 Hello, and welcome to the session in which you would look at the COSOS, Enterprise Risk Management System, the Integrated Framework, and specifically we're going to be covering review and revision. This is part four of five. Simply put, I already covered part one, governance and culture, strategy and objective setting and performance, which is those, the first three really define ERM, if you're going to take a look at the definition of ERM, those basically, now what you are doing for four and five, you're starting to review ERM, and you are starting to make improvement to ERM. So starting with review and improvement. But before I start, most likely, if you are listening to me, you are studying for your CPA exam. If that's the case, I strongly suggest you check out my website, farhatlectures.com. I am pretty sure you are taking a CPA review course to study for the exam. I don't replace your CPA review course, that's not what I am offering you. I'm offering you an alternative explanation, a supplemental explanation, a backup explanation for your CPA review course. So I can be a useful addition. I can add 10 to 15 points to your exam by explaining the material differently, maybe better, maybe not better, but at least differently, which will help you understand the concept, which will help you take advantage of your CPA review course when they give you those mnemonics. It's easier to remember mnemonics when you understand the concept. Now, if not for anything, take a look at my website to find out how well is your university doing on the exam. And simply put, your risk with me is one month of subscription. If you like it, you keep it. If not, you cancel your potential gain, as I could possibly help you pass the exam. Are you willing to take that risk? That's my question to you. And I do have resources for other accounting courses as well. Please connect with me on LinkedIn if you haven't done so. And take a look at my LinkedIn recommendation. People that use my system to pass the exam like this recording, share it, connect with me on Instagram and Facebook. So simply put, we're going to be looking at part four of five of the five component and it has three principles, which is assess substantial changes, review risk, and improvement in ERM. I would say this session is pretty straightforward, shorter, relatively to the other previous three sessions, starting with assess substantial change. Now, yes, in the prior session, we learned about how to identify risk, how to prioritize risk, how to assess risk, but you don't, you don't do it once and you stop. You want to assess any substantial changes because your environment is constantly changing. Maybe your risk was here and now it's higher. So you have to be careful. You have to be careful in determining what's going on, what's going on. So constantly look out for those risks. Are there any new changes or changes in risk to be integrated in our risk portfolio? So how often you want to do this? I'm not sure. Maybe when there's an event, where every time there's an event, you think, let me review if that event changes my risk tolerance. So how do I identify changes? What are certain events that are considered internal to the environment that they happen that are internal and some events are considered external? When those happen, you really want to take a look to see if you should be, if you should be starting to assess any substantial change in your risk profile. What are those internal environment? Well, rapid growth. You might say, why is rapid growth a risk? Yes, if you're growing too fast, you may not be able to keep up and may sometime you might fall under your own weight. So if you have a lot of sales and you cannot keep up with it, maybe customers are not happy, they may leave you for another party. So that's why you have to be able to keep up with the rapid growth. Innovations. There's a new innovation and it's making your product obsolete. That's a threat. You have to be aware of this. Constant employee turnover. Your employee are constantly leaving. So you don't have good employees or you have a new, not new, new CEO, CFO, CRO, Chief Risk Officer, etc. You have leadership changes. Well, that's gonna, that's gonna, that's gonna change your culture. And as a result, it might change your risk profile. And we also have, and these are not the only factors that are other factors. And there are external factors. Usually it's a regulatory environment. There was changes in how the FDA approved certain product, or how the FAA, or how the government or how the SEC, whatever report the SEC want, that's external regulation. We might be going through an economic recession. As a result, your risk profile might change. Or economic expansion for that matter. New administration. For example, now we have Biden instead of Trump. What's going to happen to taxes? What's going to happen to climate change regulation? Well, those are new factors, external environment that might increase your risk or reduce your risk. So you want to constantly be assessing any substantial changes. Well, a case in point, COVID-19. That's a huge risk. That's external to your environment. And you have to deal with it. So first, you have to assess any substantial changes. Then you have to review. You have to constantly periodically review risk and related performance. Again, it's not you do it once and you just forget about it. You have to review it. How are you doing on a constant, constant basis? You have to review that. Okay. Are there any risks that's becoming greater than our risk tolerance? Because maybe the risk is now becoming so great that we cannot tolerate that risk. So the actual risk, remember, has to be less than our risk tolerance. You have to look for any unidentified risk. And this is an important concept because, because once Bill Gates was asked, what keeps you awake at night when, you know, Microsoft was in, I'm sure it's, it keeps him awake at night. Now what keeps you awake at night? He said some new person that's coming up with a new product that I'm not aware of, which is unidentified risk. So that's the most, that's the, that's the, that's the, that's the worst type of risk because you're not aware of it. It comes to you from the