Two statement questions for exam Flashcards
(7 cards)
The following questions consist of TWO statements.
Read both statements and consider if each one is ‘True’ or ‘False’.
If both statements are ‘True’, consider if Statement 2 is a correct explanation of why Statement 1 is ‘True’.
Choose ONE of the following FIVE possible answers.
A. Both Statements are True and Statement 2 is a correct explanation of why Statement 1 is True.
B. Both Statements are True but Statement 2 is NOT a correct explanation of why Statement 1 is True.
C. Statement 1 is True and Statement 2 is False.
D. Statement 1 is False and Statement 2 is True.
E. Both Statements are False.
Statement 1 Business Continuity Planning can be classified as a directive control.
RMEMEBER TO USE BECAUSE OR AND…
Statement 2 Business Continuity Planning is a technique used to control a low impact risk which has occurred.
Statement 1 is True as following pre-agreed directions can significantly reduce impact once a risk event has occurred. Statement 2 is False as BCP is applied only where significant risks, rather than low level risks, have occurred.
The correct answer is: C
The following questions consist of TWO statements.
Read both statements and consider if each one is ‘True’ or ‘False’.
If both statements are ‘True’, consider if Statement 2 is a correct explanation of why Statement 1 is ‘True’.
Choose ONE of the following FIVE possible answers.
A. Both Statements are True and Statement 2 is a correct explanation of why Statement 1 is True.
B. Both Statements are True but Statement 2 is NOT a correct explanation of why Statement 1 is True.
C. Statement 1 is True and Statement 2 is False.
D. Statement 1 is False and Statement 2 is True.
E. Both Statements are False.
Statement 1 Some organisations use PESTLE over other risk classification systems.
BECAUSE…..
Statement 2 PESTLE needs to be undertaken on a regular basis to be effective.
The PESTLE risk classification system is often seen as most relevant to the analysis of external risks. The advantage is that is that it provides a clear analysis of the issues that should be addressed within the external context. Statement 1 is True.
Statement 2 is True; however it is a disadvantage associated with the use of PESTLE. Thus the correct answer is B; as statement 2 is not a correct explanation of Statement 1.
The correct answer is:
B
So org do use pestle over other risk classification systems - true
but NOT because pestle needs to be undertaken on a regular basis
BUT BECAUSE it provides a clear analysis of the issues that should be addressed within the external context.
The following questions consist of TWO statements.
Read both statements and consider if each one is ‘True’ or ‘False’.
If both statements are ‘True’, consider if Statement 2 is a correct explanation of why Statement 1 is ‘True’.
Choose ONE of the following FIVE possible answers.
A. Both Statements are True and Statement 2 is a correct explanation of why Statement 1 is True.
B. Both Statements are True but Statement 2 is NOT a correct explanation of why Statement 1 is True.
C. Statement 1 is True and Statement 2 is False.
D. Statement 1 is False and Statement 2 is True.
E. Both Statements are False.
Statement 1 Quantitative analysis of risk exposure does not determine risk appetite
Statement 2 Appetite defines the level of exposure the organisation is willing to take on
Although an organisation ‘can quantify the risks it is exposed to’, it will still need to decide how much risk it will tolerate (i.e. its risk appetite). This makes Statement 1 true.
There are various definitions of risk appetite, ISO 31000 defines risk appetite as ‘the amount and type of risk an organisation is willing to pursue or retain’ as such Statement 2 is correct. However, it is not a correct explanation for Statement 1.
The correct answer is: B
The following questions consist of TWO statements.
Read both statements and consider if each one is ‘True’ or ‘False’.
If both statements are ‘True’, consider if Statement 2 is a correct explanation of why Statement 1 is ‘True’.
Choose ONE of the following FIVE possible answers.
A. Both Statements are True and Statement 2 is a correct explanation of why Statement 1 is True.
B. Both Statements are True but Statement 2 is NOT a correct explanation of why Statement 1 is True.
C. Statement 1 is True and Statement 2 is False.
D. Statement 1 is False and Statement 2 is True.
E. Both Statements are False.
Statement 1 Bowtie analysis is not an effective tool for exploring the impact of regulatory change on an organisation
Statement 2 Bowtie analysis is an internal risk analysis tool that does not capture external impacts such as reputational impact
Bowtie analysis is a tool for representing risk management activities and allows interrogation of the source and impact associated with a risk event. This makes Statement 1 false.
Statement 2 is also false as bowtie analysis does set out the impact should the risk event occur, on the right-hand side of the bowtie.
The correct answer is: E
he following questions consist of TWO statements.
Read both statements and consider if each one is ‘True’ or ‘False’.
If both statements are ‘True’, consider if Statement 2 is a correct explanation of why Statement 1 is ‘True’.
Choose ONE of the following FIVE possible answers.
A. Both Statements are True and Statement 2 is a correct explanation of why Statement 1 is True.
B. Both Statements are True but Statement 2 is NOT a correct explanation of why Statement 1 is True.
C. Statement 1 is True and Statement 2 is False.
D. Statement 1 is False and Statement 2 is True.
E. Both Statements are False.
Statement 1 The risk management process includes / contains organisational change.
Statement 2 Risk management anticipates, detects, and responds to changes.
Hopkin describes the risk management process as a narrow set of activities, described above as identifying, analysing, evaluating, treating, monitoring and reviewing risk. Organisational change is not a risk management process. Statement 1 is False.
ISO3100 summaries 8 principles which are centred around the central purpose of risk management, this includes the principle that ‘risk management anticipates, detects, acknowledges and responds to changes’. Thus Statement 2 is correct.
Thus the answer is D as Statement 1 is False and Statement 2 is True.
The correct answer is:
D
The following questions consist of TWO statements.
Read both statements and consider if each one is ‘True’ or ‘False’.
If both statements are ‘True’, consider if Statement 2 is a correct explanation of why Statement 1 is ‘True’.
Choose ONE of the following FIVE possible answers.
A. Both Statements are True and Statement 2 is a correct explanation of why Statement 1 is True.
B. Both Statements are True but Statement 2 is NOT a correct explanation of why Statement 1 is True.
C. Statement 1 is True and Statement 2 is False.
D. Statement 1 is False and Statement 2 is True.
E. Both Statements are False.
Statement 1 The COSO Internal Control Framework has become widely used, particularly by US companies.
Statement 2 The COSO Internal Control Framework has all the components necessary for compliance with Sarbanes-Oxley requirements.
The following questions consist of TWO statements.
Read both statements and consider if each one is ‘True’ or ‘False’.
If both statements are ‘True’, consider if Statement 2 is a correct explanation of why Statement 1 is ‘True’.
Choose ONE of the following FIVE possible answers.
A. Both Statements are True and Statement 2 is a correct explanation of why Statement 1 is True.
B. Both Statements are True but Statement 2 is NOT a correct explanation of why Statement 1 is True.
C. Statement 1 is True and Statement 2 is False.
D. Statement 1 is False and Statement 2 is True.
E. Both Statements are False.
Statement 1 When conducting risk assessment exercises, consideration should be given to accommodating differing opinions.
Statement 2 Risk perception often varies amongst persons at different levels of seniority within the organisation.
The perception of risk by individuals will be affected by a number of factors including access to or lack of complete information, due to level of seniority in the organisation. It is common to have varying views on risks when undertaking risk assessment exercises. In some cases voting software can be used to identify the majority view.
Both Statements are True and Statement 2 is a correct explanation of why Statement 1 is True.
The correct answer is:
A
