Podcast
Questions and Answers
Enterprise risk management (ERM) helps management address all of the following except:
Enterprise risk management (ERM) helps management address all of the following except:
- Timely financial reporting (correct)
- Responses to opportunities
- Risk response decisions
- Deployment of Capital
Within the COSO Internal Control - Integrated Framework, which of the following components is designed to ensure that internal controls continue to operate effectively?
Within the COSO Internal Control - Integrated Framework, which of the following components is designed to ensure that internal controls continue to operate effectively?
- Monitoring (correct)
- Risk Assessment
- Information and Communication
- Control environment
Which risk response reflects a change from acceptance to sharing?
Which risk response reflects a change from acceptance to sharing?
- An insurance policy on a manufacturing plant was not renewed
- Management sold a manufacturing plant
- Management purchased insurance on previously uninsured property (correct)
- After employees stole numerous inventory items, management implemented mandatory background checks on all employees
Which of the following controls could be used to detect bank deposits that are recorded but never made?
Which of the following controls could be used to detect bank deposits that are recorded but never made?
An organization's directors, management, external auditors, and internal auditors all play important roles in creating a proper control environment. Senior management is primarily responsible for:
An organization's directors, management, external auditors, and internal auditors all play important roles in creating a proper control environment. Senior management is primarily responsible for:
Many organizations use electronic funds transfer (EFT) to pay their supplier instead of issuing checks. Regarding the risk associated with issuing checks, which of the following risk management techniques does this represent?
Many organizations use electronic funds transfer (EFT) to pay their supplier instead of issuing checks. Regarding the risk associated with issuing checks, which of the following risk management techniques does this represent?
All of the following pertains to importance of Risk Management except for:
All of the following pertains to importance of Risk Management except for:
When Wells Fargo detected unauthorized accounts being opened by employees to meet aggressive sales targets, all of the following guidelines in COSO framework helped the company to prevent this incident in the future, except for?
When Wells Fargo detected unauthorized accounts being opened by employees to meet aggressive sales targets, all of the following guidelines in COSO framework helped the company to prevent this incident in the future, except for?
Which of the following defines the function of governing body?
Which of the following defines the function of governing body?
The first line in the Risk Management Three-Lines Model is often composed of:
The first line in the Risk Management Three-Lines Model is often composed of:
All of the following are examples of KPI for e-commerce industry except for:
All of the following are examples of KPI for e-commerce industry except for:
Which of the following statements about Enterprise Risk Management is true?
Which of the following statements about Enterprise Risk Management is true?
In which of the following events best reflects the risk management technique of avoiding risks?
In which of the following events best reflects the risk management technique of avoiding risks?
If you were the risk manager of the World Trade Center buildings, what loss prevention or risk management technique could you have implemented before the 9/11/01 tragedy that might have made a significant difference in the number of lives lost?
If you were the risk manager of the World Trade Center buildings, what loss prevention or risk management technique could you have implemented before the 9/11/01 tragedy that might have made a significant difference in the number of lives lost?
Which of the following is a true statement?
Which of the following is a true statement?
Internal auditing often extends beyond examinations leading to the expression of an opinion on the fairness of financial presentation and includes audits of efficiency, effectiveness, and Internal control. This describes internal audit's role in:
Internal auditing often extends beyond examinations leading to the expression of an opinion on the fairness of financial presentation and includes audits of efficiency, effectiveness, and Internal control. This describes internal audit's role in:
Which of the following resolves bottlenecks?
Which of the following resolves bottlenecks?
Which of the following resolves issues related to consignment?
Which of the following resolves issues related to consignment?
All of the following defines objective based approach of assessing risk except for:
All of the following defines objective based approach of assessing risk except for:
All are part of the internal organization except:
All are part of the internal organization except:
The best option for risk response in all circumstances is to tolerate risk.
The best option for risk response in all circumstances is to tolerate risk.
Legal and regulatory requirements is one of the considerations in tolerating risk.
