Risk and Control Exam Questions PDF

00749_En_Əyani_Yekun imtahan_SABAH testinin sualları Fənn : 00749 Risk və nəzarət 1. Failure to comply with regulatory requirements is an example of: Opportunity risks √ compliance risks Control risks Hazard risks Long-term risks 2. ________ will be the dominant response for high-impact/high-likelihood risks. Treat Tolerate Transfer None of them √ Terminate 3. _______will be the dominant response for high-impact/low-likelihood risks. Tolerate Terminate None of them √ Transfer Treat 4. _______will be the dominant response for high-likelihood/low-impact risks. Tolerate None of them Terminate Transfer √ Treat 5. _______ will be the dominant response for the low-likelihood/low-impact risks. None of them Terminate Transfer √ Tolerate Treat 6. The desired level of risk after the application of planned controls financial risk net, residual or current risk rational risk irrational risk √ Target 7. The level of risk after the application of existing controls financial risk gross or inherent rational risk irrational risk √ Net, residual or current The level of risk before controls are 8. applied financial risk target rational risk irrational risk √ Gross or inherent 9. ____________ is the approach that seeks to maximize the benefits of taking entrepreneurial risks. control manageemnt risk management compliance management √ Opportunity management hazard management _________ are the risks that are (usually) deliberately sought or embraced by the organization. These risks arise because the 10. organization is seeking to enhance the achievement of the mission, although they might inhibit the organization if the outcome is adverse. Long-term risks Compliance risks Hazard risks √ Opportunity risks Control risks __________ are associated with uncertainty, and examples include the potential for failure to achieve legal compliance and losses 11. caused by fraud. They are usually dependent on the successful management of people and effective implementation of control protocols. Opportunity risks Long-term risks Hazard risks Compliance risks √ Control risks 12. _______ are risks that cause doubt about the ability to achieve the organization’s mission √ Control risks Compliance risks Hazard risks Long-term risks Opportunity risks _______ are the risks that can only inhibit achievement of the corporate mission. Typically, these are insurable-type risks or perils, and 13. will include fire, storm, flood, injury and so on. √ Hazard risks Long-term risks Compliance risks Opportunity risks Control risks 14. Which of the following is a type of enterprise risks? hazard control opportunity √ All of them compliance 15. Risk management organization and arrangements risk assessment risk appetite risk protocols risk response √ risk architecture 16. Level and nature of risk that is acceptable risk strategy risk response risk mitigation √ risk appetite risk control __________ are associated with unknown and unexpected events. They are sometimes referred to as uncertainty risks and they can be 17. extremely difficult to quantify. Operational risks Non-financial risks √ Control risks Hazard risks Financial risks __________ are the most common risks associated with operational risk management, including occupational health and safety 18. programmes. A good example of a this risk faced by many organizations is that of theft. Compliance risks Financial risks Operational risks Non-financial risks √ Hazard risks 19. _________associated with a source of potential harm or a situation with the potential to undermine objectives in a negative way. √ Hazard risks Non-financial risks Compliance risks Financial risks Operational risks _________ captures the legal and financial penalties for failing to act or acting inappropriately and are especially significant for those 20. business sectors that are heavily regulated. √ Compliance risks Non-financial risks Operational risks Financial risks Hazard risks 21. _________ are associated with adherence to the law of the country and the regulations that apply to the sector in which you operate. Non-financial risks Hazard risks Financial risks √ Compliance risks Operational risks 22. In general terms, organizations will seek to ______ compliance risks leave uncontrolled maximize all o them √ minimize none of them 23. _________ specifies the roles, responsibilities, communication and risk reporting structure. risk appetite Risk evaluation risk response √ risk architecture risk tolerance 24. A detailed risk description includes: risk appetite policy developments √ All of them strategy developments potential for risk improvement 25. A detailed risk description includes: risk attitude risk controls risk treatment √ All of them risk response 26. A detailed risk description includes: Risk evaluation risk appetite risk tolerance √ All of them loss experience 27. A detailed risk description includes: Name or title of risk stakeholders nature of risk √ All of them scope of risk 28. In relation to a large organisation’s risk management process, what does the internal audit function typically have responsibility for? Preparing designated parts of an up-to-date risk register. None of them Providing detailed assurance that risk management processes are INEFFECTIVE. √ Providing detailed assurance that risk management processes are effective. Preparing designated parts of an up-to-date risk appetite Within a large global organisation, who has the primary responsibility of identifying individual risk owners and making sure appropriate 29. risk control activities are carried out? Board of Directors None of them HR Risk specialist √ Chief Risk Officer In particular, the _________ risk practitioner can help a corporate become more systematic at aggregating the common risk exposures 30. across different business units, much in the style of banks. compliance non-financial √ financial audit corporate 31. Which of the following is a difference between ERM and FRM? Importance of different elements of risk management The CRO function The risk profession and the community Board risk committee √ All of them The Chief Risk Officer within a large manufacturing organisation has been asked by the Board of Directors to provide an example of a 32. hazard risk. A suitable example would be the purchase of a currency derivative the purchase of a new branch entering into a contract to purchase a new factory. making a strategic decision that affects the long-term future of the organisation. √ a fire occurring in a new manufacturing process line. 33. Typical benchmark test for significance includes: Share price falls by 10% Profit and loss impact of 1% annual profit Impact on balance sheet of 0.5% turnover √ All of them Event is on national TV, radio or newspapers 34. Typical benchmark test for significance includes: Impact on balance sheet of 0.25% Increased cost of operation exceeds 10% budget Disruption to normal operations of 1⁄2 day √ All of them Profit and loss impact of 2.5% annual profit 35. Financial metrics used for risk control include: the value of the balance sheet or reserves of the organization (typically 0.25 per cent) None of them the budgeted profit for the year (typically 5 per cent) the budgeted turnover for the year (typically 0.5 per cent) √ All of them 36. For large organizations, identifying a nancial test for signi cance can be undertaken in a number of ways, including: levels that external auditors consider to be material when compiling the accounts of the organization use of financial metrics levels of authorization to spend money level at which full board approval is required for expenditure in excess of a particular nancial threshold √ All of them 37. _______ risk is the risk that exists subsequent to management mitigation or response. inherent √ Residual hazard compliance long-term 38. _______ risk is risk to the entity that exists absent of any management activity or mitigation. compliance hazard √ inherent long-term residual 39. Which of the following is an internal factor which would affect strategy and objective achievement? Technological √ All of them personnel process infrastructure 40. Which of the following is an external factor which would affect strategy and objective achievement? Technological √ All of them Social Political Economic 41. Which of the following is an internal factor which would affect strategy and objective achievement? political √ current technology None of them global environment social 42. Which of the following is an internal factor which would affect strategy and objective achievement? political √ business processes None of them global environment social 43. Which of the following is an internal factor which would affect strategy and objective achievement? political √ internal network None of them global environment social 44. Which of the following is an internal factor which would affect strategy and objective achievement? political √ personnel None of them global environment social 45. ____________ fall into two camps: the risks associated with taking the opportunity, and the risks of not acting. Long-term risks √ Opportunity risks Hazard risks Compliance risks Control risks 46. Which of the foloowing is an example of technology related risk? Privacy √ All of them Disaster recovery Cyber warfare Security 47. Which of the following is an example of disruptions caused by people? Delivery of defective goods or components √ Inappropriate behaviour by a senior manager Disruption by hacker or computer virus Inadequate management of information Failure of IT hardware or software systems 48. Which of the following is an example of disruptions caused by processes? Poor product or service quality √ Failure of IT hardware or software systems Delivery of defective goods or components None of them Disruption caused by failure of supplier 49. Which of the following is an example of disruptions caused by products? Failure of IT hardware or software systems √ Delivery of defective products, goods or components Inadequate management of information Failure of communication or transport systems Disruption by hacker or computer virus 50. Which of the following is an example of disruptions caused by people? Inadequate, insufficient or denial of access to premises √ Lack of people skills and/or