ACCT 3303 Final Exam Review (Chapter 2)
What are the four traditional risk responses?
1. Accept: The business acknowledges the risk but chooses not to act. 2.Avoid: Completely avoiding events causing the risk. 3.Mitigate (Most common): Accept the risk but minimize the impact. 4.Transfer: Shifting the risk to a third party.
What are some ways to identify risks?
1. Brainstorming possible risks 2. Using data from previous events to predict future ones 3. Mapping out business processes to search for flaws 4. Creating assumptions about operations and risks
What are the three major external risk categories?
1. Compliance risk: Regulatory fines 2. Strategic risk: Beaten by competition 3. Physical risk: Natural disasters
What are the three major internal risk categories?
1. Operational Risk: Tech interruption 2. Financial Risk: Failed investment 3. Reputational Risk: Negative publicity
What are the four steps of ERM?
1. Risk identification 2. Risk categorization 3. Risk prioritization 4. Risk response
What is a heat map?
A form of risk matrix that uses different colors to show relations of different values depending on the category.
What is the meaning of internal risks?
Any risks that occur during a company's operations. They tend to be preventable if the risks are carefully identified and managed.
What does risk management require?
Critical thinking and decision-making skills; they are both needed to understand the situation and come up with the proper solutions.
What does ERM stand for and what is its purpose?
ERM stands for enterprise risk management, and it is the comprehensive process of identifying, categorizing, prioritizing, and responding to a company's risk.
What is the meaning of external risks?
External risks come from outside the company; they are not easily predictable, but companies do the most they can to prevent them.
What are the two types of identified risks?
Internal risks and external risks
What does inherent risk consist of?
Likelihood and impact.
What is the difference between likelihood and impact for risks?
Likelihood- Probability of a risk occurring Impact- Estimate of damage caused if the risk ends up happening.
How are qualitative and quantitative methods used to rank risks?
Qualitative method: assigns likelihood and impact. Quantitative impact: scores each risk from 1-5, with 1 being the lowest and 5 as the highest. The two #'s are multiplied to get the final score.
What does a risk matrix do?
Risk matrices gives meaning to the risks besides just using a number scale.
What is inherent risk?
Risk that is natural for a business process or activity to have if no solutions are in place.
What is risk appetite?
The amount of risk a company wishes to take in a period of time.
What are the two parts of the risk statement?
The issue and the possible outcome that comes with it.
What is the definition of risk?
The likelihood of an unfavorable event occurring, which includes any hinderances or losses to a business.
How is an optimal risk achieved?
The optimal risk is achieved through the highest expected enterprise value for the risk level given.
What is residual risk?
The remaining risk from a business process/activity after performing a risk solution
What is a risk inventory and when is it updated?
The risk inventory is a list that has all possible risks made known to the business, it is updated once a company identifies + categorizes risks.