Legal and regulatory requirements is one of the considerations in tolerating risk.
Organizations always tolerate risks within their risk appetite without exceptions.
Organizations always tolerate risks within their risk appetite without exceptions.
Normally, risks are accepted or tolerated after the consideration of some of the cost-effective controls.
Normally, risks are accepted or tolerated after the consideration of some of the cost-effective controls.
Treating the risk is applied mostly in situations of high likelihood and low impact risk.
Treating the risk is applied mostly in situations of high likelihood and low impact risk.
Risk of regulatory non-compliance is one of the risks which is normally tolerated.
Risk of regulatory non-compliance is one of the risks which is normally tolerated.
Risk is normally tolerated if the expected benefit is lower than the estimated cost.
Risk is normally tolerated if the expected benefit is lower than the estimated cost.
Investing your own money is one of the examples of tolerating financial loss.
Investing your own money is one of the examples of tolerating financial loss.
Businesses avail property insurance to transfer financial risks of property damage to the insurance company.
Businesses avail property insurance to transfer financial risks of property damage to the insurance company.
Insurance is the main tool for hazard risk transfer and to a greater extent of control risk.
Insurance is the main tool for hazard risk transfer and to a greater extent of control risk.
Terminating risk is applicable for high likelihood, high-impact risk.
Terminating risk is applicable for high likelihood, high-impact risk.
The risk response for potential risk of overheating for automobile manufacturing is one of the examples for terminating risk.
The risk response for potential risk of overheating for automobile manufacturing is one of the examples for terminating risk.
The risk response to recall a batch of poisoned canned product is one of the examples of transferring risk.
The risk response to recall a batch of poisoned canned product is one of the examples of transferring risk.
When an organization cannot terminate a risk because the activity associated with the risk is fundamental to its operations, alternative measures would be necessary.
When an organization cannot terminate a risk because the activity associated with the risk is fundamental to its operations, alternative measures would be necessary.
Substituting the process or activity is one of the approaches in tolerating risks.
Substituting the process or activity is one of the approaches in tolerating risks.
Airlines adhere to international risk management standards due to vulnerability related to flight operations & safety protocols.
Airlines adhere to international risk management standards due to vulnerability related to flight operations & safety protocols.
The overall approach in mitigating risk is usually set by middle managers.
The overall approach in mitigating risk is usually set by middle managers.
Surveys distributed by the management team to employees is one of the examples of Quantitative assessments.
Surveys distributed by the management team to employees is one of the examples of Quantitative assessments.
External audit is one of the effective methods of evaluating risk management performance.
External audit is one of the effective methods of evaluating risk management performance.
ERM is a functionally driven approach to risk management.
ERM is a functionally driven approach to risk management.
Silo based approach is more process driven way to compose a risk management plan.
Silo based approach is more process driven way to compose a risk management plan.
ERM is based on historical data rather than forecasted information.
ERM is based on historical data rather than forecasted information.
Traditional risk management is based on historical data rather than forecasted information.
Traditional risk management is based on historical data rather than forecasted information.
Forex swapping is one of the strategies that is transferring the risk without transferring the asset/liability.
Forex swapping is one of the strategies that is transferring the risk without transferring the asset/liability.
Insurance is one of the strategies that is making third parties pay for losses without transferring the risk.
Insurance is one of the strategies that is making third parties pay for losses without transferring the risk.
A well-diversified company has a higher risk of experiencing recession.
A well-diversified company has a higher risk of experiencing recession.
The risk of default is more when the financial assets are distributed over a number of issuers instead of locking in the same with a single issuer.
The risk of default is more when the financial assets are distributed over a number of issuers instead of locking in the same with a single issuer.
A software development company might identify the risk o potential delays in project timeliness due to their reliance on third party suppliers for software components. Despite knowing the risk, the company did not mitigate this risk due to higher cost compared to benefits. This instance is one of the real-life applications of tolerating risk.
