Business Risk Terminology Quiz

Questions and Answers

Which type of risk involves the potential for losses caused by inadequate systems or controls?

• Operational risk (correct)
• Compliance risk
• Market risk
• Credit risk

Which risk is primarily concerned with a borrower's ability to meet financial obligations?

• Credit risk (correct)
• Project risk
• Market risk
• Operational risk

What type of risk is characterized by the potential loss from failing to adhere to laws or regulations?

• Compliance risk (correct)
• Market risk
• Operational risk
• Project risk

Which of the following events is NOT a contributor to operational risk?

Rising interest rates (A)

Among the following, which is a subcategory of market risk?

Interest-rate risk (A)

What is the primary purpose of processing controls?

To ensure the reliability of application program processing. (D)

Which of the following best describes application controls?

Policies that provide assurance of achieving objectives in automated applications. (B)

What type of risk is involved when a project fails to achieve its objectives due to internal and external variables?

Project risk (D)

What is a key aspect of maintaining data integrity in application controls?

Ensuring data accuracy, completeness, and consistency. (C)

Which situation is a potential cause of credit risk?

Rising interest rates (C)

Which of the following accurately describes a characteristic of compliance risk?

It involves potential sanctions for not adhering to laws. (D)

What distinguishes business risk as defined in the content?

It refers to situations with uncertain frequency and magnitude of impact on business objectives. (C)

Which of the following statements about auditing is true?

Audit processes check for accuracy, efficiency, and adherence to standards. (C)

What is NOT a function of processing controls?

Facilitating random data modifications for testing purposes. (D)

How do application controls contribute to system reliability?

They ensure that system functions operate as intended. (B)

Which term reflects an event attempting unauthorized access to an asset?

Attack (C)

At which level of risk are decisions regarding the acceptance of risk considered essential for business success?

Strategic Level (A)

What is the primary focus at the program and project level in risk management?

Medium-term goals to achieve strategic objectives (D)

Which level of risk is primarily concerned with ensuring continuity of business services?

Operational Level (B)

What type of policy is required to guide risk management at the project level?

A strategic-level risk policy (D)

The risk context varies significantly at which levels?

Strategic and Operational Levels (A)

What is the primary concern at the strategic level regarding risk?

Detecting, identifying, and managing risks to achieve business success (B)

Which of the following levels focuses on the delivery of the enterprise strategy?

Program and Project Level (B)

What characterizes the risk events that managers face at the project level?

They can have detrimental impacts at any time. (A)

Which term describes any event that may disrupt the quality of a service?

Incident (A)

What is the main purpose of an exploit in the context of risk management?

To seek unauthorized access through vulnerabilities (D)

What distinguishes a vulnerability from a threat?

Threats are focused on exploits; vulnerabilities represent weaknesses. (B)

Which statement best defines business risk?

The potential for loss or gain due to uncertain scenarios affecting objectives. (D)

Why is it important to distinguish between risk, threat, and vulnerability?

To streamline communication about risk management processes. (B)

What consequence may result from taking excessive risks in a business context?

Greater likelihood of falling short of business objectives. (C)

Which description accurately characterizes a threat?

Anything capable of causing harm to an asset. (C)

What role do vulnerabilities play in an organization’s risk profile?

They represent control weaknesses that expose the system to threats. (C)

Which term specifically refers to the potential for losses caused by human error or inadequate systems?

Operational risk (C)

What does the term 'probability' mathematically quantify?

The possibility of a specific outcome (C)

Which of the following best describes 'strategic risk'?

Risks linked to an enterprise's future business plans (B)

What is defined as the combination of the likelihood of an event and its impact?

Risk (A)

Which document records high-level principles or decisions made by an organization?

Policy (A)

Which risk is specifically associated with failed IT projects affecting market share?

Project risk (B)

What describes 'threat agents' in the context of information security?

Methods used to exploit vulnerabilities (B)

What does 'magnitude' measure in risk assessment?

The severity of potential loss or gain (C)

What is the primary function of input controls in an information system?

To verify and validate data to ensure accuracy (D)

Which of the following is NOT considered an aspect of I&T controls?

Employee performance evaluations (A)

Which classification of I&T controls is primarily responsible for ensuring data is processed accurately and completely?

Processing Controls (D)

What type of control focuses on safeguarding against unauthorized access to IT resources?

Preventive Control (A)

Which of the following areas is typically NOT included in I&T control procedures?

Employee training programs (B)

How do corrective controls differ from preventive controls?

Corrective controls are used after an incident occurs, while preventive controls aim to stop incidents before they happen. (D)

Which component of I&T controls pertains specifically to the development and management of software applications?

Systems programming (B)

What role do detective controls play in an information system?

Identifying and monitoring security breaches (B)

Flashcards

Market Risk

The potential loss due to changes in market conditions affecting an asset's value.

Credit Risk

The risk that a borrower or creditor won't fulfill their financial obligations according to the agreement.

Operational Risk

The risk of loss due to inadequate systems, human error, mismanagement, or natural disasters.

Compliance Risk

The risk of an enterprise not complying with laws, regulations, ethical standards, or codes of conduct.

Project Risk

The risk of a project failing to achieve its objectives and deliver results according to the project plan.