resources Damage to and breakdown of physical assets Theft or loss of physical assets Damage to or contamination of premises 51. Which of the following is an example of disruptions caused by premises? Lack of people skills and/or resources √ Inadequate, insufficient or denial of access to premises Unexpected absence of key personnel Ill-health, accident or injury to people Inappropriate behaviour by a senior manager 52. Which of the following is an example of sources for operational disruption? people √ All of them processes products premises 53. Which of the following is an example of INFRASTRUCTURAL key dependencies? Availability of funds/finance √ People skills and experience Public opinion of sector Corporate social responsibility Correct allocation of funds/finance 54. Which of the following is an example of FINANCIAL key dependencies? √ Liabilities under control (bad debts and pensions) People skills and experience Product development (technology) Competitor behaviour IT hardware and software 55. Which of the following is an example of FINANCIAL key dependencies? Regulators’ enforcement action Corporate social responsibility Brand and brand expansion √ Correct allocation of funds/finance IT hardware and software 56. Which of the following is an example of FINANCIAL key dependencies? Brand and brand expansion Public opinion of sector Communication and transport People skills and experience √ Availability of funds/finance 57. Which of the following is an example of key dependencies for organizations? Liabilities under control (bad debts and pensions) Competitor behaviour Corporate social responsibility √ All of them Communication and transport 58. Which of the following is an example of key dependencies for organizations? Internal control (fraud) √ All of them Regulators’ enforcement action Product development (technology) IT hardware and software 59. Which of the following is an example of key dependencies for organizations? Correct allocation of funds/finance √ All of them Public opinion of sector Health of world or national economy Premises/plant and equipment 60. Which of the following is an example of key dependencies for organizations? Availability of funds/finance √ All of them Brand and brand expansion Regulatory requirements People skills and experience 61. Risk ________ indicates how often a risk is expected to materialize. impact √ likelihood control analysis capacity 62. ___________ is a measure of how much risk the organization should take or can afford to take. Risk control √ Risk capacity Financial risk Reputational risk Control confidence 63. Typical benchmark test for significance includes: Profit and loss impact of 2.5% annual profit Profit and loss impact of 1% annual profit √ All of them Impact on balance sheet of 0.25% Impact on balance sheet of 0.5% turnover 64. Typical benchmark test for significance includes: Disruption to normal operations of 1⁄2 day √ All of them Share price falls by 10% Event is on national TV, radio or newspapers Increased cost of operation exceeds 10% budget 65. Which of the following is an example of HR risks: unauthorized access into IT systems √ pension arrangements hardware or software faults and failures theft of computers and other hardware introduction of viruses into the system 66. Which of the following is an example of HR risks: user error, including loss or deletion of information √ recruitment, retention and skills availability theft of computers and other hardware unauthorized access into IT systems IT project failure 67. Risks that will impact the level of efficiency and dysfunction within the core processes Reputational √ Infrastructure Financial Technological Marketplace 68. Risks that can impact the way in which money is managed and profitability is achieved Infrastructure √ Financial Marketplace Technological Reputational 69. Which of the following is NOT an external factor which would affect strategy and objective achievement? political √ Personnel natural environment global environment social 70. Which of the following is NOT an internal factor which would affect strategy and objective achievement? personnel √ Political none of them business processes internal network 71. Which of the following is an external factor which would affect strategy and objective achievement? personnel √ global environment business processes None of them internal network 72. Which of the following is an external factor which would affect strategy and objective achievement? personnel √ natural environment business processes None of them internal network 73. Which of the following is an external factor which would affect strategy and objective achievement? personnel √ social business processes None of them internal network 74. Which of the following is an external factor which would affect strategy and objective achievement? personnel √ political business processes None of them internal network 75. ______ denotes possibility or probability, and _______ characterizes the effect. impact, likelihood √ Likelihood, impact impact, affect affect, likelihood impact, consequence 76. Mandatory objective of risk management states that: The board and audit committee of an organization will require assurance that risk management and internal control activities comply with PACED. √ The basic objective for any risk management initiative is to ensure conformity with applicable rules, regulations and mandatory obligations. Risk management considerations will assist with achieving effective and efficient strategy, tactics, operations and compliance to ensure the best outcome with reduced volatility of results. None of them Risk management activities should ensure that appropriate risk- based information is available to support decision making. 77. Principles of risk management state that risk management activities should be: √ All of them Dynamic Aligned Comprehensive Embedded 78. Principles of risk management state that risk management activities should be: Aligned Comprehensive Dynamic √ All of them Proportionate 79. Businesses should aim to __________ control risks and ________ opportunity risks. None of them manage, ignore maximize, embrace maximize, mitigate √ manage, embrace 80. Businesses should aim to __________ compliance risks and ________ hazard risks. mitigate, maximize maximize, mitigate ignore, succeed ignore, fail √ minimize, mitigate 81. Specialist areas of risk management includes: IT risk management financial risk management information security risk management None of them √ All of them 82. Specialist areas of risk management includes: project risk management None of them energy risk management √ All of them clinical/medical risk management 83. Which of the following is definition of risk management? Co-ordinated activities to direct and control an organization with regard to risk. Process which aims to help organizations understand, evaluate and take action on all their risks with a view to increasing the probability of success and reducing the likelihood of failure. Selection of those risks a business should take and those that should be avoided or mitigated, followed by action to avoid or reduce risk. The co-ordinated activities designed and operated to manage risk and exercise internal control within an organization √ All of them 84. Which of the following is an example of operational disruption from the category of products? Poor product or service quality Delivery of defective goods or components Failure of outsourced services and facilities √ All of them Disruption caused by failure of supplier 85. Which of the following is an example of operational disruption from the category of processes? Inadequate management of information Failure of communication or transport systems Poor maintenance of production equipment Disruption by software failure, hacker or computer virus √ All of them 86. Which of the following is an example of operational disruption from the category of premises? Damage to and breakdown of physical assets Theft or loss of physical assets Inadequate, insufficient or denial of access to premises Damage to or contamination of premises √ All of them 87. Which of the following is an example of operational disruption from the category of people? Unexpected absence of key personnel Ill health, accident or injury to people Lack of people skills and/or resources Inappropriate behaviour by a senior manager √ All of them 88. _________ indicates the amount of risk an organization is willing to seek or accept in pursuit of its long-term objectives. Financial risks Risk materialization Current risks √ Risk appetite Non-financial risks _________ indicates the way the organization perceives the likelihood and impact of uncertainty (including what it can do about the 89. uncertainty). Financial risks Risk materialization Current risks √ Risk attitude Non-financial risks 90. Risks can be classified according to the nature of the attributes of the risk. Which includes: feature that will be impacted component that will be impacted timescale source of the risk √ All of them 91. Risks can be classified according to the nature of the attributes of the risk. Which includes: likely magnitude of the risk √ All of them source of the risk timescale nature of the impact 92. The level of risk that is desired or will be obtained with the application of further control measures. √ Target level of risk Inherent level of risk Current or residual level of risk Non-financial risks Financial risk 93. The level of risk after initial control measures have been put in place. Non-financial risks Inherent level of risk Target level of risk Financial risk √ Current or residual level of risk 94. The level of risk before any actions have been taken to change the likelihood or magnitude of the risk. Current or residual level of risk Target level of risk Non-financial risks Financial risk √ Inherent level of risk A detailed ____________ is necessary so that a common understanding of the risk can be identified and ownership/responsibilities may 95. be clearly established. risk tolerance risk financing risk transfer risk assessment √ risk description 96. Failure to invest and successfully implement, appropriate technology People risk √ Technology risk HR risk Customer outcome risk Process risk 97. A failure in