Risk Management

Question 1

Is “a process to identify, assess, manage, and control potential events or situations to provide reasonable assurance regarding the achievement of the organization’s objectives”

Answer 1

Risk Management

Question 2

The internal audit activity must do the following for the risk management processes:

Answer 2

Evaluate the effectiveness and contribute to the improvement

Question 3

Risk management processes include:

Answer 3

1) Risk identification
2) Risk assessment and prioritization
3) Risk response
4) Risk monitoring

Question 4

Must be performed for the entire entity. It should consider past events and future possibilities.

Answer 4

Risk Identification

Question 5

The risk assessment process involves (a) estimating the significance of an event, (b) assessing the event’s likelihood, and (c) considering the means to manage the risk

Answer 5

Risk assessment and prioritization

Question 6

Strategies for risk response include:

Answer 6

1) Risk avoidance
2) Risk retention
3) Risk sharing
4) Risk exploitation

Question 7

(a) Tracks identified risks, (b) evaluates current risk response plans, (c) monitors residual risks, and (d) identifies new risks.

Answer 7

Risk monitoring

Question 8

Risk management is a key responsibility of:

Answer 8

Senior management and the board

Question 9

Senior management and the board determine the internal audit activity’s role in risk management based on factor such as:

Answer 9

(a) Organizational culture
(b) Abilities of the internal audit activity staff, and
(c) Local conditions and customs

Question 10

Determining whether risk management processes are effective is a judgement resulting from:

Answer 10

The internal auditor’s assessment

Question 11

To form an opinion on the adequacy of the risk management processes, the internal auditor should:

Answer 11

Obtain sufficient appropriate evidence regarding achievement of key objectives.

Question 12

The COSO Framework defines ERM as:

Answer 12

A process, effected by an entity’s board of directors, management, and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.”

Question 13

ERM allows management to optimize stakeholder value by:

Answer 13

Coping effectively with uncertainty and risk, helping management to

1) Reach objectives
2) Prevent loss of reputation and resources
3) Report effectively, and
4) Comply with laws and regulations.

Question 14

When it comes to ERM the CEO:

Answer 14

Sets the tone at the top and has ultimate responsibility for ERM

Question 15

Who has an oversight role of the ERM?

Answer 15

The board

Question 16

The board should determine that the ERM:

Answer 16

The risk management processes are in place, adequate, and effective.

Question 17

The risk committee should be composed of:

Answer 17

The directors that also includes managers, the individuals most familiar with entity processes.

Question 18

Limitations of ERM arise from the possibility of:

Answer 18

1) Faulty human judgement
2) Cost-benefit considerations
3) Simple errors or mistakes
4) Collusion, and
5) Management override of ERM decisions