Risk Management in Business

Questions and Answers

What is the primary goal of the risk management process in relation to the company's risk appetite?

To keep risks within acceptable or manageable levels (correct)

To shift risk to other departments or personnel

To eliminate all risks in pursuit of the company's objectives

To take on as much risk as possible to maximize returns

What is the role of internal auditors in the risk management process?

To implement specific risk mitigation and control procedures

To conduct examination of the risk management process for its effectiveness over time (correct)

To set business objectives for the company

To implement specific tasks and duties pertaining to the processes within their departments

What is the first step in the risk management process?

Set business objectives (correct)

Implement risk mitigation and control procedures

Identify the risk

Conduct examination of the risk management process

What is the purpose of setting business objectives in the risk management process?

To provide a framework for identifying and managing risks

What type of objective is related to the effective and efficient use of corporate resources?

Operational objective

What is the term for the process of identifying risks or threats to the achievement of business objectives?

Risk identification

What is an example of internal communication in a company?

Audit findings of internal auditors on internal control and risk management systems

What is the purpose of monitoring in a company's risk management process?

To evaluate the effectiveness of the risk management process over time

What happens if a company fails to communicate with government agencies in a timely and appropriate manner?

The company may face monetary penalties

Who is responsible for evaluating the effectiveness of the risk management process on a periodic basis?

Internal auditors

What is the purpose of communicating risk management policies and directives from top management to rank-and-file personnel?

To ensure that employees understand the company's risk management policies

What is the outcome of not properly communicating risk management policies and directives to employees?

Employees may not know the company's risk management policies

What is required for a company's risk management process to be effective?

All eight risk management components must be present and functioning

What should be done with significant deficiencies in the design and operating effectiveness of the risk management process?

They should be communicated to the appropriate level of management and to the board of directors

What is the main limitation of internal control?

It can only provide reasonable assurance of achieving business objectives

Why might segregation of duties not be effective in preventing fraud?

Because of the possibility of collusion

What is an example of management override?

A manager approving a purchase requisition without a purchase order

What is the purpose of segregating incompatible duties?

To reduce the risk of fraud and error

What can detect fraud in a situation where there is collusion between employees?

Surprise audit of cash

Why is internal control not capable of providing absolute assurance?

Because it has inherent limitations

What is the effect of good internal control on company operations?

It has a positive effect

What is the main goal of internal control?

To provide reasonable assurance of achieving business objectives

What is the primary reason ABC Co. assigned the risk rating of 1 to the risk of cybercrime?

There is a remote possibility that cybercrime will occur due to the company's lack of online transactions.

Which risks did ABC Co. identify as significant due to their high combined risk scores?

Risk #1 and Risk #2

How did ABC Co.'s management choose to respond to Risk #2?

Contingency funding plans and standby credit lines

What type of monitoring activity involves routine management reviews of processes?

Ongoing monitoring activities

Why is monitoring an essential part of the risk management process?

To assess the effectiveness of the risk management process

What response did ABC Co. choose for Risk #3?

Minimal procedures due to its low-risk score

Who generally carries out separate evaluations in a risk management process?

Internal auditors

What is the main purpose of the graphical presentation linked to the likelihood and impact assessment?

To illustrate the risk response related to likelihood and impact

What is the appropriate risk rating for an event with a significant impact?

4 or 5

What kind of impact does violating a traffic rule typically have?

Minor impact

What could be the consequence for a resort business violating environmental laws?

Possible business closure

What is a risk map used for?

Assessing likelihood and impact of risks

What color is typically used to represent significant risks on a risk map?

Red

Which risks are placed on the bottom left corner of a risk map?

Low likelihood/Low impact

What is the typical risk response for high likelihood/high impact risks?

Mitigate, share, or avoid

How should management handle moderate risks?

Exert efforts to reduce them