processes or failure of their associated controls People risk Customer outcome risk Cyber risk √ Process risk Technology risk 98. Failure to recruit, develop and retain suitable talent. Technology risk Customer outcome risk Cyber risk √ People risk Process risk _______ faced by banks and other financial institutions represent essen- tially the same types of disruptive hazard risks that are faced 99. by other organizations, although the definition may be broader and the terminology slightly different. compliance risks Long-term risks Control risks financial risks √ Operational risks 100. Which of the following involves lower level of risk and lower level of potential reward? mature operation √ decline growth start-up none of them 101. Which of the following involves higher level of risk and higher level of potential reward? start-up none of them √ growth mature operation decline 102. Which of the following involves higher level of risk and lower level of potential reward? none of them growth mature operation decline √ start-up 103. The purpose of using the bow-tie illustration is: All of them to demonstrate risk mitigation technologies to show risk control techniques √ to demonstrrate the potential range of impacts should a risk materialize to analyse risk events incurring from every single business unit 104. The purpose of using the bow-tie illustration is: All of them to demonstrate risk mitigation technologies to show risk control techniques √ to demonstrate the risk classification systems used by the organization to analyse risk events incurring from every single business unit 105. Which of the following is an input for bow tie model? impact response controls √ All of them preventive controls source of risk 106. __________ is concerned with reducing the magnitude of the event when it does materialize. Internal audit Risk likelihood √ Damage limitation Competitor company None of them 107. Which of the following is an example of MARKETPLACE key dependencies? Availability of funds/finance Correct allocation of funds/finance Communication and transport People skills and experience √ Competitor behaviour 108. Which of the following is an example of MARKETPLACE key dependencies? People skills and experience Communication and transport Availability of funds/finance Correct allocation of funds/finance √ Product development (technology) 109. Which of the following is an example of MARKETPLACE key dependencies? Availability of funds/finance Communication and transport People skills and experience √ Health of world or national economy Correct allocation of funds/finance 110. Which of the following is an example of MARKETPLACE key dependencies? Availability of funds/finance Communication and transport People skills and experience √ Regulatory requirements Correct allocation of funds/finance 111. Which of the following is an example of REPUTATIONAL key dependencies? People skills and experience Communication and transport Availability of funds/finance Correct allocation of funds/finance √ Corporate social responsibility 112. Which of the following is an example of REPUTATIONAL key dependencies? People skills and experience Communication and transport Availability of funds/finance Correct allocation of funds/finance √ Regulators’ enforcement action 113. Which of the following is an example of REPUTATIONAL key dependencies? √ Public opinion of sector People skills and experience Availability of funds/finance Communication and transport Correct allocation of funds/finance 114. Which of the following is an example of REPUTATIONAL key dependencies? Availability of funds/finance Communication and transport People skills and experience √ Brand and brand expansion Correct allocation of funds/finance 115. Which of the following is an example of INFRASTRUCTURAL key dependencies? Availability of funds/finance Correct allocation of funds/finance Corporate social responsibility Public opinion of sector √ Communication and transport 116. Which of the following is an example of INFRASTRUCTURAL key dependencies? Availability of funds/finance Corporate social responsibility Public opinion of sector √ IT hardware and software Correct allocation of funds/finance 117. Which of the following is an example of INFRASTRUCTURAL key dependencies? Availability of funds/finance Corporate social responsibility Public opinion of sector √ Premises/plant and equipment Correct allocation of funds/finance The __________ concerns objectives, the capacity and capabilities of the organization, as well as the business core processes that are in 118. place. external context √ internal context risk protocols risk management context risk architecture _____________ refers to the organization itself, the activities it undertakes, the range of skills and capabilities available within the 119. organization, and how it is structured. external context risk management context risk architecture risk protocols √ internal context The ___________ is the environment which includes stakeholder expectations, industry regulations and regulators, the behaviour of 120. competitors and the general economic environment within which the organization operates. risk protocols risk architecture internal context risk management context √ external context 121. Which of the following is a NOT component of COSO ERM rainbow double helix? Information Communication & Reporting Business Objective Formulation Implementation & Performance √ Risk architecture Performance 122. Which of the following is a NOT component of COSO ERM rainbow double helix? Mission, vision & Core values Governance & Culture √ Risk protocols Strategy development Strategy & Objective-Setting 123. Which of the following is a component of COSO ERM rainbow double helix? Governance & Culture Strategy & Objective-Setting Information Communication & Reporting Performance √ All of them 124. Which of the following is a component of COSO ERM rainbow double helix? Business Objective Formulation Implementation & Performance Strategy development Mission, vision & Core values √ All of them 125. COSO ERM rainbow double helix demonstrates that the final goal of ERM is: Enhanced assets Transferring value √ Enhanced value Reduced liability Enhanced liability 126. COSO ERM framework defines monitoring as: the tone of an organization and sets the basis for how risk is viewed and addressed. Framework and processes should be customized and proportionate. Relevant information is identified, captured and communicated so that people can fulfil their responsibilities. none of them √ The entirety of enterprise risk management is monitored and modifications made as necessary. 127. COSO ERM framework defines information and communication as: Framework and processes should be customized and proportionate. none of them A structured and comprehensive approach is required √ Relevant information is identified, captured and communicated so that people can fulfil their responsibilities. the tone of an organization and sets the basis for how risk is viewed and addressed. 128. COSO ERM framework defines control activities as: Framework and processes should be customized and proportionate. the tone of an organization and sets the basis for how risk is viewed and addressed. none of them Relevant information is identified, captured and communicated so that people can fulfil their responsibilities. √ Policies and procedures are established and implemented to help ensure the risk responses are effectively carried out. 129. According to COSO ERM framework, Internal environment encompasses: Framework and processes should be customized and proportionate. none of them A structured and comprehensive approach is required √ the tone of an organization and sets the basis for how risk is viewed and addressed. Relevant information is identified, captured and communicated so that people can fulfil their responsibilities. 130. Which of the following is an example of principles of ISO31000 standard? Risk management is an integral part of all organizational activities Risk management is continually improved through learning and experience Framework and processes should be customized and proportionate. Risk management anticipates, detects, acknowledges and responds to changes. √ All of them 131. Which of the following is an example of principles of ISO31000 standard? Risk management explicitly considers any limitations of available information. Human and cultural factors in uence all aspects of risk management. Appropriate and timely involvement of stakeholders is necessary. A structured and comprehensive approach is required √ All of them 132. Which of the following is an example of principles of ISO31000 standard? Human and cultural factors in uence all aspects of risk management. Risk management is continually improved through learning and experience Risk management anticipates, detects, acknowledges and responds to changes. Risk management explicitly considers any limitations of available information. √ All of them 133. Which of the following is an example of principles of ISO31000 standard? Framework and processes should be customized and proportionate. Risk management is an integral part of all organizational activities A structured and comprehensive approach is required √ All of them Appropriate and timely involvement of stakeholders is necessary. 