1. Which portion of a risk management plan explains the extent to which the plan will be organized and carried out? * Introduction Assignment Schedule Scope proces Effecti risk pe Reves create and other Unler effec acturing 1 7. Who guid ma ope cor the sei pment 2. An effective internal control structure Cannot be circumvented by management. Is unaffected by changing circumstances and conditions encountered by the organization. Eliminates risk and potential loss to the organization Reduces the need for management to review exception reports on a day-to-day basis. 3. Within an organization, business risk can typically be categorized as the * Risk of an organization not being able to meet its financial obligations. Financial risk Probability of a loss being inherent in an organization's operations and environment. Alleged or actual breach of contract between an organization and counterparty. Legal risk Uncertainty relating to the occurrence of an insured event $. W in 9 4. A large organization is assessing a risk using a typical risk management process and has just established and identified the risks to which it is exposed. What is likely to be the next stage in the process? * Evaluating risks. Analyzing risks Eliminating risks. Treating risks. 5. This is a set of components that support and sustain risk management throughout an organization Risk management process Leadership and commitment Risk management framework Risk management principles Ethics Control olan vill be 6 Why is it important to understand the risk perceptions of others when planning for communication in the risk management process? Effective communication must avoid influencing the risk perception of others Revealing the risk perceptions of others could create a conflict of interest and derail the process To communicate effectively, you must accurately and appropriately address the risk perceptions of others Unless everyone has the same risk perceptions, effective risk management is impossible 7. Who is ultimately responsible for providing guidance and oversight on the risk management and internal control process? operating management control functions the board senior management d n its an sured sing as 8. Which of the following is an example of an inherent limitation in a client's internal control system? Procedures for handling large numbers of transactions are processed by information technology (IT) equipment. In the performance of most control procedures, there are possibilities of errors arising from mistakes in judgment The effectiveness of procedures depends on the segregation of employee duties. Procedures are designed to assure the execution and recording of transactions in accordance with management's authorization. 9. The objective of the recording function of transactions in the context of internal accounting control) is to Encourage operational efficiency and adherence to prescribed managerial policies. Permit preparation of financial statements in accordance with GAAP and to maintain accountability of assets. Assure compliance with the rules of all regulatory bodies having jurisdiction over the reporting entity. Limit access to assets and to permit preparation of financial statements in accordance with GAAP. d att 14 which of the following best describes the role 10 of risk communications in risk management? * Communications underpin the entire risk management process and should be ongoing throughout the life of a risk management action or strategy Communications is not a major factor in the DHS Risk Management Cycle in comparison with the other steps. The risk management process relies on effective communication mostly at the beginning of the DHS Risk Management Cycle. External communications are far more important to the entire risk management process than internal communications 1. Which of the following best defines risk management? A process of identifying the potential for an unwanted outcome, determining what to do about it from among the available alternatives, and then doing it. A physical feature or operational attribute that renders an entity, asset, system, network, or geographic area open to exploitation or susceptible to a given hazard The management of the consequence of something happening, described in either quantitative terms of probability or frequency. The potential for an unwanted outcome resulting from an incident, event, or occurrence, as determined by its likelihood and the associated consequences 12. This component of the risk management framework includes setting objectives and deadlines, defining decision making process and evaluating and making changes to the decision making process when appropriate. Integration Implementation Improvement Design B. As part of an organizations' risk management process, when considering risk and uncertainty, the risk team must be aware that Risk can apply to both opportunities and threats to the organization. Uncertainty should always be considered completely separately from risk. Uncertainty should only be considered when reviewing long-term objectives. Sle - IS to Risk assessment is the sole method of reducing uncertainty 2. S1The control environment is the foundation for effective internal control providing discipline and structure. S2. Risks relevant to reliable financial reporting is unrelated to specific events or transactions Both statements are true Both statements are false Only statement 1 is true Only statement is false Statement 1 ISO 31000 states that risk management is an open ended process designed to be highly customized and tailored to the individual needs and contexts of the organization implementing it. Statement 2: It is stated in ISO 31000 that oversight bodies are responsible for making sure that risks are