 Hello and welcome to this session in which we would look at the COSO Enterprise Risk Management ERM Integrated Framework and specifically we're going to be looking at information, communication and reporting. This is part five of five. Simply put I already covered the first four components of ERM and this will be the fifth component. Now before I start I would like to remind you that if you are studying for your CPA exam, I don't I don't suggest you memorize mnemonics about ERM. I strongly suggest you understand the components of ERM. First if you want to memorize the mnemonics as a second step that's fine but don't try to memorize the mnemonics, understand them then memorize them and this is what I can do on foreheadlectures.com. I explain the material for you and I explain each component separately. Once you understand the components then you can go to your CPA review course and use the durn mnemonics to help you understand the material. So simply put subscribe to my website I do have multiple choice and additional resources for you and it will help you add 10 to 15 points to your CPA exam score by helping you understand the material better. Now your risk with me is one month of subscription you try it if it doesn't work you cancel if you try it it works you keep it and the potential is passing the CPA exam are you willing to take that risk that's your risk and if not for anything take a look at my website to find out how well or not well your university is doing for the CPA exam. Also take a look at my additional courses that I offer for you in addition to the CPA exam if you need help with your accounting courses please connect with me on LinkedIn if you have done so and take a look at the LinkedIn recommendation people that use my system to pass the exam like this recording follow me on Instagram and Facebook so simply put we're going to be looking at the last component of the RM and this component has three principles so the assumption here is I'm not going to go over ERM definition again because the assumption here if you're watching this it means you're either familiar with the RM or you are looking specifically for information communication and reporting in this section this component has three different principles leveraging information system community communicate risk information and reporting on risk starting with leverage leveraging information system what do we mean leveraging it means using other things something else to to your advantage you would leverage information system to support the enterprise risk management how do you do so there are many ways you can do so I'm going to give you one example because information system it encompass many many things but I'm going to give you a specific example that you can relate to to get to the point for example we have data what is data it's raw fact collected for analysis data big data we are familiar with big data so what we do is we're going to capture collect and process the data into useful information and our information system will help us do that we can that data could be internal data external data we can buy this data we can download it from a third party it doesn't matter and what what happened is once we process this information and once we process the data and to better information it's going to help us make better decision better decision to do what to run our enterprise risk management system so data will help us but we have to leverage our information system to help convert the data into actual decision making what could be a good example for example airline companies they could collect data about their competitor pricing model from open sources for example if you're an airline company you want to go on different websites those travel website and see how many seats and what prices are your competitors offering this way you can determine your price then your price is competitive this is one way to do it same thing with hotels they can go on hotels.com they can go on trivelocity.com and find out what other hotels in your area are are are charging take this data analyze it then make a better decision so notice what's happening is you're using your information system your data processing to support your decision for pricing because part of your pricing is part of your business objective so it's so your business objective is to make a profit to have proper pricing so your business is competitive here you are leveraging your information system now we have two types of data and we'll be discussing more about data in a separate recording we have a structured data structured data as well organized and easy searchable and easy to analyze here we are looking at excel sheet public indexes database file so on and so forth basically structured data as rows and columns with specific you know numeric figure or data that can be easily you can run averages or regression whatever you want to do on structured data they don't have a predefined pattern like what you're looking at emails emails it's word it's word or you're analyzing word documents you're looking at photos websites which is information all over the place tax files and you will try to make sense out of it you mean both data are important you want to have a structured data and we'll talk about data later on because it's easier to analyze okay now communicate communicate risk information remember in the first four components we talked a lot about risk we set the risk we determine what our risk is we identify it we assess it we prioritize it but at the end of the day we have to communicate this risk to support erm so each person in the company they have to know what risk do they deal with now some some department some come some department some individuals might be responsible for different type of risk for example the person in the warehouse may not worry about the foreign currency risk of the company because that's not their concern maybe the risk in the warehouse is safety okay so yeah so you don't you're not gonna you're not gonna communicate the same information to them that you communicate to your account receivable or foreign