134. Compinents of the Risk Management context include: Risk protocols None of them Risk strategy √ All of them Risk architecture ________ are defined in the risk guidelines for the organization and include the rules and procedures, as well as the risk management 135. methodologies, tools and techniques that should be used risk measurement None of them risk penalties risk assessment √ Risk protocols 136. Risk _________ defines roles, responsibilities, communication and risk-reporting structure management signature elimination √ architecture transfer 137. Risk control and loss management techniques will _______ the expected losses and should ensure that the overall cost is contained. increase maximize None of them embrace √ reduce 138. opportunity management _________ of possible outcomes. minimizes the benefits None of them eliminates the benefits √ maximizes the benefits ignores the benefits 139. hazard management makes outcomes ________ nondesirable out of control more negative less positive √ less negative 140. the options for responding to hazard risks include: assign None of them transact √ transfer tailor 141. the options for responding to hazard risks include: ignore None of them transact √ treat customise 142. the options for responding to hazard risks include: manage None of them transact √ tolerate align 143. the options for responding to hazard risks include: tolerate terminate transfer √ All of them treat 144. Effective and efficient core processes objective of risk management states that: The basic objective for any risk management initiative is to ensure conformity with applicable rules, regulations and mandatory obligations. None of them Risk management activities should ensure that appropriate risk- based information is available to support decision making. √ Risk management considerations will assist with achieving effective and efficient strategy, tactics, operations and compliance to ensure the best outcome with reduced volatility of results. The board and audit committee of an organization will require assurance that risk management and internal control activities comply with PACED. 145. Decision making objective of risk management states that: Risk management considerations will assist with achieving effective and efficient strategy, tactics, operations and compliance to ensure the best outcome with reduced volatility of results. None of them The basic objective for any risk management initiative is to ensure conformity with applicable rules, regulations and mandatory obligations. The board and audit committee of an organization will require assurance that risk management and internal control activities comply with PACED. √ Risk management activities should ensure that appropriate risk- based information is available to support decision making. 146. Assurance objective of risk management states that: Risk management considerations will assist with achieving effective and efficient strategy, tactics, operations and compliance to ensure the best outcome with reduced volatility of results. None of them The basic objective for any risk management initiative is to ensure conformity with applicable rules, regulations and mandatory obligations. Risk management activities should ensure that appropriate risk- based information is available to support decision making. √ The board and audit committee of an organization will require assurance that risk management and internal control activities comply with PACED. 147. Types of hazard control include: Corrective Preventive Detective √ All of them Directive ________ is a well-established mechanism for transferring the financial impact of losses arising from hazard risks and (to a lesser 148. extent) control risks. Controlling Internal Audit Competing Insourcing √ Insurance 149. When the likelihood of a risk materializing is low but the potential is high, the organization may wish to ________ that risk. avoid None of them tolerate terminate √ transfer 150. Terminating risk is equivalent to _______. retaining None of them contracting √ eliminating reducing 151. Transferring risk is equivalent to _______. retaining None of them eliminating √ contracting reducing 152. Treating risk is equivalent to _______. √ reducing None of them eliminating retaining contracting 153. Tolerating risk is equivalent to _______. None of them eliminating reducing contracting √ retaining 154. Terminating risk is equivalent to _______. √ avoiding insuring controlling None of them accepting 155. Transferring risk is equivalent to _______. avoiding None of them accepting √ insuring controlling 156. Treating risk is equivalent to _______. accepting insuring None of them avoiding √ controlling 157. Tolerating risk is equivalent to _______. controlling None of them avoiding √ accepting insuring 158. Significant risks facing an organization are those that have: high or very high impact in relation to the benchmark test for significance None of them high or very high scope for cost-effective improvement in control √ All of them high or very high likelihood of materializing at or above the benchmark level __________ is concerned with reducing the impact and consequences of the event and ensures the lowest cost of repairs, as well as 159. business continuity plans to ensure that the organization can continue operations following damage to the asset that has been affected. Internal audit √ Cost containment Risk likelihood None of them Competitor company 160. Which of the following issues should be addressed when evaluating the reputational component of the external context: governance standards and whether the sector is highly regulated quality of products or services and/or after-sales service standards public perception of the industry sector in which the organization operates corporate social responsibility standards achieved by the organization √ All of them 161. For many organizations, the most important group of external stakeholders will be ________. media representatives retailers managers employees √ customers 162. Detective controls √ Routine review of drivers’ licences to check for penalty points, routine inspections of vehicles to discover and report damage, review of fuel consumption to identify drivers with an aggressive driving style Review of vehicle routing and realistic estimates on delivery schedules so that drivers do not need to drive dangerously to arrive on time Defensive driver training and the provision of a vehicle driver handbook with practical advice that is easy to understand and follow None of them Enhanced maintenance procedures and improved arrangements for drivers to report vehicle defects 163. Directive controls None of them Enhanced maintenance procedures and improved arrangements for drivers to report vehicle defects Routine review of drivers’ licences to check for penalty points, routine inspections of vehicles to discover and report damage, review of fuel consumption to identify drivers with an aggressive driving style √ Defensive driver training and the provision of a vehicle driver handbook with practical advice that is easy to understand and follow Review of vehicle routing and realistic estimates on delivery schedules so that drivers do not need to drive dangerously to arrive on time 164. Corrective controls None of them Review of vehicle routing and realistic estimates on delivery schedules so that drivers do not need to drive dangerously to arrive on time √ Enhanced maintenance procedures and improved arrangements for drivers to report vehicle defects Routine review of drivers’ licences to check for penalty points, routine inspections of vehicles to discover and report damage, review of fuel consumption to identify drivers with an aggressive driving style Defensive driver training and the provision of a vehicle driver handbook with practical advice that is easy to understand and follow 165. Preventive controls Defensive driver training and the provision of a vehicle driver handbook with practical advice that is easy to understand and follow Enhanced maintenance procedures and improved arrangements for drivers to report vehicle defects None of them Routine review of drivers’ licences to check for penalty points, routine inspections of vehicles to discover and report damage, review of fuel consumption to identify drivers with an aggressive driving style √ Review of vehicle routing and realistic estimates on delivery schedules so that drivers do not need to drive dangerously to arrive on time A ______________ approach to risk assessment involves senior management leading the process with information passed downwards 166. for validation. None of them bottom-up right-left √ top-down exercise inner-outer 167. Which of the following is a reputational benefit of ERM? None of them Increased profitability for organization Reduced cost of funding and capital √ Good reputation and publicity Accurate financial risk reporting 168. Which of the following is a financial benefit of ERM? Improved perception of organization Better marketplace presence Improved supplier and staff morale Regulators satisfied √ Accurate financial risk reporting 169. Which of the following is a financial benefit of ERM? Regulators satisfied Improved supplier and staff morale Better marketplace presence Improved perception of organization √ Increased profitability for organization 170. Which of the following is a financial benefit of ERM? Regulators satisfied Improved supplier and staff morale Better marketplace presence Improved perception of organization √ Reduced cost of funding and capital 171. Enterprise risk management: improves the ef ciency and delivery of services, improves allocation of resources (capital) to business improvement, creates shareholder value and enhances risk reporting to stakeholders uses processes that assign ownership to implement and monitor actions to manage these uncertainties assigns a formal risk appetite to the risk of the organization √ All of them is correct produces information to help management improve business decisions, reduce uncertainty and provide reasonable assurance regarding the achievement of the objectives of the organization 172. Enterprise risk management: uses processes that assign ownership to implement and monitor actions to manage these uncertainties involves the identi cation and evaluation of uncertainties that matter to the organization, both upside and downside √ All of them is correct assigns a formal risk appetite to the risk of the organization produces information to help management improve business decisions, reduce uncertainty and provide reasonable assurance regarding the achievement of the objectives of the organization 173. Which of the following is an example of features of enterprise-wide risk management approach? Views the effective management of risk as a competitive advantage that contributes to the achievement of business and strategic objectives. Encompasses all areas of organizational exposure to risk (financial, operational, reporting, compliance, governance, strategic, reputational, etc). √ All of them Supports the activities of internal audit by providing a structure for the provision of assurance to the board and audit committee. Prioritizes and manages those exposures as an interrelated risk portfolio rather than as individual ‘silos’ of risk. 174. Which of the following is an example of features of enterprise-wide risk management approach? Views the effective management of risk as a competitive advantage that contributes to the achievement of business and strategic objectives. √ All of them Constructs a means of communicating on risk issues, so that there is a common understanding of the risks faced by the organization, and their importance. Provides a means for the organization to identify the risks that it is willing to take in order to achieve strategic objectives. Supports the activities of internal audit by providing a structure for the provision of assurance to the board and audit committee. 