Question 1

Which of the following is NOT part of IT controls?&#10;A)Event controls&#10;B)IT general controls&#10;C)Entity-level controls&#10;D)Application controls

Accepted Answer

Event controls are not typically categorized as part of IT controls, which generally include IT general controls, entity-level controls, and application controls.

Question 2

What is risk intelligence?

Accepted Answer

Risk intelligence moves beyond just managing risk to using risk intelligently to create value for the enterprise. Some risk has only a downside or loss associated with it, such as computer viruses that destroy corporate emails. Risk intelligence includes managing not only adverse risks, but also capitalizing on risk that presents the enterprise with opportunities to create value, such as evaluating risk associated with a new business acquisition.

Question 3

Enterprise risk management (ERM)goes beyond just security and controls.

Accepted Answer

Enterprise risk management (ERM) is a comprehensive approach to identifying, analyzing, and managing all types of risks that an organization may face, including financial, operational, strategic, and reputational risks. It goes beyond just security and controls and involves assessing risks across the entire organization and implementing strategies to mitigate or avoid these risks.

Question 4

A silo approach with separate departments developing separate security programs without consideration of comprehensive risk management can prove to be very effective.

Accepted Answer

A silo approach can result in fragmented security measures and lack of coordination, resulting in gaps that can be exploited by attackers. Comprehensive risk management requires a coordinated effort among departments to identify and address all potential security risks, which a silo approach may not provide.

Question 5

Risk intelligence involves using risk in a pro active, constructive way to create additional value for the enterprise.

Accepted Answer

Risk intelligence involves analyzing potential risks and using them to inform decision-making and strategy development in a way that maximizes opportunities and minimizes negative outcomes. This approach can help an enterprise identify and capitalize on opportunities that it might have otherwise missed, and it can also help it avoid unnecessary risks and mitigate negative impacts if and when they do arise. Overall, risk intelligence is a valuable tool for any organization that wants to be more effective, efficient, and resilient in managing risk.

Question 6

The SEC requires company boards to report in-depth on how their enterprises identify risk, set risk tolerances, and manage risk/reward trade-offs.

Accepted Answer

The SEC does require company boards to report in-depth on how their enterprises identify risk, set risk tolerances, and manage risk/reward trade-offs. This is intended to ensure transparency in the risk management practices of publicly traded companies.

Question 7

The IT control associated with top management is&#10;A)IT general controls&#10;B)Entity-level controls&#10;C)Application controls&#10;D)Event controls

Accepted Answer

Entity-level controls are the IT controls associated with top management because they are strategies, policies, and procedures that influence the effectiveness of other control activities throughout the organization. These controls are designed to provide an overarching level of control for the entire organization, rather than focus on specific systems or processes. IT general controls focus on the information technology (IT) infrastructure and support internal control over financial reporting, while application controls provide specific restrictions or authorizations within individual applications or systems. Event controls focus on identifying and responding to individual events or incidents.

Question 8

Identifying, assessing, and mitigating risks has not been shown to produce better business performance.

Accepted Answer

Identifying, assessing, and mitigating risks has been shown to improve business performance by reducing the likelihood and impact of negative events that could harm the organization. Proactive risk management can also help organizations take advantage of opportunities and make informed decisions.

Question 9

Controls are not task driven. Understanding risk is not a prerequisite to the appreciation and application of control.

Accepted Answer

Controls are designed to mitigate specific risks, therefore they are task driven. Understanding the risks helps to inform the design and application of the controls, making it a prerequisite.

Question 10

________ risks have no benefits, only threats to success.

Accepted Answer

The answer of ________ risks have no benefits, only threats...

Question 11

At the top management level, ________ IT controls provide IT governance that sets the tone from the top of the enterprise.

Accepted Answer

The answer of At the top management level, ________ IT...

Question 12

________ risks have the possibility of benefits associated with it.

Accepted Answer

The answer of ________ risks have the possibility of benefits...

Question 13

What percentage of CFOs provide advice on enterprise risk management?&#10;A)63%&#10;B)58%&#10;C)79%&#10;D)83%

Accepted Answer

The answer of What percentage of CFOs provide advice on...

Question 14

Which of the following is NOT considered part of IT controls?&#10;A)ERM&#10;B)Application controls&#10;C)Entity-level controls&#10;D)IT general controls

Accepted Answer

The answer of Which of the following is NOT considered...

Question 15

The International Organization for Standardization framework for risk management is ________.

Accepted Answer

The answer of The International Organization for Standardization framework for...

Question 16

Risk management shifts an enterprise from a pro active approach of anticipating and mitigating future risks before incidents occur to a reactive approach.

Accepted Answer

The answer of Risk management shifts an enterprise from a...

Question 17

The IT control associated with business processes is&#10;A)Entity-level controls&#10;B)IT general controls&#10;C)Application controls&#10;D)Event controls

Accepted Answer

The answer of The IT control associated with business processes...

Question 18

________ are controls embedded in business processes where a majority of security breaches occur.

Accepted Answer

The answer of ________ are controls embedded in business processes...

Question 19

Application controls are controls over IT services, such as networks and database systems.

Accepted Answer

The answer of Application controls are controls over IT services,...

Question 20

Which of the following titles does NOT refer to someone in the C-Suite?&#10;A)CIO: Chief Information Officer&#10;B)CSO: Chief Sustainability Officer&#10;C)CIA: Certified Internal Auditor&#10;D)CFO: Chief Financial Officer

Accepted Answer

The answer of Which of the following titles does NOT...

Question 21

Match the ERM component name to the appropriate definition.

-Objective setting

A)This is comprised of policies and procedures established and implemented to ensure risk responses are effective.
B)This involves identifying occurrences that affect an enterprise's ability to attain its objectives.
C)This involves ensuring relevant data is captured and communicated effectively throughout the organization to appropriate individuals in a timely manner.
D)This involves watched evaluation and feedback that permits modifications as needed.
E)This ensures that the enterprise has a process for setting goals that are consistent with the entity's mission and risk appetite.
F)This involves the risk management philosophy of the enterprise, including the tone set by top management.

Accepted Answer

The answer of Match the ERM component name to the...

Question 22

Which of the following is NOT a dimension in an ERM cube?&#10;A)ERM resources&#10;B)ERM objectives&#10;C)ERM components&#10;D)ERM units

Accepted Answer

The answer of Which of the following is NOT a...

Question 23

Which ERM component involves the risk management philosophy of the enterprise,including the tone set by top management?&#10;A)Control activities&#10;B)Information and communication&#10;C)Internal environment&#10;D)Event identification

Accepted Answer

The answer of Which ERM component involves the risk management...

Question 24

________ is a COSO framework that provides guidance for managing risk.

Accepted Answer

The answer of ________ is a COSO framework that provides...

Question 25

Match the ERM Objective with the appropriate definition.

-Operational objectives

A)These objectives relate to the reliability of the enterprise's reporting, both internal and external.
B)These objectives relate to the effective and efficient use of the entity's resources.
C)These objectives relate to goals that support the entity's mission.
D)These objectives relate to the entity's compliance with all applicable laws and regulations.

Accepted Answer

The answer of Match the ERM Objective with the appropriate...

Question 26

Match the ERM component name to the appropriate definition.

-Objective setting

A)This is comprised of policies and procedures established and implemented to ensure risk responses are effective.
B)This involves identifying occurrences that affect an enterprise's ability to attain its objectives.
C)This involves ensuring relevant data is captured and communicated effectively throughout the organization to appropriate individuals in a timely manner.
D)This involves watched evaluation and feedback that permits modifications as needed.
E)This ensures that the enterprise has a process for setting goals that are consistent with the entity's mission and risk appetite.
F)This involves the risk management philosophy of the enterprise, including the tone set by top management.

Accepted Answer

The answer of Match the ERM component name to the...

Question 27

Given the impossibility of foreseeing every conceivable control to address all threats, risk management uses the approach of assessing risk to determine the probability of risk, its frequency, and its impact.

Accepted Answer

The answer of Given the impossibility of foreseeing every conceivable...

Question 28

Match the ERM component name to the appropriate definition.

-Objective setting

A)This is comprised of policies and procedures established and implemented to ensure risk responses are effective.
B)This involves identifying occurrences that affect an enterprise's ability to attain its objectives.
C)This involves ensuring relevant data is captured and communicated effectively throughout the organization to appropriate individuals in a timely manner.
D)This involves watched evaluation and feedback that permits modifications as needed.
E)This ensures that the enterprise has a process for setting goals that are consistent with the entity's mission and risk appetite.
F)This involves the risk management philosophy of the enterprise, including the tone set by top management.

Accepted Answer

The answer of Match the ERM component name to the...

Question 29

Which ERM objective relates to the effective and efficient use of a corporation's resources?&#10;A)Operational objective&#10;B)Compliance objective&#10;C)Strategic objective&#10;D)Reporting objective

Accepted Answer

The answer of Which ERM objective relates to the effective...

Question 30

It is possible for a company to be 100% risk free.

Accepted Answer

The answer of It is possible for a company to...

Question 31

The COSO Enterprise Risk Management framework replaces the COSO framework for internal control.

Accepted Answer

The answer of The COSO Enterprise Risk Management framework replaces...

Question 32

Match the ERM Objective with the appropriate definition.

-Operational objectives

A)These objectives relate to the reliability of the enterprise's reporting, both internal and external.
B)These objectives relate to the effective and efficient use of the entity's resources.
C)These objectives relate to goals that support the entity's mission.
D)These objectives relate to the entity's compliance with all applicable laws and regulations.

Accepted Answer

The answer of Match the ERM Objective with the appropriate...

Question 33

Match the ERM Objective with the appropriate definition.

-Operational objectives

A)These objectives relate to the reliability of the enterprise's reporting, both internal and external.
B)These objectives relate to the effective and efficient use of the entity's resources.
C)These objectives relate to goals that support the entity's mission.
D)These objectives relate to the entity's compliance with all applicable laws and regulations.

Accepted Answer

The answer of Match the ERM Objective with the appropriate...

Question 34

Match the ERM Objective with the appropriate definition.

-Operational objectives

A)These objectives relate to the reliability of the enterprise's reporting, both internal and external.
B)These objectives relate to the effective and efficient use of the entity's resources.
C)These objectives relate to goals that support the entity's mission.
D)These objectives relate to the entity's compliance with all applicable laws and regulations.

Accepted Answer

The answer of Match the ERM Objective with the appropriate...

Question 35

Which ERM objective relates to the goals that support a corporation's mission?&#10;A)Reporting objective&#10;B)Operational objective&#10;C)Strategic objective&#10;D)Compliance objective

Accepted Answer

The answer of Which ERM objective relates to the goals...

Question 36

What is the difference between downside risks and upside risks?

Accepted Answer

The answer of What is the difference between downside risks...

Question 37

Which of the following is part of the ERM units?&#10;A)Internal Environments&#10;B)Entity-level&#10;C)Operations&#10;D)Monitoring

Accepted Answer

The answer of Which of the following is part of...

Question 38

Match the ERM component name to the appropriate definition.

-Objective setting

A)This is comprised of policies and procedures established and implemented to ensure risk responses are effective.
B)This involves identifying occurrences that affect an enterprise's ability to attain its objectives.
C)This involves ensuring relevant data is captured and communicated effectively throughout the organization to appropriate individuals in a timely manner.
D)This involves watched evaluation and feedback that permits modifications as needed.
E)This ensures that the enterprise has a process for setting goals that are consistent with the entity's mission and risk appetite.
F)This involves the risk management philosophy of the enterprise, including the tone set by top management.

Accepted Answer

The answer of Match the ERM component name to the...

Question 39

Match the ERM component name to the appropriate definition.

-Objective setting

A)This is comprised of policies and procedures established and implemented to ensure risk responses are effective.
B)This involves identifying occurrences that affect an enterprise's ability to attain its objectives.
C)This involves ensuring relevant data is captured and communicated effectively throughout the organization to appropriate individuals in a timely manner.
D)This involves watched evaluation and feedback that permits modifications as needed.
E)This ensures that the enterprise has a process for setting goals that are consistent with the entity's mission and risk appetite.
F)This involves the risk management philosophy of the enterprise, including the tone set by top management.

Accepted Answer

The answer of Match the ERM component name to the...

Question 40

Match the ERM component name to the appropriate definition.

-Objective setting

A)This is comprised of policies and procedures established and implemented to ensure risk responses are effective.
B)This involves identifying occurrences that affect an enterprise's ability to attain its objectives.
C)This involves ensuring relevant data is captured and communicated effectively throughout the organization to appropriate individuals in a timely manner.
D)This involves watched evaluation and feedback that permits modifications as needed.
E)This ensures that the enterprise has a process for setting goals that are consistent with the entity's mission and risk appetite.
F)This involves the risk management philosophy of the enterprise, including the tone set by top management.

Accepted Answer

The answer of Match the ERM component name to the...

Question 41

In the context of enterprise risk management, ________ refers to the process of monitoring an entity's enterprise risk management.

Accepted Answer

The answer of In the context of enterprise risk management,...

Question 42

Match the word to the appropriate sentence to complete the risk response definition.

-Acceptance

A)An entity reduces risk likelihood or risk impact by ________ the risk with another entity.
B)This risk response refers to actions taken to ________ risk likelihood, risk impact, or both.
C)When an entity responds to risk with ________, the entity takes no action to affect risk likelihood or risk impact.
D)This risk response involves ________ or exiting the activities that give rise to the risk.

Accepted Answer

The answer of Match the word to the appropriate sentence...

Question 43

________ forms the basis for operations, reporting, and compliance objectives.

Accepted Answer

The answer of ________ forms the basis for operations, reporting,...

Question 44

________ is the acceptable level of variation in attaining objectives.

Accepted Answer

The answer of ________ is the acceptable level of variation...

Question 45

What is the main limitation in the ERM framework? Why is it a limitation?

Accepted Answer

The answer of What is the main limitation in the...

Question 46

List and define the eight interrelated ERM components.

Accepted Answer

The answer of List and define the eight interrelated ERM...

Question 47

In ERM risk assessment, ________ may refer to assessing likelihood using qualitative measures, such as high, medium, or low.

Accepted Answer

The answer of In ERM risk assessment, ________ may refer...

Question 48

In ERM risk assessment, possibility may refer to assessing likelihood using a quantitative measure, such as percentages.

Accepted Answer

The answer of In ERM risk assessment, possibility may refer...

Question 49

________ is the process of assessing the extent to which events would impact an entity's ability to achieve its objectives.

Accepted Answer

The answer of ________ is the process of assessing the...

Question 50

The ________ is also impacted by human resource policies, including hiring practices.

Accepted Answer

The answer of The ________ is also impacted by human...

Question 51

List and define the four categories in the ERM framework of an enterprise's objectives.

Accepted Answer

The answer of List and define the four categories in...

Question 52

In ERM risk assessment, ________ may refer to assessing likelihood using a quantitative measure, such as percentages.

Accepted Answer

The answer of In ERM risk assessment, ________ may refer...

Question 53

The ________ component involves identifying potential events that might affect the entity.

Accepted Answer

The answer of The ________ component involves identifying potential events...

Question 54

When risk responses are being considered, the costs and benefits of options may play a major role in the final decision.

Accepted Answer

The answer of When risk responses are being considered, the...

Question 55

The integrated enterprise system is unable to provide management with additional data and information for use in making enterprise risk management assessments and decisions.

Accepted Answer

The answer of The integrated enterprise system is unable to...

Question 56

The ________ relates to the culture of the organization and its risk consciousness.

Accepted Answer

The answer of The ________ relates to the culture of...

Question 57

Which ERM component is comprised of policies and procedures established and implemented to ensure risk responses are effective?&#10;A)Risk assessment&#10;B)Control activities&#10;C)Information and communication&#10;D)Objective setting

Accepted Answer

The answer of Which ERM component is comprised of policies...

Question 58

Match the word to the appropriate sentence to complete the risk response definition.

-Acceptance

A)An entity reduces risk likelihood or risk impact by ________ the risk with another entity.
B)This risk response refers to actions taken to ________ risk likelihood, risk impact, or both.
C)When an entity responds to risk with ________, the entity takes no action to affect risk likelihood or risk impact.
D)This risk response involves ________ or exiting the activities that give rise to the risk.

Accepted Answer

The answer of Match the word to the appropriate sentence...

Question 59

A well developed and articulated risk management philosophy can provide consistency in risk attitudes throughout the entire enterprise.

Accepted Answer

The answer of A well developed and articulated risk management...

Question 60

Match the word to the appropriate sentence to complete the risk response definition.

-Acceptance

A)An entity reduces risk likelihood or risk impact by ________ the risk with another entity.
B)This risk response refers to actions taken to ________ risk likelihood, risk impact, or both.
C)When an entity responds to risk with ________, the entity takes no action to affect risk likelihood or risk impact.
D)This risk response involves ________ or exiting the activities that give rise to the risk.

Accepted Answer

The answer of Match the word to the appropriate sentence...

Question 61

Which question pertains to assessing risk likelihood?&#10;A)What is the estimated frequency of the threat occurring?&#10;B)What is the asset's value?&#10;C)What is the estimated potential loss per threat?&#10;D)How much is the asset worth to the competition?

Accepted Answer

The answer of Which question pertains to assessing risk likelihood?&#10;A)What...

Question 62

Match the IT control activity to the appropriate enterprise level.&#10;&#10;-Entity-level IT controls&#10;A)IT governance&#10;B)Business processes&#10;C)IT processes and services

Accepted Answer

The answer of Match the IT control activity to the...

Question 63

Qualitative measures include&#10;A)Means&#10;B)Regression&#10;C)Percentages&#10;D)Ranking likelihood

Accepted Answer

The answer of Qualitative measures include&#10;A)Means&#10;B)Regression&#10;C)Percentages&#10;D)Ranking likelihood...

Question 64

What are the four risk response categories? Include a definition of each.

Accepted Answer

The answer of What are the four risk response categories?...

Deck 12: The Risk Intelligent Enterprise: Enterprise Risk Management