selflessness
2. Integrity
3. Objectivity
4. Accountability
5. Openness
6. Honesty
7. Leadership
8 major groupings to evaluate the control environment that uses of Canada Post Corporation: (8 points)
1. Leadership
2. Planning
3. customer focus
4. people focus
5. process management
6. partnership
7. business performance
8. continuous improvement