currency transaction desk because they will be interested in foreign currency fluctuation but you have to communicate risk to through the organization you have to have an open communication channel and the communication has to be to internal parties and external parties sometime as needed for example you want you you may want to report certain risks to the to the to the FDA or to the IRS I'm not IRS the SEC or the FAA depending on what industry you work with okay or the Department of Labor you have to communicate those risks obviously the management and the board of directors they should be in continual communication about risk because they want to see what's going on with the risk appetite if we need to reduce it increase it how are we doing now how do we communicate risk there are many ways you can communicate risk basically meetings emails written documents public board town hall meeting one-on-one discussion whistleblower hotlines there are so many different ways that you could communicate risk to people within the organization people outside the organization but that communication has to happen in support of the ERM so everyone is responsible for certain business objective for certain strategy they need to be aware of the risk involved this way we are in control in addition to communication we have to report on risk how to report on risk well not only risk we report on the risk of the company the culture the performance of the company on the across different level now why we we need to do that why we need to report again to support personnel to support their decision making understand the relationship among risk culture and performance because people who are making decision they have to they have to they have to have that information why because they set the strategy as as i just mentioned earlier you have a strategy you have corporate governance you have day to day operation they're all interrelated so you have to communicate and report make sure everyone is on the same page depending on their risk risk responsibility okay so the information obviously has to be accurate complete clear and has to help you have a forward-looking decision so it should help you make a better decision how often should you communicate how often should you report on risk not communicate report on risk as well well it all depends on the severity of the risk and how what's the priority of the risk for example if you're dealing with crisis like if you if you if COVID-19 is is affecting your business you have to basically report on how what's COVID-19 doing to your risk on a daily basis until because it's severe and prioritized risk so depending on how severe and how prioritize sometimes you want to report on a weekly for example if you work at a place like Walmart they may report on safety within the store on a weekly basis what's happening on a weekly basis so depending on the business that you are in and including reporting on risk you want to know the difference between KRI and KPI KRI are key risk indicators they are predictable predictable in other words they're going to give you a future a future indicator other predictable future a futuristic point of view of unfavorable event that can adversely impact the organization that's what KRI are they monitor changes in the level of risk exposure contribute as an early warning system notice KRI it tells you something might something is changing be aware of it it might affect your risk so those early signals if you can detect them early and enable the organization to report risk prevent crisis and mitigate them in time okay they can be quantified in terms of percentage numbers or they can be in terms of high low medium okay an example of KRI is an upward trend in the default rate by large customers in a specific industry so you have many customers but you're noticing in one specific industry and their large customers let's assume you sell to building construction companies one of your one's one of your large customers not one of your customers one of your customers is but you also sell to other industries not only building industry you sell to retail you sell to health industry but the the construction the construction you're noticing and the default the default rate in the construction companies are going up so this is a key risk indicator it's telling you something happening in that specific industry make a note of it because you're looking at this information and you're comparing it to health the hospitals and the hospitals are doing well they're not defaulting but the but the construction business are doing are not doing well this is a KRI it's a futuristic indicator it's an early warning system versus key performance indicators those are designed as to offer a high level overview of the organization performance okay so they do not offer early warning signals so no the difference between performance and risk risk if they're warning you there's risk coming be careful keep key performance indicator just telling you what's going on basically after the fact okay they are important to analyze trend and monitor performance but usually after the fact so an event already occurred for example now you have five percent of your loan portfolio is in the fault well that's fine now i know this it's historical data at this point it will be part of my key performance but as that the fault rate is going up in a particular industry i'm going to capture this through what's called KRI key risk indicator okay that's the difference between the two make sure you know the difference and basically we cover the five components of ERM as i mentioned earlier don't try to memorize them i mean if you want to memorize them that's fine but understanding them is better than memorize them let them make sense complete as many multiple choices as you can i'll have multiple choice on my website that's gonna help you practice and you want to do that in addition to your CPA review course once again give me a chance i can help you i'm not gonna i can't help you by myself i can help you in conjunction with your CPA review course good luck study hard and stay safe