Currency Risk

A type of market risk caused by fluctuations in exchange rates between currencies.

Interest-Rate Risk

A type of market risk influenced by changes in interest rates affecting investments or borrowing costs.

Equity Risk

A type of market risk related to the performance of stocks and the overall equity market.

Incident

Any event that disrupts the normal operation of a service, potentially causing a reduction in quality.

Exploit

An intentional act that exploits a vulnerability to gain unauthorized access or use of an asset.

Attack

An attempt to gain unauthorized access or use of an asset.

Threat

Anything capable of causing harm to an asset. They aim to exploit vulnerabilities.

Vulnerability

A weakness in an asset's design, implementation, or operation. It can expose the asset to threats.

Risk

The possibility of an uncertain event happening, with potential losses or gains, that could hinder an enterprise's ability to achieve its objectives.

Business Risk

The probability of a situation with uncertain frequency and magnitude of loss or gain that could hinder an enterprise's ability to meet its objectives.

Types of Business Risk

Different kinds of risks that an enterprise can face, potentially impacting its operations and objectives.

Likelihood

The probability of something happening.

Magnitude

A measure of the potential severity of loss or the potential gain from realized events/scenarios.

Policy

A document that records a high-level principle or course of action that has been decided on.

Probability

A mathematically driven measure of the possibility of a specific outcome as a ratio of all possible outcomes.

Procedure

A document containing a detailed description of the steps necessary to perform specific operations in conformance with applicable standards.

Strategic Level Risk

The level where choices about company-wide risks are made in relation to innovation and business strategy.

Program/Project Level Risk

The level where choices are made about risk in relation to medium-term goals to deliver long-term strategic objectives.

Operational Level Risk

The level where choices are made regarding risks that affect short-term goals to ensure business operations continue.

Risk Management

The process of identifying, analyzing, and managing potential risks.

Strategic Risk Acceptance

Accepting risk as an essential element of business and effectively identifying and managing it.

Program Risk Policy

A formal document that outlines the company's policy regarding risk management.

Multilevel Risk Management

A risk management approach that involves understanding the context of risk at different organizational levels.

I&T Controls

General controls adapted for Information Technology (IT) systems, ensuring safeguards for sensitive IT functions and assets.

Input Controls

Procedures designed to ensure that only valid and authorized information is entered, processed, and recorded accurately and completely.

Data Validation

Controls that verify, validate, and edit data during the input process.

Transaction Control

Controls that ensure every transaction is entered, processed, and recorded only once.

Application Controls

Controls that apply specifically to the software applications used in a system.

IT Management Controls

Controls that address the overall management and direction of the IT function, including strategy, organization, and staffing.

Access Controls (IT)

Controls that regulate access to IT resources, including data and programs.

System Development Controls

Controls that govern the development and maintenance of IT systems, including change management and testing.

Processing Controls

Policies, procedures, and activities that ensure the reliability of application program processing. They aim to guarantee data completeness and accuracy during processing.

Audit

A formal inspection and verification to check whether standards or guidelines are being followed, records are accurate, or efficiency and effectiveness targets are being met.

System Controls

Controls that are designed to ensure that systems maintain integrity; applicable system functions operate as intended; and information contained by the system is relevant, reliable, secure and available when needed.

Processing Controls

Controls that help to deter, detect, and correct errors or irregularities that may occur during data processing. They help maintain data integrity and reliability.

Study Notes

Risk Terminology

• Risk is the result of uncertainties threatening an enterprise's ability to achieve business goals.
• Risk professionals need a common vocabulary for consistent risk communication.
• Risk is the combination of likelihood and impact.
• Likelihood describes the probability of a risk event happening.
• Frequency measures the rate of events over time.
• Probability is a mathematical measure of outcome possibility.
• Impact is the magnitude of loss from a threat exploiting a vulnerability, encompassing consequence (loss) and magnitude (severity).

Common Risk Terms

• Risk events have likelihood and associated impact.
• Risk combines assets, threats, and control conditions.
• Assets are resources vulnerable to threats.
• Threats are potential dangers (e.g., natural disasters, human error).
• Control conditions are safeguards (e.g., policies, procedures, technology).

Business Risk

• Business risk is the probability of a situation with uncertain loss or gain.
• Insufficient business risk management can lead to failure.
• Enterprise risks include strategic, environmental, market, credit, operational, compliance, and project risk.

Types of Business Risk

• Strategic risk concerns future business plans (e.g., expanding, entering new markets). Risks include executive turnover, customer preference changes, and technological disruption,
• Environmental risk includes damage to natural resources, human health, and wildlife (e.g., pollution, exploitation of oil reserves, use of pesticides).
• Market risk is pressure on an asset or class of assets (e.g., currency, interest rates, equity, property, commodities).
• Credit risk concerns a borrower failing to meet financial obligations. Factors include poor cash flow and interest rate increases.
• Operational risk concerns inadequate systems, controls, human error, or mismanagement (e.g., employee errors, system failures).
• Compliance risk arises from failing to comply with laws, regulations, or ethical standards.
• Project risk is the project failing to meet its objectives (e.g., budget overruns, time delays).