Governance, Risk management, and
Control questions with actual answers.
COSO ERM- integrating with strategy and performance. ANS -A focused framework intended to ensure
that entreprise risk management (ERM) is used in strategic planing and embedded throughout the
organization. Risk is relevant to strategy selection because a strategy may otherwise not align to the
organization's mission, vision, and core values. The chosen strategy will have implications such as trade-
offs and a profile of risks that relate to achieving objectives and whether enhanced performance can be
achieved.
The framework consists in 20 principles that are subdivided into five components areas:
- governance and objective
- strategy and objective setting: enterprise risk management , strategy, and objective setting work
together in the strategic planning process. A risk appetite is established and aligned with strategy;
business objectives put strategy into practice while serving as a basis for identifying, assessing, and
responding to risk.
- performance
- review and revision
- information, communication, and reporting.
The three components of strategy and objective setting, performance, and review and revision
represent common processes that flow through an organization. The other two components —
governance and culture and information, communication, and reporting— represent supporting aspects
of ERM.
COSO Internal Control- integrated framework ANS -A framework to help a board of directors,
management, and staff design and implement an effective system of internal control, basically a system
,that can provide reasonable assurance regarding achievement of operations, reporting, and compliance
objectives. The framework is a principles-based, dynamic, and integrated process. It fallows for
judgment, is adaptable to different entity sizes and types, and promotes considering how components
interact with one another. It also helps identify and analyze risks to these objectives and has anti-fraud
measures.
The framework has three categories of objectives:
✔️operations objectives: effectiveness and efficiency of operations
✔️reporting objectives: reliability of reporting.
✔️compliance objectives: compliance with applicable laws and regulations.
Internal control has five integrated components:
➖control environment
➖risk assessment
➖control activities
➖information and communication
➖monitoring activities
The framework has 17 principles that are subdivided among the five integrated components.
Performance standard 2110 « Governance » ANS -The internal auditing activity must access and make
appropriate recommandations to improve the organization's governance processes for:
- making strategic and operational decisions
- overseeing risk management and control
,- promoting appropriate ethics and values within the organization
- enduring effective organizational performance management and accountability
- communicating risk and control information to appropriate areas of the organization
- coordinating the activities of, and communicating information among, the board, external and internal
auditors, other providers, and management.
Overlap of common organizational initiative and governance ANS -- compliance with legal or regulatory
requirements
- internal control assessment and reporting
- enterprise risk management
- quality initiative
- transparency and disclosure
- governance structure and processes.
Effective governance ANS -Effective governance is the result of robust synergies among the board,
management, internal auditors, and external auditors.
Responsibilities and activities of the BOARD ANS -- Bears (assume) the primary responsibility for
governance and serves as the focal point for all governance activities;
- establishes, implements, and monitors organization- wide ethics, business practice, and compliance
and standards;
- oversees the CEO and senior management, typically delegating significant authority for day- to- day
operations to them;
, - detects and provides oversight to the CEO and senior management in setting strategic objectives,
establishes risk appetite, establishing effective control systems, monitoring performance, and providing
transparent and timely stakeholders communications.
Responsibilities and activities of the CEO ANS -- sets the « the tone at the top » and « walks the walk;
- bears ultimate responsibility for implementing the organization' governance system;
- acts as the leader and primary m'élever of senior management (i. e, also has the duties listed for senior
management below)
Responsibilities and activities of senior management ANS -- sets strategic direction ( under the oversight
of the board) and establishes an entity's value system;
- provides assurance that risks are managed as part of a risk management process, operations are
monitored, results are measured, and corrective actions are implemented in a timely manner.
Opérations management ANS -- deploys strategy, enforces internal control, and provides direct
supervision for areas under its control;
- is accountable to senior management, and ultimately to the board, for implémentation get and
monitoring the risk management process and establishing effective and appropriate internal control
systems.
Responsibilities and activities of internal auditors ANS -- performs independent and objective
assessments to provide assurance that governance, risk management, and control (GRC) structures and
processes are designed properly and are operating effectively;
- identify and offer recommandations for GRC structures and processes;
- coordinate their work with that of external auditors to minimize gaps in coverage, maximize
efficiencies, and avoid duplication of efforts.