175. Which of the following is an example of features of enterprise-wide risk management approach? √ All of them Provides a structured process for the management of all risks, whether those risks are primarily quantitative or qualitative in nature. Seeks to embed risk management as a component in all critical decisions throughout the organization. Constructs a means of communicating on risk issues, so that there is a common understanding of the risks faced by the organization, and their importance. Provides a means for the organization to identify the risks that it is willing to take in order to achieve strategic objectives. 176. Which of the following is an example of features of enterprise-wide risk management approach? Recognizes that individual risks across the organization are interrelated and can create a combined exposure that differs from the sum of the individual risks. √ All of them Seeks to embed risk management as a component in all critical decisions throughout the organization. Provides a structured process for the management of all risks, whether those risks are primarily quantitative or qualitative in nature. Evaluates the risk portfolio in the context of all significant internal and external contexts, systems, circumstances and stakeholders. 177. Which of the following is an example of features of enterprise-wide risk management approach? Recognizes that individual risks across the organization are interrelated and can create a combined exposure that differs from the sum of the individual risks. √ All of them Prioritizes and manages those exposures as an interrelated risk portfolio rather than as individual ‘silos’ of risk. Encompasses all areas of organizational exposure to risk (financial, operational, reporting, compliance, governance, strategic, reputational, etc). Evaluates the risk portfolio in the context of all significant internal and external contexts, systems, circumstances and stakeholders. 178. In particular, when evaluating the infrastructure component of the internal context, the following issue should be addressed: business continuity plans in place to ensure continuity of activities following major disruption information technology infrastructure sufficient to achieve resilience and protect data arrangements for service delivery and/or transportation and reliable communication infrastructure senior management structure and the nature of the risk culture √ All of them Routine review of drivers’ licences to check for penalty points, routine inspections of vehicles to discover and report damage, review of 179. fuel consumption to identify drivers with an aggressive driving style is an example of ___________. Preventive controls None of them Directive controls √ Detective controls Corrective controls Defensive driver training and the provision of a vehicle driver handbook with practical advice that is easy to understand and follow is an 180. example of __________ Preventive controls None of them Detective controls √ Directive controls Corrective controls 181. Enhanced maintenance procedures and improved arrangements for drivers to report vehicle defects is an example of ________. Detective controls None of them Preventive controls Directive controls √ Corrective controls Review of vehicle routing and realistic estimates on delivery schedules so that drivers do not need to drive dangerously to arrive on time 182. is an example of ____________. Detective controls None of them Corrective controls Directive controls √ Preventive controls 183. __________ hazard These controls are designed to identify occasions when undesirable outcomes have been realized. Preventive None of them Directive √ Detective Corrective 184. _________ controls are designed to ensure that a particular outcome is achieved. Corrective Detective Preventive None of them √ Directive 185. ________ hazard controls are designed to limit the scope for loss and reduce any undesirable outcomes that have been realized. Detective None of them √ Corrective Directive Preventive 186. ___________ hazard controls are designed to limit the possibility of an undesirable outcome being realized. None of them Detective Corrective Directive √ Preventive 187. In particular, when evaluating the infrastructure component of the internal context, the following issue should be addressed: nature of internal financial control environment to prevent fraud availability of funds to meet historical and anticipated future liabilities availability of adequate funds and future flows of funds to fulfil strategic plans existence of robust procedures for correct allocation of funds for investment √ arrangements for service delivery and/or transportation and reliable communication infrastructure 188. In particular, when evaluating the infrastructure component of the internal context, the following issue should be addressed: availability of funds to meet historical and anticipated future liabilities availability of adequate funds and future flows of funds to fulfil strategic plans existence of robust procedures for correct allocation of funds for investment nature of internal financial control environment to prevent fraud √ business continuity plans in place to ensure continuity of activities following major disruption 189. In particular, when evaluating the infrastructure component of the internal context, the following issue should be addressed: √ information technology infrastructure sufficient to achieve resilience and protect data nature of internal financial control environment to prevent fraud availability of funds to meet historical and anticipated future liabilities availability of adequate funds and future flows of funds to fulfil strategic plans existence of robust procedures for correct allocation of funds for investment 190. In particular, when evaluating the infrastructure component of the internal context, the following issue should be addressed: √ availability of adequate physical assets to support operational activities availability of funds to meet historical and anticipated future liabilities nature of internal financial control environment to prevent fraud existence of robust procedures for correct allocation of funds for investment availability of adequate funds and future flows of funds to fulfil strategic plans 191. In particular, when evaluating the infrastructure component of the internal context, the following issue should be addressed: availability of funds to meet historical and anticipated future liabilities availability of adequate funds and future flows of funds to fulfil strategic plans existence of robust procedures for correct allocation of funds for investment √ availability of adequate people resources and skills, including intellectual property nature of internal financial control environment to prevent fraud 192. In particular, when evaluating the infrastructure component of the internal context, the following issue should be addressed: availability of funds to meet historical and anticipated future liabilities availability of adequate funds and future flows of funds to fulfil strategic plans existence of robust procedures for correct allocation of funds for investment √ senior management structure and the nature of the risk culture nature of internal financial control environment to prevent fraud 193. In particular, when evaluating the financial component of the internal context, the following issue should be addressed: information technology infrastructure suf cient to achieve resilience and protect data None of them arrangements for service delivery and/or transportation and reliable communi- cation infrastructure √ availability of funds to meet historical and anticipated future liabilities business continuity plans in place to ensure continuity of activities following major disruption 194. In particular, when evaluating the financial component of the internal context, the following issue should be addressed: availability of adequate physical assets to support operational activities None of them arrangements for service delivery and/or transportation and reliable communi- cation infrastructure √ nature of internal financial control environment to prevent fraud business continuity plans in place to ensure continuity of activities following major disruption 195. In particular, when evaluating the financial component of the internal context, the following issue should be addressed: availability of adequate people resources and skills, including intellectual property None of them arrangements for service delivery and/or transportation and reliable communi- cation infrastructure √ existence of robust procedures for correct allocation of funds for investment business continuity plans in place to ensure continuity of activities following major disruption 196. In particular, when evaluating the financial component of the internal context, the following issue should be addressed: senior management structure and the nature of the risk culture None of them arrangements for service delivery and/or transportation and reliable communi- cation infrastructure √ availability of adequate funds and future flows of funds to fulfil strategic plans business continuity plans in place to ensure continuity of activities following major disruption __________ component of the internal context of an organization de nes the nancial procedures and the means by which money is 197. managed and pro tability is achieved. The marketplace None of them The infrastructure The reputational √ The financial 198. The overall purpose of