prioritized in accordance with how they impact the organization's ability to create and deliver value- Only statement 1 is true Only statement 2 is true Both statements are true Both statements are false it 16. Which of the following elements of the internal control structure includes the development of personnel manuals documenting employee promotion and training policies? control policies control environment control procedures control risk 1. An example of risk mitigation is: Using proven technology in the development of a product to lessen the probability that the product will not work Purchasing insurance Both choices are correct Neither of the choices is correct Lack of internal control could lead to * poor management decisions poor intemal control reports excessive compensation loss of assets loss of customers 2 Risks can arise or change due to circumstances such as the following, except The accounting and financial reporting framework has experienced significant revisions The company switched from manual information systems to a computerized system, No new employees have been hired by the company There is a change in the regulatory or operating 25 environment 2 A process implemented by management to assess the effectiveness of internal control performance over time Risk assessment procedures Test of controls Monitoring of controls Quality control system 21. Statement 1: The approach in risk 313 management is one size fits all Statement 2: in risk management, executive alignment is crucial Only statement t is true Only statement 2 is true Both statements are true Both statements are false 21. S1: Internal control is designed and implemented to address all business risks that threaten the achievement of the objectives of internal control S2: One of the inherent limitations of internal control is the lack of segregation of duties. Both statements are true. Both statements are false. Only statement 1 is true Only statement 2 is true. 25. One of the primary reasons that an organization should monitor and regularly review its risk management process is to Evidence that an internationally-recognized framework is followed at all times. Consider whether lessons could be learned for future management of risks. Evidence that all risks are measured in financial terms only Ensure that all significant risks are eliminated immediately cept: work lon ng 2. Understanding the potential causes of risk events will primarily help an organization to Improve internal audit procedures Eliminate all risks Comply with corporate governance standards Reduce the frequency of 10 Statement 1: Although the risk management process is presented as sequential, in practice it is iterative Statement 2: Monitoring and review in the risk management process is the action taken in response to risk identification analysis and evaluation Only statement 1 is true Only statement 2 is true Both statements are true Both statements are false 2. Which is not among the principles contained in the development of the science of internal to rol nt 2 IS that of control? fraud prevention supervisory review entre objectives are met preventive controls are the best forms of com 21. The following are components of internal control Risk assessment process, backup facilities, responsibility accounting and natural laws Legal environment of the firm, management philosophy, and organizational structure Organizational structure, management philosophy and planning Control environment, risk assessment process control activities, information system and communication, and monitoring of controls 28. The risk management process involves identifying, assessing and responding to risks. What comes next in the process? * Setting limits Performing oversight Revisiting the charter Monitoring 29. When a bank chooses the wrong strategy or follow a long-term business strategy which might lead to its failure, it is called " Market risk Business risk Terrorism Integrity Risk house things. Once he like spaghe --my sister dishwater ou which had los "Independent with a hopeless operational An emerging issue in the practice of risk management is that, based on a study there is no alignment with current sustainability would sig om reports True False This means making sure that risk management is part of all aspects of the organization Evaluation Integration Leadership and commitment Implementation 2. Why can it be difficult for an organization to categorize risks? - Audit and compliance functions must always categorize risks differently, There is no universally accepted definition of individual risks Risk categories are always applied differently across Universal risk categorizations must always be used 3. When there is a risk of loss resulting from inadequate or failed internal processes, people and systems or from external event, it is called Liquidity risk Operational risk Systemic risk Moral hazard 34. One way for a company to manage its risk in relation to its employees' workplace behavior is by Encouraging employees to report workplace misconduct Providing employees with the flexibility to change company policies. Permitting employees to use company resources for personal use. Allowing employees to view all company records. 26 Management's attitude towards aggressive financial reporting and its emphasis on meeting projected profit goals most likely In-H would significantly influence an entity's control environment when Extemal policies established by parties outside the entity affect its accounting practices. The audit committee is active in overseeing the entity's financial reporting policies. Intemal auditors have direct access to the board of directors and entity management. Management is dominated by one individual who is also a shareholder