Business Risk Terminology Quiz

Questions and Answers

Which type of risk involves the potential for losses caused by inadequate systems or controls?

Operational risk (correct)

Compliance risk

Market risk

Credit risk

Which risk is primarily concerned with a borrower's ability to meet financial obligations?

Credit risk (correct)

Project risk

Market risk

Operational risk

What type of risk is characterized by the potential loss from failing to adhere to laws or regulations?

Compliance risk (correct)

Market risk

Operational risk

Project risk

Which of the following events is NOT a contributor to operational risk?

Rising interest rates

Among the following, which is a subcategory of market risk?

Interest-rate risk

What is the primary purpose of processing controls?

To ensure the reliability of application program processing.

Which of the following best describes application controls?

Policies that provide assurance of achieving objectives in automated applications.

What type of risk is involved when a project fails to achieve its objectives due to internal and external variables?

Project risk

What is a key aspect of maintaining data integrity in application controls?

Ensuring data accuracy, completeness, and consistency.

Which situation is a potential cause of credit risk?

Rising interest rates

Which of the following accurately describes a characteristic of compliance risk?

It involves potential sanctions for not adhering to laws.

What distinguishes business risk as defined in the content?

It refers to situations with uncertain frequency and magnitude of impact on business objectives.

Which of the following statements about auditing is true?

Audit processes check for accuracy, efficiency, and adherence to standards.

What is NOT a function of processing controls?

Facilitating random data modifications for testing purposes.

How do application controls contribute to system reliability?

They ensure that system functions operate as intended.

Which term reflects an event attempting unauthorized access to an asset?

Attack

At which level of risk are decisions regarding the acceptance of risk considered essential for business success?

Strategic Level

What is the primary focus at the program and project level in risk management?

Medium-term goals to achieve strategic objectives

Which level of risk is primarily concerned with ensuring continuity of business services?

Operational Level

What type of policy is required to guide risk management at the project level?

A strategic-level risk policy

The risk context varies significantly at which levels?

Strategic and Operational Levels

What is the primary concern at the strategic level regarding risk?

Detecting, identifying, and managing risks to achieve business success

Which of the following levels focuses on the delivery of the enterprise strategy?

Program and Project Level

What characterizes the risk events that managers face at the project level?

They can have detrimental impacts at any time.

Which term describes any event that may disrupt the quality of a service?

Incident

What is the main purpose of an exploit in the context of risk management?

To seek unauthorized access through vulnerabilities

What distinguishes a vulnerability from a threat?

Threats are focused on exploits; vulnerabilities represent weaknesses.

Which statement best defines business risk?

The potential for loss or gain due to uncertain scenarios affecting objectives.

Why is it important to distinguish between risk, threat, and vulnerability?

To streamline communication about risk management processes.

What consequence may result from taking excessive risks in a business context?

Greater likelihood of falling short of business objectives.

Which description accurately characterizes a threat?

Anything capable of causing harm to an asset.

What role do vulnerabilities play in an organization’s risk profile?

They represent control weaknesses that expose the system to threats.

Which term specifically refers to the potential for losses caused by human error or inadequate systems?

Operational risk

What does the term 'probability' mathematically quantify?

The possibility of a specific outcome

Which of the following best describes 'strategic risk'?

Risks linked to an enterprise's future business plans

What is defined as the combination of the likelihood of an event and its impact?

Risk

Which document records high-level principles or decisions made by an organization?

Policy

Which risk is specifically associated with failed IT projects affecting market share?

Project risk

What describes 'threat agents' in the context of information security?

Methods used to exploit vulnerabilities

What does 'magnitude' measure in risk assessment?

The severity of potential loss or gain

What is the primary function of input controls in an information system?

To verify and validate data to ensure accuracy

Which of the following is NOT considered an aspect of I&T controls?

Employee performance evaluations

Which classification of I&T controls is primarily responsible for ensuring data is processed accurately and completely?

Processing Controls

What type of control focuses on safeguarding against unauthorized access to IT resources?

Preventive Control

Which of the following areas is typically NOT included in I&T control procedures?

Employee training programs

How do corrective controls differ from preventive controls?

Corrective controls are used after an incident occurs, while preventive controls aim to stop incidents before they happen.

Which component of I&T controls pertains specifically to the development and management of software applications?

Systems programming

What role do detective controls play in an information system?

Identifying and monitoring security breaches

Study Notes

Risk Terminology

• Risk is the result of uncertainties threatening an enterprise's ability to achieve business goals.
• Risk professionals need a common vocabulary for consistent risk communication.
• Risk is the combination of likelihood and impact.
• Likelihood describes the probability of a risk event happening.
• Frequency measures the rate of events over time.
• Probability is a mathematical measure of outcome possibility.
• Impact is the magnitude of loss from a threat exploiting a vulnerability, encompassing consequence (loss) and magnitude (severity).

Common Risk Terms

• Risk events have likelihood and associated impact.
• Risk combines assets, threats, and control conditions.
• Assets are resources vulnerable to threats.
• Threats are potential dangers (e.g., natural disasters, human error).
• Control conditions are safeguards (e.g., policies, procedures, technology).

Business Risk

• Business risk is the probability of a situation with uncertain loss or gain.
• Insufficient business risk management can lead to failure.
• Enterprise risks include strategic, environmental, market, credit, operational, compliance, and project risk.

Types of Business Risk

• Strategic risk concerns future business plans (e.g., expanding, entering new markets). Risks include executive turnover, customer preference changes, and technological disruption,
• Environmental risk includes damage to natural resources, human health, and wildlife (e.g., pollution, exploitation of oil reserves, use of pesticides).
• Market risk is pressure on an asset or class of assets (e.g., currency, interest rates, equity, property, commodities).
• Credit risk concerns a borrower failing to meet financial obligations. Factors include poor cash flow and interest rate increases.
• Operational risk concerns inadequate systems, controls, human error, or mismanagement (e.g., employee errors, system failures).
• Compliance risk arises from failing to comply with laws, regulations, or ethical standards.
• Project risk is the project failing to meet its objectives (e.g., budget overruns, time delays).

Description

Test your understanding of key risk terminology and concepts relevant to business. This quiz covers definitions and distinctions between risk, likelihood, impact, and other related terms. Gain insights into how risk is quantified and communicated in a business context.