evaluating the external context is ___________. to calculate the level of future future cash flows associated with the external environment within which the organization operates. avoid opportunity risks √ to determine the level of riskiness associated with the external environment within which the organization operates. avoid hazard risks None of them 199. Which of the following issues should be addressed when evaluating the marketplace component of the external context: presence of aggressive competitors and/or high customer expectations level of economic stability, including exposure to interest rates and foreign exchange rates exposure to disruption through either technology or geopolitical reasons (political risks, war and terrorism) complexity of the supply chain and volatility of raw material costs √ All of them 200. Which of the following issues should be addressed when evaluating the marketplace component of the external context: level of economic stability, including exposure to interest rates and foreign exchange rates complexity of the supply chain and volatility of raw material costs level of revenue generation in the marketplace and return on investment presence of aggressive competitors and/or high customer expectations √ All of them ___________ must fulfil two functions: firstly, provide support for the risk management process within the organization; and secondly 201. ensure that the outputs from the risk management process are communicated to internal and external stakeholders. Governance & Culture external context internal context √ risk management context Strategy & Objective-Setting An important consideration regarding the _________ is how the organization makes decisions which are the strengths and weaknesses 202. within the organization and provide internal opportunities and threats. external context risk architecture risk protocols √ internal context risk management context 203. Disadvantages of top-down risk assessment includes: Likely to result in an enterprise-wide approach – the risks at the top will have impacts throughout the business. Since it originates from the top, there is likely to be consistent methodology throughout the organization. Shows risk management buy-in from the top, resulting in acceptance of risk management activities at all levels. √ Senior managers and directors tend to be more focused on risks external to the organization. The most significant strategic risks for the organization can be captured quickly and there will be a manageable number. 204. Disadvantages of top-down risk assessment includes: Senior managers and directors tend to be more focused on risks external to the organization. New risks emerging from the operational activities of the organization might not be fully identified. Danger that the approach becomes too superficial, because senior managers believe they can manage crises. √ All of them Limited awareness of internal operational risks or interdependencies of risks within the business 205. Advantages of top-down risk assessment includes: Danger that the approach becomes too superficial, because senior managers believe they can manage crises. New risks emerging from the operational activities of the organization might not be fully identified. Senior managers and directors tend to be more focused on risks external to the organization. Limited awareness of internal operational risks or interdependencies of risks within the business √ Since it originates from the top, there is likely to be consistent methodology throughout the organization. 206. Advantages of top-down risk assessment includes: Senior managers and directors tend to be more focused on risks external to the organization. Danger that the approach becomes too superficial, because senior managers believe they can manage crises. √ Shows risk management buy-in from the top, resulting in acceptance of risk management activities at all levels. Limited awareness of internal operational risks or interdependencies of risks within the business New risks emerging from the operational activities of the organization might not be fully identified. 207. Advantages of top-down risk assessment includes: Senior managers and directors tend to be more focused on risks external to the organization. Limited awareness of internal operational risks or interdependencies of risks within the business New risks emerging from the operational activities of the organization might not be fully identified. Danger that the approach becomes too superficial, because senior managers believe they can manage crises. √ The most significant strategic risks for the organization can be captured quickly and there will be a manageable number. 208. Advantages of top-down risk assessment includes: Danger that the approach becomes too superficial, because senior managers believe they can manage crises. New risks emerging from the operational activities of the organization might not be fully identified. Senior managers and directors tend to be more focused on risks external to the organization. Limited awareness of internal operational risks or interdependencies of risks within the business √ Likely to result in an enterprise-wide approach – the risks at the top will have impacts throughout the business. 209. Advantages of insurance includes: Delays are often experienced in settling an insurance claim Difficulty in determining the amount of insurance to purchase may result in under-insurance and failure to have claims paid in full Disputes regarding the extent of the cover and the exact terms and conditions of the insurance contract √ Provides indemnity against an expected loss Difficulties can arise in quantifying the financial costs associated with the loss 210. __________ is a risk transfer or risk sharing response and represents an after-the-event cost containment response to a risk. Preventive controls People skills and experience Brand and brand expansion √ Insurance Competitor behaviour 211. A __________ risk assessment exercise will tend to focus on risks identi ed as compliance, hazard, control and opportunity in that order. inner-outer None of them top-down right-left √ bottom-up A __________ risk assessment exercise will tend to focus on risks related to strategy, tactics, operations and compliance (STOC), in that 212. order. inner-outer None of them bottom-up right-left √ top-down 213. Use of mobile applications to enable individuals to upload their views on risks to a data platform. Inspections and audits Workshops and brainstorming Questionnaires and checklists Flow charts and dependency analysis √ Crowdsourcing technology 214. Analysis of the processes and operations within the organization to identify critical components that are key to success. Workshops and brainstorming √ Flow charts and dependency analysis Inspections and audits Crowdsourcing technology Questionnaires and checklists 215. Physical inspections of premises and activities and audits of compliance with established systems and procedures. √ Inspections and audits Crowdsourcing technology Questionnaires and checklists Workshops and brainstorming Flow charts and dependency analysis 216. Collection and sharing of ideas at workshops to discuss the events that could impact the objectives, core processes or key dependencies. Crowdsourcing technology √ Workshops and brainstorming Inspections and audits Questionnaires and checklists Flow charts and dependency analysis 217. Use of structured questionnaires and checklists to collect information that will assist with the recognition of the significant risks. Flow charts and dependency analysis Crowdsourcing technology Inspections and audits Workshops and brainstorming √ Questionnaires and checklists 218. Disadvantages of bottom-up risk assessment includes: Can be mirrored to an existing organization chart, and risk impacts beyond immediate operational risks can be discussed. Methodology can be varied according to local norms and culture and this is useful for a multinational organization. Operational staff have great awareness of local risks and their causes, which might elude higher levels of management. Significant buy-in at all levels of the organization should be achieved. √ New risks emerging from the operational activities of the business might not be reported by operational staff. 219. Disadvantages of bottom-up risk assessment includes: Significant buy-in at all levels of the organization should be achieved. Methodology can be varied according to local norms and culture and this is useful for a multinational organization. Operational staff have great awareness of local risks and their causes, which might elude higher levels of management. √ Danger that the approach becomes too detailed and blinkered, resulting in a silo approach to risk assessment. Can be mirrored to an existing organization chart, and risk impacts beyond immediate operational risks can be discussed. 220. Disadvantages of bottom-up risk assessment includes: Operational staff have great awareness of local risks and their causes, which might elude higher levels of management. Significant buy-in at all levels of the organization should be achieved. Can be mirrored to an existing organization chart, and risk impacts beyond immediate operational risks can be discussed. √ Time-consuming and may demotivate, if it takes longer to develop the overall enterprise results. Methodology can be varied according to local norms and culture and this is useful for a multinational organization. 221. Disadvantages of bottom-up risk assessment includes: Significant buy-in at all levels of the organization should be achieved. Can be mirrored to an existing organization chart, and risk impacts beyond immediate operational risks can be discussed. Methodology can be varied according to local norms and culture and this is useful for a multinational organization. Operational staff have great awareness of local risks and their causes, which might elude higher levels of management. √ There will be little focus on external risks or strategic risks. 222. Disadvantages of bottom-up risk assessment includes: There will be little focus on external risks or strategic risks. New risks emerging from the operational activities of the business might not be reported by operational staff. Danger that the approach becomes too detailed and blinkered, resulting in a silo approach to risk assessment. √ All of them Time-consuming and may demotivate, if it takes longer to develop the overall enterprise results. 