side and you're not aware of it. So how can you find any unidentified risk? Use data, artificial intelligence, always look at new research, what's going on in the industry. Or when you, when you do, when you review risk, you want to see if you're improperly assessing risk. Did we estimate the risk properly? What could be an example of that? For example, let's assume we're an airline company and we want to, every year we want to increase our, our, like for example, per day we have three trips, three trips to the West Coast on a daily basis. Then a year later we said, okay, let's now try five, five trips to the West Coast. Well, guess what? Three was, you know, we were really handling three very well and even with five, we're handling five very well. Maybe you want to increase that to seven, seven trips per day to the West Coast, because we were not really properly assessing, estimating our risk properly. That could be an example of it. Or could be opportunities to accept more risk. For example, let's see, maybe we want to start to go to Mexico, have two flights to Mexico City. Okay. There are opportunities to, to accept more risk. Are we taking sufficient risk in our company? So you want to constantly review this. Okay. So you need to revise target performance or tolerance on a regular basis. And you do so by changing your business objective, your business strategy, your culture sometime, risk prioritization, how you prioritize risk, how to respond to risk, and your risk appetite. And obviously when you change those, they have to be approved by the board of dye rector. So this is what review risk means on a regular basis. Take a look at your risk situation. Are you taking enough risk? Are you taking too much risk? Are you not taking enough risk? Okay. And adjust accordingly. The third component is improvement in ERM. So you have to continuously improve your process. So continually improve ERM at all level, because the business environment is very dynamic these days. And I hope you know this. I mean, product, they become absolutely back and back, like maybe 25, maybe 30 years ago, maybe, yeah, I would say 30 years ago and older, you know, the product cycle will do something like this. So it will take time until the product cycle reaches a peak, then it goes down. Nowadays, the product cycle looks something like this. So it reaches a peak, go down very quickly, reaches a peak, go down very quickly. So you are in a dynamic environment. So you have to continuously review, revise your risk, improve your ERM. So what are some of the methods for improving ERM? Like just to give you an example, maybe I should give you an example. Maybe when the CD came out, the CD, you know, CD-ROM, all cassettes, let's start with cassette tape. When the cassette tapes were out, the cassette tapes lasted maybe for 20 years. Okay. So if you're producing cassette tapes, or if you're using cassette tapes as part of your business, as your input, then, you know, it's pretty stable, whether you're producing or using. When the CD-ROM came out, the CD-SROM, they came out and they became absolutely quite overnight. Now we have the basically virtual, you know, you can stream music. Now it's going, the business cycle is shorter and shorter. Therefore, you have to respond to those changes very quickly. So method for improving ERM will be technology. You want to know what's going on in technology, what changes are going on, using big data, data mining, any technology, artificial intelligence to help you keep up to date with what's going on in the industry. Review historically weak areas. If you know that you've been having hard time projecting foreign currency, projection, because you need that for your business, because you buy raw material in foreign currency, you want to improve that. You may want to restructure your whole company to better align with risk management. And I'm pretty sure if you work for a company, I'm sure they went through various restructuring. And the reason the company goes through restructuring, because they believe the environment has changed. Therefore, they have to change the restructuring system to comply with that environment and changes in risk appetite. Okay. Okay. You might have a new product that you thought it's going to be either more or less volatile than expected than it was not. Then you change your risk appetite. Then you change your risk appetite based on that feedback. And also, you want to add new risk categories on a continuous basis to keep up with the environment. And one notable exception, one notable example, not exception, one notable example of this adding new risk category, the cybersecurity. Maybe 30 years ago, or even 20 years ago, companies did not really care about cybersecurity. It was not an issue. Now it's an issue. Then you have to add it to your risk portfolio, adding new risk categories, cybersecurity, benchmarking and industry data. You want to take a look at benchmarking and industry data to help you and your improvement, whether you are doing well or not well. So simply put, we covered those four sections so far. The last section is information, communication and reporting. And there are three principles and notice in total five, 10, 14, 17, and we'll cover 20 principles. As I told you, you really don't want to memorize them because there's a lot of memorization in BEC. You're going to become overwhelmed. Understanding them will help you better. And that's why I go over each one of them separately to help you understand the concept. If you understand the concept, hopefully they will make sense. Once they make sense, you can, by practicing multiple choice, then it will become easy for you to answer the actual multiple choice on the exam. So understanding them plus practicing will help you prepare for the exam without relying on your memory. Now it makes sense. You don't have to use those memory cells to remember them. You would use your memory cells for something else. It's easier to understand them. As always, I'm going to invite you again to take a look at my website, farhatlectures.com, whether you are a CPA candidate or an accounting student. I can help you improve your grade, give me a chance, study hard, good luck, and stay safe.