1. Entity-level controls are__________ Select one: a. Are designed to supplement a key control that is either ineffective or cannot fully mitigate a risk or group of risks by itself. b. Are designed to mitigate risks that threaten processes, activities, tasks, and transactions. c. Are designed to reduce key risks associated with business objectives d. Are designed to directly mitigate risks that exist at the organization-wide level.

2. Which of the following statement regarding risks and controls associated with business process outsourcing is correct? Select one: a. Outsource vendor is responsible for reporting to management regarding documenting the outsourced process and monitoring the effectiveness of the process b. Risks associated with process outsourcing are concentrated in the transition phase so once past that phase management can rely on the outsource vendor for risk management and control c. Management and internal audit function is responsible to ensuring an adequate system of internal controls existed with the outsource vendor d. Business process outsourcing not only improves efficiency and quality but also transfers all process risks to the outsource vendor