Governance, Risk Management, and Compliance (GRC)

Questions and Answers

Which of the following best describes the purpose of 'control' in the context of governance?

• To ensure compliance with legal regulations.
• To increase the likelihood of achieving organizational objectives. (correct)
• To manage and mitigate all potential risks.
• To define the intended outcomes of an organization.

What is the primary goal of risk management within an organization?

• To identify, assess, and manage risks to provide reasonable assurance of achieving objectives. (correct)
• To solely focus on avoiding risks that could lead to financial loss.
• To eliminate all possible risks the organization may face.
• To transfer all risks to a third-party insurance provider.

Which of the following elements falls under the 'oversight' component of governance?

• Establishing limits of organizational conduct.
• Defining overall objectives.
• Determining the business model.
• Internal and external assurance activities. (correct)

How does organizational culture primarily influence governance practices?

By reflecting the unique values, objectives, and strategies, thereby shaping the approach to effectiveness. (C)

Which of the following best describes the role of 'principles' in business ethics?

Specific boundaries for behavior that often become the basis for rules. (A)

How does 'corporate social responsibility' broaden a firm's focus?

By addressing the interests of various stakeholders, not just investors, as a priority. (C)

In stakeholder theory, what does the 'normative' approach primarily define?

Ethical guidelines that dictate how firms should treat stakeholders. (B)

What is the core issue in the classic agency problem in corporate governance?

Aligning the interests of investors and managers. (B)

What is the role of 'ethical awareness' in ethical decision making?

The ability to perceive whether a situation or decision has an ethical dimension. (D)

How is 'risk' typically measured in the context of risk management?

In terms of impact and likelihood . (D)

Flashcards

Objectives

Defined, intended outcomes

Control

Increase the likelihood of achieving objectives

Internal Control

Designed to provide reasonable assurance of achieving objectives

Risks

Possibility of an event impacting objective achievement

Risk Management

Identify, assess, manage, and control risks

Governance

Ensure entity effectively directs toward meeting objectives

Values

Enduring beliefs that are socially enforced

Principles

Boundaries for behavior that become rules

Morals

Personal philosophies defining right and wrong

Optimization

Trade-off between equity and efficiency

Study Notes

• Governance, Risk Management, and Compliance (GRC) comprises three pillars for organizational success.

Governance Part 1

• Objectives are defined as intended outcomes.
• Control increases the likelihood of achieving objectives.
• Internal Control is a process designed to provide reasonable assurance of achieving objectives.
• Risks are events that can impact the achievement of objectives.
• Risk Management involves identifying, assessing, managing, and controlling risks.
• Governance ensures an entity effectively and efficiently directs itself toward meeting its objectives.

Major Components of Governance

• Strategic Direction determines the business model, overall objectives, risk-taking approach, and limits of organizational conduct.
• Oversight includes risk management, internal, and external assurance activities.
• Governance practices should reflect the unique culture of an organization.
• Organizational Culture sets values, objectives, and strategies.
• Roles and behaviors are defined and performance is measured to specify accountability.
• Governance ensures compliance with legal and regulatory rules.
• Governance satisfies business norms and enhances stakeholder interests.
• Reporting to stakeholders is ensured fully and truthfully.

Governance Part 2: Business Ethics

• Values are enduring beliefs and ideals that are socially enforced.
• Principles are specific boundaries for behavior and often become the basis for rules on human rights.
• Morals are personal philosophies that define right and wrong.
• Business Ethics includes organizational principles, values, and norms.
• A Moral dilemma occurs when two or more morals conflict.
• Ethical culture includes organizational principles, values, and norms adhered to by the company.
• Corporate social responsibility prioritizes actions associated with interests of various stakeholders.
• Sustainability relates specifically to the environment.
• Business ethics contributes to employee commitment, investor loyalty, customer satisfaction, and profits.

Stakeholders and Ethical Issues

• Ethical issues in business are approached using stakeholder theory.
• Normative approach identifies ethical guidelines that dictate how firms should treat stakeholders.
• A descriptive approach focuses on the firm's behavior and how decisions are made for stakeholder relationships.
• Instrumental approach describes what happens if firms behave in a particular way.
• Primary stakeholders are absolutely necessary for a firm's survival, (customers, shareholders, employees, and suppliers).
• Secondary stakeholders are not typically engaged directly in transactions with a company.
• Other stakeholders have a "stake" in some aspect of a company's products, operations, and outcomes.
• A classic agency problem involves the separation of ownership (investors) and control (managers).
• Managers act as agents for investors, aiming to increase the value of the stock.
• Corporate governance mechanisms are needed to align investor and management interests.

Foundational Values and Ethical Decision Making

• Integrity is considered an element of virtue and unimpaired condition.
• Honesty is defined as truthfulness or trustworthiness.
• Fairness is just, equitable, and impartial.
• Equality is the distribution of benefits and resources.
• Reciprocity is an interchange of giving and receiving in social relationships.
• Optimization is a trade-off between equity and efficiency.
• Ethical awareness is the ability to perceive an ethical dimension in a situation or decision.
• Ethical issue intensity involves the relevance or importance of an event or decision.
• Moral intensity involves individuals' perceptions of social pressure and the harm they believe their decisions will have on others.
• Those more familiar with ethical decision making due to education or experience are likely to spend more time examining and selecting different alternatives to an ethics issue.

Risk Management Part 3

• Risk is the possibility of an event impacting the achievement of objectives and is measured terms of impact and likelihood.
• Residual Risk remains after a risk response.
• Opportunity positively affects the achievement of objectives.

Risk Appetite and Tolerance

• Risk Appetite is the amount of risk an entity is willing to accept in pursuit of value.
• Risk Tolerance is the specific maximum risk that an organization is willing to take regarding each risk.
• Risk Management involves identifying, assessing, managing, and controlling events to provide reasonable assurance regarding achievement of objectives.

Risk Management Process

• Risk Identification is performed for the entire entity using audits, brainstorming, and SWOT analysis.
• Risk Assessment and Prioritization uses event probabilities and potential effects to prioritized the risks.
• Processes involve estimating impact, assessing likelihood, and considering means to manage.
• Risk Modeling uses qualitative (listing, ranking) and quantitative methods (probabilistic, weighted models).
• Risk Avoidance avoids the activity.
• Risk Retention accepts the risk.
• Risk Monitoring tracks identified risks, evaluates risk response, monitors residual risk, and identifies new risks.