The lowest impact of a risk using the five categories assessment is called: Select one: a. Extreme b. Negligible c. Certain d. Low .. The organization business model includes: Select one: a. Both the objectives and the business processes necessary to achieve these objectives. b. Control effectiveness and risk rating. c. How business processes are structured to achieve the organizations objectives d. The objectives of the organization. .. The risk with high impact and possible likelihood is classified as: Select one: a. Critical. b. High. c. Medium. d. Low. .. Risk assessment model plots: Select one: a. Risk impact against risk likelihood. b. Risk impact against control effectiveness. c. Risk rating against control effectiveness. d. Risk impact against control likelihood. ........................ Risk assessment model plots: Select one: a. Risk rating against control effectiveness. b. Risk impact against risk likelihood. c. Risk impact against control likelihood. d. Risk impact against control effectiveness. ........................ The highest likelihood of a risk using the five categories assessment is called: Select one: a. Probable b. Certain c. Remote d. Extreme ........................ The lowest impact of a risk using the five categories assessment is called: Select one: a. Negligible b. Certain c. Extreme d. Low ........................ In risk assessment process, a major upgrade to an important information system would most likely represent a high: Select one: a. other risk factor b. external risk factor c. likelihood of future systems problems d. internal risk factor ........................ Which of the following is necessary to determine what would constitute a disaster for an organization? Select one: a. File and equipment backup requirements analysis. b. Contingent facility contract analysis. c. Vendor supply agreement an ........................ Which of the following is necessary to determine what would constitute a disaster for an organization? Select one: a. Risk analysis. b. File and equipment backup requirements analysis. c. Vendor supply agreement analysis d. Contingent facility contract analysis. ........................ The auditor uses process map in risk assessment process. Indicate which of the following symbols in a process map will most likely contain a question: Select one: a. Terminator symbol b. Process symbol c. Decision symbol d. Activity symbol C .................................... In reviewing a cost-plus construction contract for a new catalog showroom, the internal auditor should be cognizant of the risk that Select one: a. Contractor cash budgets could have been inappropriately compiled. b. Payroll taxes may have been inappropriately omitted from billings. c. Income taxes related to construction equipment depreciation may have been calculated erroneously. d. The contractor could be charging for the use of equipment not used in the construction. d .................................... The auditor uses process map in risk assessment process. Indicate which of the following symbols in a process map will most likely contain a question: Select one: a. Terminator symbol b. Process symbol c. Decision symbol d. Activity symbol .................................... In the annual review of the data center of a nationwide mortgage servicing company, the internal audit manager was concerned about the data center not having an adequate contingency plan. The audit manager was especially concerned because the data center was located close to a river that occasionally flooded and in the vicinity of a major railroad and a major highway. Even though floodwaters might not reach the data center, being located adjacent to a river is associated with the risk that in the event of a significant flood Select one: a. Customers might refuse to do business with the company. b. Many customers might fail to make timely payments. c. Employees might be unable to report for work. d. Expensive equipment might need to be replaced. .................................... Risk assessment model plots: Select one: a. Risk impact against control effectiveness. b. Risk impact against risk likelihood. c. Risk impact against control likelihood. d. Risk rating against control effectiveness. .................................... In reviewing a cost-plus construction contract for a new catalog showroom, the internal auditor should be cognizant of the risk that Select one: a. Contractor cash budgets could have been inappropriately compiled. b. Payroll taxes may have been inappropriately omitted from billings. c. Income taxes related to construction equipment depreciation may have been calculated erroneously. d. The contractor could be charging for the use of equipment not used in the construction. .................................... Which of the following is necessary to determine what would constitute a disaster for an organization? Select one: a. Vendor supply agreement analysis b. Risk analysis. c. Contingent facility contract analysis. d. File and equipment backup requirements analysis. .................................... The highest likelihood of a risk using the five categories assessment is called: Select one: a. Probable b. Extreme c. Certain d. Remote .................................... The risk with high impact and possible likelihood is classified as: Select one: a. Critical. b. Low. c. High. d. Medium. .................................... In risk assessment of the process, if a risk appears in the middle of the risk control map, it means that: Select one: a. The controls may be inadequate relative to the risk. b. There is no enough information to make a judgment. c. There is appropriate balance between risk and control. d. The controls may be excessive relative to the risk. c .................................... The auditor uses process map in risk assessment process. Indicate which of the following symbols in a process map will most likely contain a question: Select one: a. Decision symbol b. Activity symbol c. Process symbol d. Terminator symbol .................................... In risk assessment of the process, if a risk appears in the middle of the risk control map, it means that: Select one: a. The controls may be inadequate relative to the risk. b. There is no enough information to make a judgment. c. There is appropriate balance between risk and control. d. The controls may be excessive relative to the risk. .................................... The auditor uses process map in risk assessment process. Indicate which of the following symbols in a process map will most likely contain a question: Select one: a. Decision symbol b. Terminator symbol c. Activity symbol d. Process symbol .................................... Which of the following is necessary to determine what would constitute a disaster for an organization? Select one: a. Contingent facility contract analysis. b. Risk analysis. c. Vendor supply agreement analysis d. File and equipment backup requirements analysis. .................................... Bottom up approach: Select one: a. Begins at the entity level with the organizations objectives and then identified key business processes critical to the success of each of the organizations objectives b. Used for documenting business processes. c. Begins at the activity level. d. Begins at the business process level. ........................ Top down approach: Select one: a. Used for documenting business processes. b. Begins at the business process level. c. Begins at the activity level. d. Begins at the entity level with the organizations objectives and then identified key business processes critical to the success of each of the organizations objectives ........................ The organization business model includes: Select one: a. Control effectiveness and risk rating. b. The objectives of the organization. c. Both the objectives and the business processes necessary to achieve these objectives. d. How business processes are structured to achieve the organizations objectives ........................ Which of the following is necessary to determine what would constitute a disaster for an organization? Select one: a. Contingent facility contract analysis. b. Risk analysis. c. Vendor supply agreement analysis d. File and equipment backup requirements analysis. ........................ Risk assessment model plots: Select one: a. Risk impact against control likelihood. b. Risk rating against control effectiveness. c. Risk impact against control effectiveness. d. Risk impact against risk likelihood. ........................ The auditor uses process map in risk assessment process. Indicate which of the following symbols in a process map will most likely contain a question: Select one: a. Terminator symbol b. Process symbol c. Activity symbol d. Decision symbol ........................ In risk assessment of the process, if a risk appears in the middle of the risk control map, it means that: Select one: a. There is appropriate balance between risk and control. b. The controls may be inadequate relative to the risk. c. There is no enough information to make a judgment. d. The controls may be excessive relative to the risk. ....................... Which of the following is necessary to determine what would constitute a disaster for an organization? Select one: a. Vendor supply agreement analysis b. Risk analysis. c. Contingent facility contract analysis. d. File and equipment backup requirements analysis. ........................ Which of the following is necessary to determine what would constitute a disaster for an organization? Select one: a. Contingent facility contract analysis. b. Risk analysis. c. Vendor supply agreement analysis d. File and equipment backup requirements analysis. ........................ Which of the following are business processes? 1- Strategic planning 2- Review and write of uncollectible loans 3- Safeguarding of assets 4- Remittance of payroll taxes to the tax authorities Select one: a. 2 and 4. b. 1, 2 and 3. c. 1, 2, 3 and 4. d. 1 and 3. ........................ In the annual review of the data center of a nationwide mortgage servicing company, the internal audit manager was concerned about the data center not having an adequate contingency plan. The audit manager was especially concerned because the data center was located close to a river that occasionally flooded and in the vicinity of a major railroad and a major highway. Even though floodwaters might not reach the data center, being located adjacent to a river is associated with the risk that in the event of a significant flood Select one: a. Customers might refuse to do business with the company. b. Employees might be unable to report for work. c. Expensive equipment might need to be replaced. d. Many customers might fail to make timely payments. ........................ How does a control manage a specific risk? Select one: a. It reduces the likelihood of the event giving rise to risk. b. It reduces the likelihood of the event giving rise to risk. c. It reduces either impact or likelihood or both. d. It prevents the occurrence of the event. ........................ In reviewing a cost-plus construction contract for a new catalog showroom, the internal auditor should be cognizant of the risk that Select one: a. Payroll taxes may have been inappropriately omitted from billings. b. Contractor cash budgets could have been inappropriately compiled. c. Income taxes related to construction equipment depreciation may have been calculated erroneously. d. The contractor could be charging for the use of equipment not used in the construction. ........................ Which of the following is necessary to determine what would constitute a disaster for an organization? Select one: a. File and equipment backup requirements analysis. b. Vendor supply agreement analysis c. Contingent facility contract analysis. d. Risk analysis. .................................... Which of the following is necessary to determine what would constitute a disaster for an organization? Select one: a. File and equipment backup requirements analysis. b. Vendor supply agreement analysis c. Contingent facility contract analysis. d. Risk analysis. ........................ The risk with high impact and possible likelihood is classified as: Select one: a. High. b. Low. c. Critical. d. Medium. ........................ Risk assessment model plots: Select one: a. Risk rating against control effectiveness. b. Risk impact against risk likelihood. c. Risk impact against control effectiveness. d. Risk impact against control likelihood. .................................... Bottom up approach: Select one: a. Used for documenting business processes. b. Begins at the business process level. c. Begins at the activity level. d. Begins at the entity level with the organizations objectives and then identified key business processes critical to the success of each of the organizations objectives .................................... In the annual review of the data center of a nationwide mortgage servicing company, the internal audit manager was concerned about the data center not having an adequate contingency plan. The audit manager was especially concerned because the data center was located close to a river that occasionally flooded and in the vicinity of a major railroad and a major highway. Even though floodwaters might not reach the data center, being located adjacent to a river is associated with the risk that in the event of a significant flood Select one: a. Many customers might fail to make timely payments. b. Customers might refuse to do business with the company. c. Expensive equipment might need to be replaced. d. Employees might be unable to report for work. ........................ In risk assessment process, a major upgrade to an important information system would most likely represent a high: Select one: a. likelihood of future systems problems b. external risk factor c. other risk factor d. internal risk factor ........................ In reviewing a cost-plus construction contract for a new catalog showroom, the internal auditor should be cognizant of the risk that Select one: a. Payroll taxes may have been inappropriately omitted from billings. b. Contractor cash budgets could have been inappropriately compiled. c. Income taxes related to construction equipment depreciation may have been calculated erroneously. d. The contractor could be charging for the use of equipment not used in the construction. ........................ In risk assessment and analysis, internal auditors often prepare process maps and reference portions of these maps to narrative descriptions of certain activities. This an appropriate procedure to: Select one: a. Obtain the understanding necessary to test the process. b. Determine whether the process meets established management objectives. c. Determine the ability of the activities to produce reliable information. d. Document that the process meets internal audit standards.