A software development company might identify the risk o potential delays in project timeliness due to their reliance on third party suppliers for software components. Despite knowing the risk, the company did not mitigate this risk due to higher cost compared to benefits. This instance is one of the real-life applications of tolerating risk.
An organization may also have the current level of risks beyond its comfort zone and its risk capacity.
An organization may also have the current level of risks beyond its comfort zone and its risk capacity.
Most credit departments of bank tolerate the risk of financial loss since these operations are potentially profitable.
Most credit departments of bank tolerate the risk of financial loss since these operations are potentially profitable.
Generally, organizations tolerate risks that are within and beyond their risk appetite.
Generally, organizations tolerate risks that are within and beyond their risk appetite.
Treating risk is normally done at inherent or current level so that when treatment measures have been put in place, the new current of target level will be acceptable.
Treating risk is normally done at inherent or current level so that when treatment measures have been put in place, the new current of target level will be acceptable.
Implementing safety protocols for construction workers is one of the action items for treating risks.
Implementing safety protocols for construction workers is one of the action items for treating risks.
Terminating risk is mostly associated with high likelihood and low impact risk.
Terminating risk is mostly associated with high likelihood and low impact risk.
Avoiding risk is mostly associated with high likelihood and high impact risk.
Avoiding risk is mostly associated with high likelihood and high impact risk.
Where an organization cannot terminate a risk because the activity associated with the risk is fundamental to its operations, alternative control measures are necessary.
Where an organization cannot terminate a risk because the activity associated with the risk is fundamental to its operations, alternative control measures are necessary.
In the context of avoiding risks, control measures may be a combination of risk treatment and risk avoidance.
In the context of avoiding risks, control measures may be a combination of risk treatment and risk avoidance.
In the context of avoiding risks, control measures may be a combination of risk treatment and risk transfer.
In the context of avoiding risks, control measures may be a combination of risk treatment and risk transfer.
Hazard risk pertains to physical or environmental dangers that cannot be mitigated via safety measures, planning and regulations.
Hazard risk pertains to physical or environmental dangers that cannot be mitigated via safety measures, planning and regulations.
Opportunity risk pertains to potential loss of a chance to gain a positive outcome or benefit due to choosing one course of action over another.
Opportunity risk pertains to potential loss of a chance to gain a positive outcome or benefit due to choosing one course of action over another.
Flashcards
Enterprise Risk Management (ERM)
Enterprise Risk Management (ERM)
Helps management address responses to opportunities.
Monitoring
Monitoring
A COSO framework component ensuring continual internal control operation.
Risk Sharing
Risk Sharing
Buying insurance on previously uninsured property.
Receipt to Account Linkages
Receipt to Account Linkages
Signup and view all the flashcards
Control System Responsibility
Control System Responsibility
Signup and view all the flashcards
Risk Avoidance
Risk Avoidance
Signup and view all the flashcards
Enterprise Risk Management (ERM)
Enterprise Risk Management (ERM)
Signup and view all the flashcards
Risk Avoidance
Risk Avoidance
Signup and view all the flashcards
Risk Management Oversight
Risk Management Oversight
Signup and view all the flashcards
Risk Owners
Risk Owners
Signup and view all the flashcards
E-Commerce KPI
E-Commerce KPI
Signup and view all the flashcards
Interdependence of Risks
Interdependence of Risks
Signup and view all the flashcards
Risk Avoidance
Risk Avoidance
Signup and view all the flashcards
Internal Auditing Scope
Internal Auditing Scope
Signup and view all the flashcards
Streamlining
Streamlining
Signup and view all the flashcards
Inventory Management Software
Inventory Management Software
Signup and view all the flashcards
Theoretical or Actual Events
Theoretical or Actual Events
Signup and view all the flashcards
Credit Department Risk
Credit Department Risk
Signup and view all the flashcards
Construction Safety Protocols
Construction Safety Protocols
Signup and view all the flashcards
Terminating or Avoiding Risks
Terminating or Avoiding Risks
Signup and view all the flashcards
Study Notes
Enterprise Risk Management (ERM)
- ERM addresses various aspects of management, excluding risk response decisions.
