Been taking this subject call "AA 205 Control and Risk Management". To show my appreciation of this subject and what have I learnt from these gruelling 3 months (one semester), I am going to apply the things/knowledge that I have learnt from this module. The case on hand, "My Life now".

The "main course" of this subject is the COSO Enterprise Risk Management Framework (CERMF). Basically it tells about the elements of managing an enterprise's risk (duh..) and how to go about doing it. Let me give you an idea of what it is about, using the facts from the above case.

Enterprise name
ME

Internal environment (the foundation of doing the risk management)
(i) structure and culture - healthy, no-stress advocate
(ii) risk philosophy - do not get into any major trouble
(iii) commitment - try to study and understand everything that I need to know (the problem
is, I am not really sure of what is it exactly that I need to know)
(iv) risk appetite - VERY LOW!!! (need to keep up my result to a certain level to avoid being
called up to meet Ms Ong to yam-cha again...)

Objective setting (what I hope to achieve)
Do well in my exam (when I say do well means I get at least not a C....)

Event identification (possible events that can affect the achievement of objectives)
(i) failure of finishing my study (R1)
(ii) failure of keeping to my study plan (R2)
(iii) failure to remember my exam dates (!!!) (R3)

Risk assessment (assess the likelihood of the event happening and the impact of it happening)
R1: Likelihood- VERY LIKELY; Impact- CATASTROPHIC
R2: Likelihood- VERY LIKELY; Impact- CATASTROHPIC
R3: Likelihood- not likely; Impact- CATASTROPHIC

Conclusion: This enterprise is in a very dangerous position and actions need to be taken, FAST!

Risk response (actions taken to bring the likelihood and impact within the desired risk tolerances)
R1: Reduction- try to study as much as possible > reduce likelihood but not impact
R2: Reduction- make myself wake up early every morning and go library to study > reduce
likelihood but not impact
R3: Reduction- put the exam timetable on the sift board in front of me and mark the exam
dates on my calender (I check my calender everyday) > reduce likelihood but
not impact

Control activities (policies and procedures that help ensure that the risk responses are carried out)
Existing control- NONE!

Information and communication (be updated with the latest news regarding exam)
MSN: a platform for me to ask friends questions and discuss about past year paper, and most
importantly, know about possible exam tips!!
Effectiveness: High, got to discuss questions and exchange ideas with friends, which open my
perspective.

Other means of exchanging information: Casual talk with roommate.

Conclusion: Overall good information and communication structure

Monitoring (assess the presence and functioning of the components over time)
(i) through on-going activities- perform real time review on how much is left to study;
going to library (must study in library)
(ii) separate evaluation- not within my control. This is done by the examiners. Please have
mercy!!

Recommendation
Although the occurence of the risk events are very likely and they will have catastrophic impact on the enterprise, there is no control in place to ensure that the risk responses are carried out. The enterprise may tend to "slack" and not pay attention on the issue at hand. Therefore, to provide reasonable assurance for the enterprise that the enterprise is moving towards its objectives, the recommendation would be:

"Stop crapping at this blog and GO back to study now!!!"

That's my life now....Maybe you wanna assess yours?

orange & cat