Skip to content
ACCA exam results — Are you ready?Chat about it >>

ACCA Forums

General ACCARisk Management Framework

AAC10y ago
hi all, was wondering if someone can help me. I get really confused when a question is asked about risk management and risk assessment. My ques is if a question asks about risk assessment framework is that referring to just TARA? and when about risk management framework then expecting us to talk about COSO? Also my other confusion is, if question on components of internal control or how to ensure effectiveness of internal control is asked, is that also COSO? So effectively is it the same answer that would be for risk management framework (talking about COSO)? Hope my question makes sense. I would be grateful. I get very confused with internal control/ risk management ques as in what is the expected right ans.
JJimm10y ago#1
I believe risk assessment is looking at the impact and probability. TARA is for risk planning = risk management strategies. COSO is for Internal control = looking at 5 areas. I remember this by thinking CRIME It would be a crime not to remember COSO haha 1.Control Activities = OAPSPASM 2.Risk Assessment = part of internal control is assessing risk 3.Information and communication flow = this looks at how company communication is, is there a culture if secrecy? if there is then internal control is probably not effective. 4. Monitoring = Overall responsibility of CEO but delegated to Audit Committee which is further delegated to internal audit dept. 5. Environment = this is the tone at the top, what are directors attitude re internal control, if they don't care generally, this attitude will probably cascade down to employees. Your second paragraph is answered above - how to monitor effectiveness = CRIME Hopefully this overall process clarify your confusion (Mike Little = Please correct me here if I am wrong!) 1. Company strategy = this is what the company wants to achieve. 2. Risks = there are risks that company faces in meeting their objectives, these can be minimised by sound internal control. 3. How sound internal control is = assessed using COSO framework (CRIME) R of cRime is Risk Assessment = this is looking at impact x likelihood = urgency based on the assessment, company can employ TARA strategy to manage risks of not achieving their stated objetives at point 1.
Sign in to reply to this topic.