223. Advantages of bottom-up risk assessment includes: Danger that the approach becomes too detailed and blinkered, resulting in a silo approach to risk assessment. New risks emerging from the operational activities of the business might not be reported by operational staff. There will be little focus on external risks or strategic risks. Time-consuming and may demotivate, if it takes longer to develop the overall enterprise results. √ Methodology can be varied according to local norms and culture and this is useful for a multinational organization. 224. Advantages of bottom-up risk assessment includes: There will be little focus on external risks or strategic risks. New risks emerging from the operational activities of the business might not be reported by operational staff. Danger that the approach becomes too detailed and blinkered, resulting in a silo approach to risk assessment. √ Operational staff have great awareness of local risks and their causes, which might elude higher levels of management. Time-consuming and may demotivate, if it takes longer to develop the overall enterprise results. 225. Advantages of bottom-up risk assessment includes: There will be little focus on external risks or strategic risks. New risks emerging from the operational activities of the business might not be reported by operational staff. Danger that the approach becomes too detailed and blinkered, resulting in a silo approach to risk assessment. √ Can be mirrored to an existing organization chart, and risk impacts beyond immediate operational risks can be discussed. Time-consuming and may demotivate, if it takes longer to develop the overall enterprise results. 226. Disadvantages of insurance includes: Provides access to specialist services as part of the insurance premium. These services may include advice on loss control Reduces financial uncertainty regarding hazard events that may occur √ Delays are often experienced in settling an insurance claim Economic benefit if the loss is greater than the insurance premium Provides indemnity against an expected loss 227. Disadvantages of insurance includes: Provides indemnity against an expected loss Economic benefit if the loss is greater than the insurance premium √ Difficulty in determining the amount of insurance to purchase may result in under-insurance and failure to have claims paid in full Reduces financial uncertainty regarding hazard events that may occur Provides access to specialist services as part of the insurance premium. These services may include advice on loss control 228. Disadvantages of insurance includes: Provides indemnity against an expected loss Reduces financial uncertainty regarding hazard events that may occur Provides access to specialist services as part of the insurance premium. These services may include advice on loss control Economic benefit if the loss is greater than the insurance premium √ Disputes regarding the extent of the cover and the exact terms and conditions of the insurance contract 229. Disadvantages of insurance includes: Economic benefit if the loss is greater than the insurance premium Provides access to specialist services as part of the insurance premium. These services may include advice on loss control Provides indemnity against an expected loss Reduces financial uncertainty regarding hazard events that may occur √ Difficulties can arise in quantifying the financial costs associated with the loss 230. Advantages of insurance includes: Delays are often experienced in settling an insurance claim Difficulty in determining the amount of insurance to purchase may result in under-insurance and failure to have claims paid in full Disputes regarding the extent of the cover and the exact terms and conditions of the insurance contract √ Provides access to specialist services as part of the insurance premium. These services may include advice on loss control Difficulties can arise in quantifying the financial costs associated with the loss 231. Advantages of insurance includes: Delays are often experienced in settling an insurance claim Difficulty in determining the amount of insurance to purchase may result in under-insurance and failure to have claims paid in full Disputes regarding the extent of the cover and the exact terms and conditions of the insurance contract √ Economic benefit if the loss is greater than the insurance premium Difficulties can arise in quantifying the financial costs associated with the loss 232. Advantages of insurance includes: Disputes regarding the extent of the cover and the exact terms and conditions of the insurance contract Difficulty in determining the amount of insurance to purchase may result in under-insurance and failure to have claims paid in full Delays are often experienced in settling an insurance claim Difficulties can arise in quantifying the financial costs associated with the loss √ Reduces financial uncertainty regarding hazard events that may occur 233. Advantages of bottom-up risk assessment includes: Danger that the approach becomes too detailed and blinkered, resulting in a silo approach to risk assessment. New risks emerging from the operational activities of the business might not be reported by operational staff. There will be little focus on external risks or strategic risks. Time-consuming and may demotivate, if it takes longer to develop the overall enterprise results. √ Significant buy-in at all levels of the organization should be achieved. 234. Advantages of bottom-up risk assessment includes: √ All of them Operational staff have great awareness of local risks and their causes, which might elude higher levels of management. Significant buy-in at all levels of the organization should be achieved. Methodology can be varied according to local norms and culture and this is useful for a multinational organization. Can be mirrored to an existing organization chart, and risk impacts beyond immediate operational risks can be discussed. 235. Advantages of top-down risk assessment includes: Likely to result in an enterprise-wide approach – the risks at the top will have impacts throughout the business. Since it originates from the top, there is likely to be consistent methodology throughout the organization. Shows risk management buy-in from the top, resulting in acceptance of risk management activities at all levels. √ All of them The most significant strategic risks for the organization can be captured quickly and there will be a manageable number. 236. Disadvantages of top-down risk assessment includes: Likely to result in an enterprise-wide approach – the risks at the top will have impacts throughout the business. The most significant strategic risks for the organization can be captured quickly and there will be a manageable number. Since it originates from the top, there is likely to be consistent methodology throughout the organization. Shows risk management buy-in from the top, resulting in acceptance of risk management activities at all levels. √ New risks emerging from the operational activities of the organization might not be fully identified. 237. Disadvantages of top-down risk assessment includes: Likely to result in an enterprise-wide approach – the risks at the top will have impacts throughout the business. Since it originates from the top, there is likely to be consistent methodology throughout the organization. Shows risk management buy-in from the top, resulting in acceptance of risk management activities at all levels. √ Danger that the approach becomes too superficial, because senior managers believe they can manage crises. The most significant strategic risks for the organization can be captured quickly and there will be a manageable number. 238. Disadvantages of top-down risk assessment includes: Likely to result in an enterprise-wide approach – the risks at the top will have impacts throughout the business. Since it originates from the top, there is likely to be consistent methodology throughout the organization. Shows risk management buy-in from the top, resulting in acceptance of risk management activities at all levels. √ Limited awareness of internal operational risks or interdependencies of risks within the business The most significant strategic risks for the organization can be captured quickly and there will be a manageable number. 239. The impact of risk event is characterized as small, if: Serious impact on health; serious loss of reputation that will influence trust and respect for a long time; violation of law that results in a fine or penalty; large economic loss that cannot be restored. Death or permanent reduction of health of patient; serious loss of reputation that is devastating for trust; serious violation of law; considerable economic loss that cannot be restored. it can reasonably be expected to occur, but has only occurred 2 or 3 times over 10 years in this organization or similar organizations. √ No impact on patient health; minor reduction of reputation in the short run; no violation of law; negligible economic loss which can be restored. it has occurred 3-5 times in the past 10 years in this organization, or occurs regularly in similar organizations, or is considered to have a reasonable likelihood of occurring in the next few years. 240. The likelihood of risk event is characterized as almost certain, if: None of them it has occurred 3-5 times in the past 10 years in this organization, or occurs regularly in similar organizations, or is considered to have a reasonable likelihood of occurring in the next few years. it can reasonably be expected to occur, but has only occurred 2 or 3 times over 10 years in this organization or similar organizations. √ it has occurred 9 or 10 times in the past 10 years in this organization, or circumstances have arisen that will almost certainly cause it to happen. it occurred 7-9 times over 10 years in this organization or in other similar organizations, or circumstances are such that it is likely to happen in the next few years. 