What's new

P1.T1.606. ERM and governance (Topic review)

Nicole Seaman

Director of FRM Operations
Staff member

606.1 In June 2016, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) published a draft update of its Enterprise Risk Management (ERM) Integrated Framework. (The Committee of Sponsoring Organizations of the Treadway Commission (COSO) and World Business Council for Sustainable Development (WBCSD). https://www.coso.org/Documents/COSO-WBCSD-ESGERM-Guidance-Full.pdf)

The Framework contains some classic ERM definitions. Below are five definitions from the glossary but the terms (to which they refer or define) are omitted:

I. The types and amount of risk, on a broad level, an organization is willing to accept in pursuit of value
II. The maximum amount of risk that an entity is able to absorb in the pursuit of strategy and business objectives
III. A process, effected by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and compliance.
IV. A composite view of the risk assumed at a particular level of the entity, or aspect of the business model that positions management to consider the types, severity, and interdependencies of risks, and how they may affect performance relative to its strategy and business objectives.
V. The culture, capabilities, and practices, integrated with strategy-setting and its execution, that organizations rely on to manage risk in creating, preserving, and realizing value.

Which sequence of terms correctly matches each term to its definition above?

a. I. Risk Profile , II. is Enterprise Risk, III. is Inherent Risk, IV. is Risk Appetite, V. is Residual Risk
b. I. is Enterprise Risk, II. is Residual Risk, III. is Risk Appetite, IV. is Risk Capacity, V. is Inherent Risk
c. I. is Risk Appetite, II. is Risk Capacity, III. is Internal Control, IV. is Risk Profile, V. is Enterprise Risk
d. I. is Internal Control, II. is Inherent Risk, III. is Risk Profile, IV. is Enterprise Risk, V. is Risk Appetite

606.2. Stulz has argued for the Risk Management Irrelevance Proposition which holds that it is difficult for risk management to add value when financial markets are perfect. According to this proposition, many of the opportunities for risk management to add value are genuinely present because markets, in fact, contain several imperfections. According to Stulz's logic, each of the following is an viable opportunity for the risk manager to increase (or add to ) the firm's value EXCEPT which is the LEAST LIKELY to add value?

a. Reduce the implicit and explicit costs of financial distress to the firm
b. Modify the management's pay incentives to better align compensation
c. Reduce the firm's relatively high beta by shorting S&P 500 futures contracts
d. Encourage the firm to undertake new project(s) that are positive in net present value but undesirable due to debt overhang
(Source: René Stulz, Risk-Taking and Risk Management by Banks, Journal of Applied Corporate Finance 27, No. 1 (2015))

606.3. In reaction to certain stakeholder concerns and several risk event "near-misses," International Thrift Bank--which is a publicly-traded bank with $40.0 billion in assets--just redesigned its approach to corporate risk governance in order to better comply with so-called best practices, including accountabilities, processes and policies. Each of the following is an element of their new risk governance program EXCEPT which is the LEAST LIKELY to be included?

a. The formation of an enterprise-wise Risk Committee of the board of directors
b. A new policy prohibiting directors from owning stock, or being paid in the bank's stock, in order to avoid actual and perceived conflicts of interest
c. A new requirement that the board must have at least one director who has expertise in risk; ie, who has experience identifying, assessing, and managing risk exposures of large, complex firms
d. A new requirement for a written Corporate Risk Policy that is updated periodically and includes, among other items, an articulation of the organization's risk appetite and an identification of roles and responsibilities

Answers here:
Last edited: