HI, I need help with this exercise. I need to answer the 5 questions on page CS2-15 of the attachment.

I have attached a case study, primarily based on your textbook chapter reading assignments.

The background material for the case also references chapters 3 and 15, not assigned for this course.

However, this will not affect your ability to complete the project successfully. I have assigned only

Scenario #1; it focuses on business risk assessment, a subject that shows up throughout your course reading.

1- Read the background information provided in the case (pages CS2-1 to CS2-15), and begin identifying information sources for the global financial service providers listed in the exercise on page CS2-15. By the way: - UBS AG was originally Union Bank of Switzerland, until it merged in 1998 with Swiss Bank Corporation. - ING is Internationale Nederlanden Greop - RBS is Royal Bank of Scotland.

Gather the research information needed to complete the exercise on page CS2-15. Write up your answers to the five questions asked.

CASES: CASE 3 PERFORMING A BLENDED CONSULTING ENGAGEMENT Learning Objectives Identify and document an organization's vision, mission, and strategy. Perform a risk assessment of major change initiatives necessary to achieve an organization's strategy. Determine and schedule the most valuable consulting engagements to support the achievement of an organization's strategy. Understand and document the engagement customer's expectations for planned consulting engagements. Identify and document the appropriate scope of planned consulting engagements. Determine and create appropriate work programs to support planned consulting engagements. Perform planned consulting engagements. Determine and document appropriate results and conclusions for completed consulting engagements. Communicate final consulting engagement results to the engagement customer. Internal consulting engagements vary dramatically by internal audit function, environment, and organization. As chapter 15, \"The Consulting Engagement,\" makes clear, the internal audit function is uniquely positioned to add value and make an impact on the organization when performing consulting engagements. The current increased focus on an organization's system of internal controls by regulators, independent outside auditors, and management means that internal audit functions are asked more frequently to provide advice, facilitate activities, and train managers on the effective design, implementation, and operation of governance, risk management, and internal control processes. This case study uses a fictional, multinational financial institution as the context within which to explore a number of those consulting opportunities that real-world organizations pursue as they address the issues they are struggling with today. Through these engagements, the internal audit function may provide the organization insight regarding significant events or provide additional assurance related to an area where additional assurance is desired. The case study scenarios can be performed separately and do not have to be assigned in a specific order. Although each internal audit function approaches consulting engagements differently, this case study is designed to familiarize students with a wide spectrum of scenarios in which consulting engagements are applicable and the many ways that internal audit functions customize consulting engagements to Internal Auditing: Assurance & Advisory Services, 3rd Edition 2013 by The Institute of Internal Auditors Research Foundation, 247 Maitland Avenue, Altamonte Springs, FL 32701 USA CS2-1 CASES: CASE 3 address the specific needs of an organization. Students will be presented with many opportunities in this case study to apply the material contained in chapter 15. Because consulting engagements are often done on a one-time basis and have not been performed before, they require extensive research and planning. And, just as internal auditors are required to have their research prepared in advance of a consulting engagement, the same is expected of students before they begin this case study. Because this case study simulates the environment of the financial services industry, students should do as much research as is required for them to have an understanding of the financial services industry and be able to quickly access the knowledge acquired as needed throughout the case study. In today's environment, many internal audit functions are increasing the priority of consulting engagements due to the added value they bring to an organization. This case study was developed to prepare students for the increased focus organizations are placing on consulting engagements and is intended for use by practitioners and academic instructors. This advanced case study incorporates many of the concepts covered throughout the various chapters in the textbook. The authors recommend that it be completed in conjunction with chapter 15 and after chapter 3, \"Governance,\" chapter 4, \"Risk Management,\" and chapter 5, \"Business Processes and Risks.