38 Questions
What is the primary goal of the risk management process in relation to the company's risk appetite?
To keep risks within acceptable or manageable levels
What is the role of internal auditors in the risk management process?
To conduct examination of the risk management process for its effectiveness over time
What is the first step in the risk management process?
Set business objectives
What is the purpose of setting business objectives in the risk management process?
To provide a framework for identifying and managing risks
What type of objective is related to the effective and efficient use of corporate resources?
Operational objective
What is the term for the process of identifying risks or threats to the achievement of business objectives?
Risk identification
What is an example of internal communication in a company?
Audit findings of internal auditors on internal control and risk management systems
What is the purpose of monitoring in a company's risk management process?
To evaluate the effectiveness of the risk management process over time
What happens if a company fails to communicate with government agencies in a timely and appropriate manner?
The company may face monetary penalties
Who is responsible for evaluating the effectiveness of the risk management process on a periodic basis?
Internal auditors
What is the purpose of communicating risk management policies and directives from top management to rank-and-file personnel?
To ensure that employees understand the company's risk management policies
What is the outcome of not properly communicating risk management policies and directives to employees?
Employees may not know the company's risk management policies
What is required for a company's risk management process to be effective?
All eight risk management components must be present and functioning
What should be done with significant deficiencies in the design and operating effectiveness of the risk management process?
They should be communicated to the appropriate level of management and to the board of directors
What is the main limitation of internal control?
It can only provide reasonable assurance of achieving business objectives
Why might segregation of duties not be effective in preventing fraud?
Because of the possibility of collusion
What is an example of management override?
A manager approving a purchase requisition without a purchase order
What is the purpose of segregating incompatible duties?
To reduce the risk of fraud and error
What can detect fraud in a situation where there is collusion between employees?
Surprise audit of cash
Why is internal control not capable of providing absolute assurance?
Because it has inherent limitations
What is the effect of good internal control on company operations?
It has a positive effect
What is the main goal of internal control?
To provide reasonable assurance of achieving business objectives
What is the primary reason ABC Co. assigned the risk rating of 1 to the risk of cybercrime?
There is a remote possibility that cybercrime will occur due to the company's lack of online transactions.
Which risks did ABC Co. identify as significant due to their high combined risk scores?
Risk #1 and Risk #2
How did ABC Co.'s management choose to respond to Risk #2?
Contingency funding plans and standby credit lines
What type of monitoring activity involves routine management reviews of processes?
Ongoing monitoring activities
Why is monitoring an essential part of the risk management process?
To assess the effectiveness of the risk management process
What response did ABC Co. choose for Risk #3?
Minimal procedures due to its low-risk score
Who generally carries out separate evaluations in a risk management process?
Internal auditors
What is the main purpose of the graphical presentation linked to the likelihood and impact assessment?
To illustrate the risk response related to likelihood and impact
What is the appropriate risk rating for an event with a significant impact?
4 or 5
What kind of impact does violating a traffic rule typically have?
Minor impact
What could be the consequence for a resort business violating environmental laws?
Possible business closure
What is a risk map used for?
Assessing likelihood and impact of risks
What color is typically used to represent significant risks on a risk map?
Red
Which risks are placed on the bottom left corner of a risk map?
Low likelihood/Low impact
What is the typical risk response for high likelihood/high impact risks?
Mitigate, share, or avoid
How should management handle moderate risks?
Exert efforts to reduce them
This quiz assesses your understanding of risk management processes in a company, including risk mitigation, control procedures, and risk appetite. It covers the roles of internal auditors and other personnel in managing risk.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free