CHAPTER 3

1. Which of the following is not an appropriate governance role for an

organizations board of directors?

a. Evaluating and approving strategic objectives.

b. Influencing the organizations risk-taking philosophy.

c. Providing assurance directly to third parties that the organizations

governance processes are effective.

d. Establishing broad boundaries of conduct, outside of which the

organization should not operate.

2. Which of the following are typically governance responsibilities of

senior management?

I. Delegating its tolerance levels to risk managers.

II. Monitoring day-to-day performance of specific risk management

activities.

III. Establishing a governance committee of the board.

IV. Ensuring that sufficient information is gathered to support

reporting to the board.

a. I and IV.

b. II and III.

c. I, II, and IV.

d. I, II, III, and IV.

3. ABC utility company sells electricity to residential customers and is a

member of an industry association that provides guidance to electric

utilities, lobbies on behalf of the industry, and facilitates sharing

among its members. From ABCs perspective, what type of

stakeholder is this industry association?

a. Directly involved in the operation of the company.

b. Interested in the success of the company.

c. Influences the company.

d. Not a stakeholder.

4. Who is responsible for establishing the strategic objectives of an

organization?

a. The board of directors.

b. Senior management.

c. Consensus among all levels of management.

d. The board and senior management jointly.

5. Who is ultimately responsible for identifying new or emerging key

risk areas that should be covered by the organizations governance

process?

a. The board of directors.

b. Senior management.

c. Risk owners.

d. The internal audit function.

6. The internal audit function should not:

a. Assess the organizations governance and risk management

processes.

b. Provide advice about how to improve the organizations

governance and risk management processes.

c. Oversee the organizations governance and risk management

processes.

d. Coordinate its governance and risk management-related activities

with those of the independent outside auditor.

7. Which of the following would not be considered a first line of

defense in the Three Lines of Defense model?

a. A divisional controller conducts a peer review of compliance with

financial control standards.

b. An accounts payable clerk reviews supporting documents before

processing an invoice for payment.

c. An accounting supervisor conducts a monthly review to ensure all

reconciliations were completed properly.

d. A production line worker inspects finished goods to ensure the

companys quality standards are met.

8. Which of the following would be considered a first line of defense in

the Three Lines of Defense model?

a. An accounts payable supervisor conducting a weekly review to

ensure all payments were issued by the required payment date.

b. A divisional compliance and ethics officer conducting a review of

employee training records to ensure that all marketing and sales

staff have completed the required FCPA training.

c. The external audit team observes the counting of inventory on

December 31.

d. An internal audit team conducting an engagement to provide

assurance on the companys Sarbanes-Oxley compliance with

internal controls over financial reporting.

9. Which of the following would be considered a second line of defense

in the Three Lines of Defense model?

a. An accounts payable supervisor conducting a weekly review to

ensure all payments were issued by the required payment date.

b. A divisional compliance and ethics officer conducting a review of

employee training records to ensure that all marketing and sales

staff have completed the required FCPA training.

c. A shift supervisor inspecting a sample of finished goods to ensure

quality standards are met.

d. An internal audit team conducting an engagement to provide

assurance on the companys Sarbanes-Oxley compliance with

internal controls over financial reporting.

10. Companies in industries that are heavily regulated may be subject to

audits by the regulators auditors. While not specifically covered in

the Three Lines of Defense model, such auditors would most likely

be considered:

a. Part of the first line of defense.

b. Part of the second line of defense.

c. Part of the third line of defense.

d. Not a line of defense.

11. Which of the following is not a role of the internal audit function in

best practice governance activities?

a. Support the board in enterprisewide risk assessment.

b. Ensure the timely implementation of audit recommendations.

c. Monitor compliance with the corporate code of conduct.

d. Discuss areas of significant risks.

12. Which of the following statements regarding corporate governance is

not correct?

a. Corporate control mechanisms include internal and external

mechanisms.

b. The compensation scheme for management is part of the corporate

control mechanisms.

c. The dilution of shareholders wealth resulting from employee stock

options or employee stock bonuses is an accounting issue rather

than a corporate governance issue.

d. The internal audit function of a company has more responsibility

than the board for the companys corporate governance.

13. What types of business events tend to drive new legislation and

guidance?

a. Economic downturns.

b. Fraud or other corporate wrongdoing.

c. Elections or other political changes.

d. Economic growth.

14. Which of the following represents the best governance structure?

Operating Management Executive Management Internal Auditing

a. Responsibility for risk Oversight role Advisory role

b. Oversight role Responsibility for risk Advisory role

c. Responsibility for risk Advisory role Oversight role

d. Oversight role Advisory role Responsibility for risk