COSO Framework
- Monitoring is the component within the COSO Internal Control - Integrated Framework designed to ensure internal controls operate effectively.
Risk Response
- Purchasing insurance on previously uninsured property reflects a change from acceptance to sharing in risk response.
Bank Deposit Controls
- Controls to detect unrecorded bank deposits include linking receipts to internal accountabilities.
- Establishing accountability for receipts at the earliest possible time helps detect unrecorded bank deposits.
Control Environment
- Senior management is primarily responsible for designing and operating a control system to provide reasonable assurance that established objectives and goals will be achieved.
Risk Management Techniques
- Using electronic funds transfer instead of checks represents the risk management technique of avoiding the risk associated with issuing checks.
Importance of Risk Management
- Adhering to the rules & regulations of the Bureau of Internal Revenue is NOT part of the importance of Risk Management.
COSO Framework & Wells Fargo
- Incorporating Mission & Vision Statement did NOT help Wells Fargo prevent unauthorized accounts being opened.
Governing Body
- The governing body oversees the overall process in implementing the risk management plan.
Risk Management Three-Lines Model
- The first line in the Risk Management Three-Lines Model is often composed of managers in charge of Governance Risk & Compliance
Key Performance Indicators (KPIs)
- Long-term contracts with sellers are not examples of a KPI for e-commerce.
Statements about Enterprise Risk Management (ERM)
- ERM is a response to the sense of inadequacy in using silo-based approach, designed to improve business performance and about understanding interdependence between risks.
Risk Management Technique
- Apple not establishing flagship market in China, best reflects the risk management technique of avoiding risks.
9/11 Loss Prevention
- Better background screening of all who were allowed to work in the WTC buildings, could have made a significant difference in the number of lives lost.
Statements of Risk
- Lack of oversight by senior leaders results in Risk in Governance & Compliance
Internal Auditing
- Internal auditing includes audits of efficiency, effectiveness, and Internal control, often extending beyond examinations, leading to the expression of an opinion on the fairness of financial presentation.
Bottlenecks
- Streamlining resolve bottlenecks.
Consignment
- Integrating real-time inventory management software resolves issues related to consignment.
Objective Based Approach of Assessing Risk
- Objective based approach of assessing risk is NOT based on actual events.
Internal Organization
- Competitors are NOT part of the internal organization
True or False Statements
- The best option for risk response in all circumstances is NOT to tolerate risk.
- Organizations do NOT always tolerate risks within their risk appetite without exceptions.
- Risks are NOT normally accepted or tolerated after the consideration of some of the cost-effective controls.
- Risk of regulatory non-compliance is NOT one of the risks which is normally tolerated.
- Risk is NOT normally tolerated if the expected benefit is lower than the estimated cost.
- Investing your own money is NOT one of the examples of tolerating financial loss.
- Insurance is NOT the main tool for hazard risk transfer and to a greater extent of control risk.
- Terminating risk IS applicable for high likelihood, high-impact risk.
- The risk response to recall a batch of poisoned canned product is NOT one of the examples of transferring risk.
- Substituting the process or activity is NOT one of the approaches in tolerating risks.
- The overall approach in mitigating risk is NOT usually set by middle managers.
- Surveys distributed by the management team to employees is NOT one of the examples of Quantitative assessments.
- ERM is NOT a functionally driven approach to risk management.
- ERM is NOT based on historical data rather than forecasted information.
- A well-diversified company does NOT have a higher risk of experiencing recession
- The risk of default is NOT more when the financial assets are distributed over a number of issuers instead of locking in the same with a single issuer.
- Generally, organizations do NOT tolerate risks that are within and beyond their risk appetite.
- Hazard risk DOES NOT pertains to physical or environmental dangers that cannot be mitigated via safety measures, planning and regulations.
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
