Risk Management in Business

Questions and Answers

What is the primary goal of the risk management process in relation to the company's risk appetite?

• To keep risks within acceptable or manageable levels (correct)
• To shift risk to other departments or personnel
• To eliminate all risks in pursuit of the company's objectives
• To take on as much risk as possible to maximize returns

What is the role of internal auditors in the risk management process?

• To implement specific risk mitigation and control procedures
• To conduct examination of the risk management process for its effectiveness over time (correct)
• To set business objectives for the company
• To implement specific tasks and duties pertaining to the processes within their departments

What is the first step in the risk management process?

• Set business objectives (correct)
• Implement risk mitigation and control procedures
• Identify the risk
• Conduct examination of the risk management process

What is the purpose of setting business objectives in the risk management process?

To provide a framework for identifying and managing risks (A)

What type of objective is related to the effective and efficient use of corporate resources?

Operational objective (A)

What is the term for the process of identifying risks or threats to the achievement of business objectives?

Risk identification (C)

What is an example of internal communication in a company?

Audit findings of internal auditors on internal control and risk management systems (B)

What is the purpose of monitoring in a company's risk management process?

To evaluate the effectiveness of the risk management process over time (A)

What happens if a company fails to communicate with government agencies in a timely and appropriate manner?

The company may face monetary penalties (A)

Who is responsible for evaluating the effectiveness of the risk management process on a periodic basis?

Internal auditors (D)

What is the purpose of communicating risk management policies and directives from top management to rank-and-file personnel?

To ensure that employees understand the company's risk management policies (C)

What is the outcome of not properly communicating risk management policies and directives to employees?

Employees may not know the company's risk management policies (D)

What is required for a company's risk management process to be effective?

All eight risk management components must be present and functioning (C)

What should be done with significant deficiencies in the design and operating effectiveness of the risk management process?

They should be communicated to the appropriate level of management and to the board of directors (B)

What is the main limitation of internal control?

It can only provide reasonable assurance of achieving business objectives (C)

Why might segregation of duties not be effective in preventing fraud?

Because of the possibility of collusion (A)

What is an example of management override?

A manager approving a purchase requisition without a purchase order (C)

What is the purpose of segregating incompatible duties?

To reduce the risk of fraud and error (D)

What can detect fraud in a situation where there is collusion between employees?

Surprise audit of cash (A)

Why is internal control not capable of providing absolute assurance?

Because it has inherent limitations (B)

What is the effect of good internal control on company operations?

It has a positive effect (D)

What is the main goal of internal control?

To provide reasonable assurance of achieving business objectives (B)

What is the primary reason ABC Co. assigned the risk rating of 1 to the risk of cybercrime?

There is a remote possibility that cybercrime will occur due to the company's lack of online transactions. (C)

Which risks did ABC Co. identify as significant due to their high combined risk scores?

Risk #1 and Risk #2 (D)

How did ABC Co.'s management choose to respond to Risk #2?

Contingency funding plans and standby credit lines (A)

What type of monitoring activity involves routine management reviews of processes?

Ongoing monitoring activities (D)

Why is monitoring an essential part of the risk management process?

To assess the effectiveness of the risk management process (B)

What response did ABC Co. choose for Risk #3?

Minimal procedures due to its low-risk score (B)

Who generally carries out separate evaluations in a risk management process?

Internal auditors (C)

What is the main purpose of the graphical presentation linked to the likelihood and impact assessment?

To illustrate the risk response related to likelihood and impact (A)

What is the appropriate risk rating for an event with a significant impact?

4 or 5 (C)

What kind of impact does violating a traffic rule typically have?

Minor impact (C)

What could be the consequence for a resort business violating environmental laws?

Possible business closure (C)

What is a risk map used for?

Assessing likelihood and impact of risks (D)

What color is typically used to represent significant risks on a risk map?

Red (D)

Which risks are placed on the bottom left corner of a risk map?

Low likelihood/Low impact (C)

What is the typical risk response for high likelihood/high impact risks?

Mitigate, share, or avoid (A)

How should management handle moderate risks?

Exert efforts to reduce them (A)