D. Enterprise Risk Management

  1. Enterprise risk
    a. Types of risk
    b. Risk identification and assessment
    c. Risk mitigation strategies
    d. Managing risk

Part 2 – Section D.1. Enterprise risk

The candidate should be able to:

  • a. identify and explain the different types of risk, including business risk, hazard risk, financial risk, operational risk, and strategic risk
  • b. demonstrate an understanding of operational risk
  • c. define legal risk, compliance risk, and political risk
  • d. demonstrate an understanding of how volatility and time impact risk
  • e. define the concept of capital adequacy (i.e., solvency, liquidity, reserves, and sufficient capital)
  • f. explain the use of probabilities in determining exposure to risk and calculate expected loss given a set of probabilities
  • g. define the concepts of unexpected loss and maximum possible loss (extreme or catastrophic loss)
  • h. identify strategies for risk response (or treatment), including actions to avoid, retain, reduce (mitigate), transfer (share), and exploit (accept) risks
  • i. define risk transfer (e.g., purchasing insurance, issuing debt)
  • j. demonstrate an understanding of the concept of residual risk and distinguish it from inherent risk
  • k. identify and explain the benefits of risk management
  • l. identify and describe the key steps in the risk management process
  • m. explain how attitude toward risk might affect the management of risk
  • n. demonstrate a general understanding of the use of liability/hazard insurance to transfer risk (detailed knowledge not required)
  • o. identify methods of managing operational risk
  • p. identify and explain financial risk management methods
  • q. identify and explain qualitative risk assessment tools including risk identification, risk ranking, and risk maps
  • r. identify and explain quantitative risk assessment tools including cash flow at risk, earnings at risk, earnings distributions, and EPS distributions
  • s. identify and explain Value at Risk (VaR) (calculations not required)
  • t. define enterprise risk management (ERM), and identify and describe key objectives, components, and benefits of an ERM program
  • u. identify event identification techniques and provide examples of event identification within the context of an ERM approach
  • v. explain how ERM practices are integrated with corporate governance, risk analytics, portfolio management, performance management, and internal control practices
  • w. evaluate scenarios and recommend risk mitigation strategies
  • x. prepare a cost-benefit analysis and demonstrate an understanding of its uses in risk assessment and decision making
  • y. demonstrate an understanding of the COSO Enterprise Risk Management— Integrated Framework