\" As indicated in chapter 15, many engagements can be considered blended consulting engagements since they contain both consulting and assurance elements. The authors believe this is so common that the examples and activities in this case study are designed to illustrate how engagements can contain both elements. PERFORMING RISK ASSESSMENTS Chapter 4 details the process by which senior management and the board of directors manage the risks inherent in an organization's business model. The internal audit function is pivotal in this process and performs assurance and consulting activities designed to provide feedback and advice to management on the design adequacy and operating effectiveness of the system of internal controls in place to help an organization effectively carry out its strategy. These assurance and consulting activities assist management with the identification of potential weaknesses in the system of internal controls that are relied upon to mitigate risks that could prevent the achievement of key business objectives. The board of directors is responsible for providing strategic direction and guidance, relative to the establishment of key business objectives, consistent with the organization's business model. Directors bring varied and diverse business experience to the board and, thus, are in a position to provide the strategic direction and guidance that will help ensure the organization is successful. The board can also influence the organization's risk-taking philosophy and establish broad boundaries of conduct based on the organization's overall risk appetite and cultural values. Internal Auditing: Assurance & Advisory Services, 3rd Edition 2013 by The Institute of Internal Auditors Research Foundation, 247 Maitland Avenue, Altamonte Springs, FL 32701 USA CS2-2 CASES: CASE 3 As discussed in chapter 3, the board of directors is also responsible for providing governance oversight. It is in this area of responsibility that the internal audit function has the most direct opportunity to add value. The board of directors provides direction to management, empowers them with the authority to take action, and oversees the overall results of operations. Both senior executives and line management play important, but different, roles in dayto-day governance through their respective risk management activities. The internal audit function provides management and the board with assurances regarding the effectiveness of governance activities. In addition to providing assurance services to the organization, the internal audit function adds value by performing consulting services at the board's or management's request. Such consulting services often help the board and management make decisions regarding which activities designed to achieve strategic objectives align with management's risk appetite. Chapter 5 outlines how organizations structure their business activities and initiatives designed to implement their strategy and achieve their business (organizational) objectives. As organizations plan these activities, they also must identify the potential risks that are introduced and manage those risks to acceptable levels. The internal audit function can be integral in this process by performing risk-based assurance and consulting engagements that are aligned with the organization's business risk profile. Internal audit functions often participate in, or even facilitate management's performance of, a risk assessment in which risks are assessed in terms of impact and likelihood at an organizational level. Both impact and likelihood are determined using a scale. These scales often are expressed using three or five categories. A three-category scale for impact might include high, medium, and low, whereas a five-category scale might include extreme and negligible in addition to the categories mentioned above. Whether three or five categories are used, they are typically defined in greater detail. If they are defined in terms of financial impact, each category delineates the range of dollars (an example is shown in exhibit CS3-1, which is taken from exhibit 5-8 in chapter 5). The categories of impact also might reflect degrees of injury, impact on reputation, etc. Similarly, likelihood, which is evaluated by assessing the probability of an event happening, is also broken into three or five categories. For likelihood, a three-category scale might include unlikely, possible, and probable with a five-category scale including remote and certain in addition to the categories in a three-category scale. As with impact, the categories for likelihood are often defined more specifically. For example, likelihood might be expressed in percentages as shown in exhibit CS3-1. Regardless of how an organization chooses to define the categories for impact and likelihood, this process allows risks at an organizational level to be plotted on a matrix and assessed in terms of both impact and likelihood, providing a truer picture of the risk events the organization faces than if they were evaluated only in terms of one or the other. Exhibit CS3-1 is a visual depiction of this risk assessment model. Internal Auditing: Assurance & Advisory Services, 3rd Edition 2013 by The Institute of Internal Auditors Research Foundation, 247 Maitland Avenue, Altamonte Springs, FL 32701 USA CS2-3 CASES: CASE 3 EXHIBIT CS3-1 RISK ASSESSMENT MODEL I M P A C T Extreme 15 19 22 24 25 High 10 14 18 21 23 Medium 6 9 13 17 20 Low 3 5 8 12 16 Negligible 1 2 4 7 11 Remote Unlikely Possible Probable Certain (0-10%) (10-25%) (25-50%) (50-90%) (90-100%) LI K E LI H OO D Impact Extreme: >$100m; threatens ongoing existence High: $25-$100m; \u0007difficult to achieve business objectives Medium: \u0007$5-$25m; makes achieving some business objectives challenging Low: $1-$5m; some undesirable outcomes Negligible: