Free ACCA & CIMA online courses from OpenTuition

Free Notes, Lectures, Tests and Forums for ACCA and CIMA exams

20% off ACCA & CIMA Books

OpenTuition recommends the new interactive BPP books for March 2025 exams.
Get your discount code >>

Risk Management Framework

Forums ACCA Forums General ACCA Forums Risk Management Framework

  • This topic has 1 reply, 2 voices, and was last updated 9 years ago by Jimm.
Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • June 5, 2016 at 3:57 pm #319634
    AC
    Member
    • Topics: 1
    • Replies: 0

    hi all, was wondering if someone can help me. I get really confused when a question is asked about risk management and risk assessment. My ques is if a question asks about risk assessment framework is that referring to just TARA? and when about risk management framework then expecting us to talk about COSO?

    Also my other confusion is, if question on components of internal control or how to ensure effectiveness of internal control is asked, is that also COSO? So effectively is it the same answer that would be for risk management framework (talking about COSO)?

    Hope my question makes sense. I would be grateful. I get very confused with internal control/ risk management ques as in what is the expected right ans.

    June 5, 2016 at 6:53 pm #319671
    Jimm
    Member
    • Topics: 0
    • Replies: 1

    I believe risk assessment is looking at the impact and probability.

    TARA is for risk planning = risk management strategies.

    COSO is for Internal control = looking at 5 areas. I remember this by thinking CRIME
    It would be a crime not to remember COSO haha

    1.Control Activities = OAPSPASM
    2.Risk Assessment = part of internal control is assessing risk
    3.Information and communication flow = this looks at how company communication is, is there a culture if secrecy? if there is then internal control is probably not effective.
    4. Monitoring = Overall responsibility of CEO but delegated to Audit Committee which is further delegated to internal audit dept.
    5. Environment = this is the tone at the top, what are directors attitude re internal control, if they don’t care generally, this attitude will probably cascade down to employees.

    Your second paragraph is answered above – how to monitor effectiveness = CRIME

    Hopefully this overall process clarify your confusion (Mike Little = Please correct me here if I am wrong!)

    1. Company strategy = this is what the company wants to achieve.
    2. Risks = there are risks that company faces in meeting their objectives, these can be minimised by sound internal control.
    3. How sound internal control is = assessed using COSO framework (CRIME)
    R of cRime is Risk Assessment = this is looking at impact x likelihood = urgency
    based on the assessment, company can employ TARA strategy to manage risks of not achieving their stated objetives at point 1.

  • Author
    Posts
Viewing 2 posts - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.