241. The likelihood of risk event is characterized as likely, if: None of them it can reasonably be expected to occur, but has only occurred 2 or 3 times over 10 years in this organization or similar organizations. it has occurred 9 or 10 times in the past 10 years in this organization, or circumstances have arisen that will almost certainly cause it to happen. √ it occurred 7-9 times over 10 years in this organization or in other similar organizations, or circumstances are such that it is likely to happen in the next few years. it has occurred 3-5 times in the past 10 years in this organization, or occurs regularly in similar organizations, or is considered to have a reasonable likelihood of occurring in the next few years. 242. The likelihood of risk event is characterized as possible, if: √ it has occurred 3-5 times in the past 10 years in this organization, or occurs regularly in similar organizations, or is considered to have a reasonable likelihood of occurring in the next few years. it can reasonably be expected to occur, but has only occurred 2 or 3 times over 10 years in this organization or similar organizations. it occurred 7-9 times over 10 years in this organization or in other similar organizations, or circumstances are such that it is likely to happen in the next few years. None of them it has occurred 9 or 10 times in the past 10 years in this organization, or circumstances have arisen that will almost certainly cause it to happen. 243. The likelihood of risk event is characterized as unlikely, if: it has occurred more than 3 times in the past 10 years in this organization, or occurs regularly in similar organizations, or is considered to have a reasonable likelihood of occurring in the next few years. None of them it has occurred 9 or 10 times in the past 10 years in this organization, or circumstances have arisen that will almost certainly cause it to happen. √ it can reasonably be expected to occur, but has only occurred 2 or 3 times over 10 years in this organization or similar organizations. it occurred more than 7 times over 10 years in this organization or in other similar organizations, or circumstances are such that it is likely to happen in the next few years. 244. Which of the following is a disadvantage of Inspections and audits technique of risk assessment? Audit approach results in good structure Greater involvement than in a workshop Analysis of responses enables a dashboard approach √ Audit approach tends to focus on historical experience Encourages visual representation 245. Which of the following is a disadvantage of Inspections and audits technique of risk assessment? Audit approach results in good structure Greater involvement than in a workshop Analysis of responses enables a dashboard approach √ Inspections are more suitable for hazard risks Encourages visual representation 246. Which of the following is an advantage of Inspections and audits technique of risk assessment? Senior management tends to dominate Difficult to use for strategic risks Inspections are more suitable for hazard risks √ Audit approach results in good structure Issues will be missed if incorrect people involved 247. Which of the following is an advantage of Inspections and audits technique of risk assessment? Inspections are more suitable for hazard risks Difficult to use for strategic risks Senior management tends to dominate Issues will be missed if incorrect people involved √ Physical evidence forms the basis of opinion 248. Which of the following is an advantage of crowd sourcing technology technique of risk assessment? Senior management tends to dominate Inspections are more suitable for hazard risks √ Encourages visual representation Issues will be missed if incorrect people involved Difficult to use for strategic risks 249. Which of the following is an advantage of crowd sourcing technology technique of risk assessment? Senior management tends to dominate Issues will be missed if incorrect people involved Difficult to use for strategic risks Inspections are more suitable for hazard risks √ Diverse input enabled 250. Which of the following is an advantage of crowd sourcing technology technique of risk assessment? Inspections are more suitable for hazard risks Difficult to use for strategic risks Senior management tends to dominate Issues will be missed if incorrect people involved √ Analysis of responses enables a dashboard approach 251. Which of the following is an advantage of crowd sourcing technology technique of risk assessment? √ Speed of collection of data Difficult to use for strategic risks Senior management tends to dominate Issues will be missed if incorrect people involved Inspections are more suitable for hazard risks 252. Which of the following is an advantage of questionnaire and checklist technique of risk assessment? Issues will be missed if incorrect people involved Inspections are more suitable for hazard risks Difficult to use for strategic risks √ Consistent structure guarantees consistency Senior management tends to dominate 253. Which of the following is an advantage of questionnaire and checklist technique of risk assessment? Inspections are more suitable for hazard risks Difficult to use for strategic risks Issues will be missed if incorrect people involved Senior management tends to dominate √ Greater involvement than in a workshop A _______ is a simple way of analysing a risk to gain a greater understanding. The first stage is to put the risk description into the 254. middle box. The causes of the risk then need to be recorded along with the preventive controls to stop the risk occurring. The impact of the risk is also considered. This enables the identification of response controls to lessen the impact of the risk should it occur. risk mitigation dress-up risk methodology √ bow-tie risk architecture 255. The advantages of captive insurance companies include: The captive will be exposed to insurance claims that would otherwise have been paid by the commercial insurance market. √ Savings may be achieved in overall insurance costs because they charge lower premiums than traditional insurance companies, which have a higher cost of administration. When large losses are paid by the captive, these are consolidated to the parent balance sheet and the organization ultimately pays these losses. The parent organization has to allocate capital to ensure adequate solvency of the captive insurance company. When large losses are paid by the captive, these are consolidated to the parent balance sheet and the organization ultimately pays these losses. 256. The 6Cs of insurance buying include: Capabilities Claims None of them Compliance √ All of them 257. The 6Cs of insurance buying include: Capacity None of them Cost Coverage √ All of them 258. Different types of insurance includes: Business premises – damage to premises by adverse events Loss of a key person – compensation on loss of key staff member Terrorism – compensation for damage caused by terrorism √ All of them Employers’ liability – compensation to employees injured at work 259. Different types of insurance includes: Professional indemnity – compensation to client for negligent advice Motor third party – compensation following motor accident √ All of them Business premises – damage to premises by adverse events Product liability – compensation for damage or injury 260. Different types of insurance includes: Business interruption – loss of profit and increased cost of working Asset protection – losses, such as loss of cash, goods in transit, credit risk and fidelity guarantee (staff dishonesty) Public liability – compensation to public or customers Employers’ liability – compensation to employees injured at work √ All of them 261. Different types of insurance includes: Terrorism – compensation for damage caused by terrorism Loss of a key person – compensation on loss of key staff member Motor accidental damage – repair of own vehicles Directors’ and officers’ liability – legal and compensation costs √ All of them 262. Different types of insurance includes: Motor accidental damage – repair of own vehicles Life and health – benefits to employees that can include: life cover, critical illness cover, income protection and etc. Loss of a key person – compensation on loss of key staff member √ All of them Terrorism – compensation for damage caused by terrorism 263. Different types of insurance includes: Business interruption – loss of profit and increased cost of working Asset protection – losses, such as loss of cash, goods in transit, credit risk and fidelity guarantee (staff dishonesty) Professional indemnity – compensation to client for negligent advice Business premises – damage to premises by adverse events √ All of them 264. Different types of insurance includes: Motor third party – compensation following motor accident Product liability – compensation for damage or injury Employers’ liability – compensation to employees injured at work Public liability – compensation to public or customers √ All of them Risks arising from a failure to prevent unauthorized and/or inappropriate access to the estate and information, including cyber security 265. and non-compliance with General Data Protection Regulation requirements. Internal Reputation Sociological √ Security Political Risks arising from a failure to produce robust, suitable and appropriate data/information and to exploit data/information to its full 266. potential. Internal Reputation Sociological √ Information Political Risks arising from property deficiencies or poorly designed or ineffective/inefficient safety management resulting in non- compliance 267. and/or harm and suffering to employees, contractors, service users or the public. Sociological Technological Internal Political √ Property Risks arising from unclear plans, priorities, authorities and accountabilities, and/or ineffective or disproportionate oversight of decision- 268. making and/or performance. Sociological Technological Internal Political √ Governance 269. Risks that will impact the level of customer trade or expenditure Sociological √ Marketplace Political Internal Technological 270. Risks that will impact the desire of customers to deal or trade, and level of customer retention Political Internal Sociological Technologi

Risk and Control Exam Questions PDF

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue