Deck 12: The Risk Intelligent Enterprise: Enterprise Risk Management

A)CIO: Chief Information Officer
B)CSO: Chief Sustainability Officer
C)CIA: Certified Internal Auditor
D)CFO: Chief Financial Officer

A)ERM
B)Application controls
C)Entity-level controls
D)IT general controls

A)Entity-level controls
B)IT general controls
C)Application controls
D)Event controls

A)64%
B)48%
C)83%
D)72%

A)IT general controls
B)Entity-level controls
C)Application controls
D)Event controls

A)Event controls
B)IT general controls
C)Entity-level controls
D)Application controls

A)This ensures that the enterprise has a process for setting goals that are consistent with the entity's mission and risk appetite.
B)This involves ensuring relevant data is captured and communicated effectively throughout the organization to appropriate individuals in a timely manner.
C)This involves watched evaluation and feedback that permits modifications as needed.
D)This involves the risk management philosophy of the enterprise, including the tone set by top management.
E)This is comprised of policies and procedures established and implemented to ensure risk responses are effective.
F)This involves identifying occurrences that affect an enterprise's ability to attain its objectives.
Event identification

A)Subsidiary
B)Entity-level
C)Operations
D)Division

A)These objectives relate to the entity's compliance with all applicable laws and regulations.
B)These objectives relate to the effective and efficient use of the entity's resources.
C)These objectives relate to goals that support the entity's mission.
D)These objectives relate to the reliability of the enterprise's reporting, both internal and external.
Reporting objectives

A)This ensures that the enterprise has a process for setting goals that are consistent with the entity's mission and risk appetite.
B)This involves ensuring relevant data is captured and communicated effectively throughout the organization to appropriate individuals in a timely manner.
C)This involves watched evaluation and feedback that permits modifications as needed.
D)This involves the risk management philosophy of the enterprise, including the tone set by top management.
E)This is comprised of policies and procedures established and implemented to ensure risk responses are effective.
F)This involves identifying occurrences that affect an enterprise's ability to attain its objectives.
Control activities

A)These objectives relate to the entity's compliance with all applicable laws and regulations.
B)These objectives relate to the effective and efficient use of the entity's resources.
C)These objectives relate to goals that support the entity's mission.
D)These objectives relate to the reliability of the enterprise's reporting, both internal and external.
Strategic objectives

A)This ensures that the enterprise has a process for setting goals that are consistent with the entity's mission and risk appetite.
B)This involves ensuring relevant data is captured and communicated effectively throughout the organization to appropriate individuals in a timely manner.
C)This involves watched evaluation and feedback that permits modifications as needed.
D)This involves the risk management philosophy of the enterprise, including the tone set by top management.
E)This is comprised of policies and procedures established and implemented to ensure risk responses are effective.
F)This involves identifying occurrences that affect an enterprise's ability to attain its objectives.
Internal Environment

A)Operational objective
B)Reporting objective
C)Compliance objective
D)Shareholder objective

A)Operational objective
B)Compliance objective
C)Strategic objective
D)Reporting objective

A)This ensures that the enterprise has a process for setting goals that are consistent with the entity's mission and risk appetite.
B)This involves ensuring relevant data is captured and communicated effectively throughout the organization to appropriate individuals in a timely manner.
C)This involves watched evaluation and feedback that permits modifications as needed.
D)This involves the risk management philosophy of the enterprise, including the tone set by top management.
E)This is comprised of policies and procedures established and implemented to ensure risk responses are effective.
F)This involves identifying occurrences that affect an enterprise's ability to attain its objectives.
Objective setting

A)These objectives relate to the entity's compliance with all applicable laws and regulations.
B)These objectives relate to the effective and efficient use of the entity's resources.
C)These objectives relate to goals that support the entity's mission.
D)These objectives relate to the reliability of the enterprise's reporting, both internal and external.
Operational objectives

A)This ensures that the enterprise has a process for setting goals that are consistent with the entity's mission and risk appetite.
B)This involves ensuring relevant data is captured and communicated effectively throughout the organization to appropriate individuals in a timely manner.
C)This involves watched evaluation and feedback that permits modifications as needed.
D)This involves the risk management philosophy of the enterprise, including the tone set by top management.
E)This is comprised of policies and procedures established and implemented to ensure risk responses are effective.
F)This involves identifying occurrences that affect an enterprise's ability to attain its objectives.
Monitoring

A)ERM resources
B)ERM objectives
C)ERM components
D)ERM units

A)This ensures that the enterprise has a process for setting goals that are consistent with the entity's mission and risk appetite.
B)This involves ensuring relevant data is captured and communicated effectively throughout the organization to appropriate individuals in a timely manner.
C)This involves watched evaluation and feedback that permits modifications as needed.
D)This involves the risk management philosophy of the enterprise, including the tone set by top management.
E)This is comprised of policies and procedures established and implemented to ensure risk responses are effective.
F)This involves identifying occurrences that affect an enterprise's ability to attain its objectives.
Information and communication

A)These objectives relate to the entity's compliance with all applicable laws and regulations.
B)These objectives relate to the effective and efficient use of the entity's resources.
C)These objectives relate to goals that support the entity's mission.
D)These objectives relate to the reliability of the enterprise's reporting, both internal and external.
Compliance objectives

A)Risk assessment
B)Control activities
C)Information and communication
D)Objective setting

A)This risk response involves ________ or exiting the activities that give rise to the risk.
B)An entity reduces risk likelihood or risk impact by ________ the risk with another entity.
C)This risk response refers to actions taken to ________ risk likelihood, risk impact, or both.
D)When an entity responds to risk with ________, the entity takes no action to affect risk likelihood or risk impact.
Avoiding

A)Reporting objective
B)Operational objective
C)Strategic objective
D)Compliance objective

A)Control activities
B)Information and communication
C)Internal environment
D)Event identification

A)IT governance
B)Business processes
C)IT processes and services
Entity-level IT controls

A)This risk response involves ________ or exiting the activities that give rise to the risk.
B)An entity reduces risk likelihood or risk impact by ________ the risk with another entity.
C)This risk response refers to actions taken to ________ risk likelihood, risk impact, or both.
D)When an entity responds to risk with ________, the entity takes no action to affect risk likelihood or risk impact.
Acceptance

A)IT governance
B)Business processes
C)IT processes and services
Application controls

A)What is the estimated frequency of the threat occurring?
B)What is the asset's value?
C)What is the estimated potential loss per threat?
D)How much is the asset worth to the competition?

A)Mission
B)Goal
C)Vision
D)A and C

A)Locked door
B)Performance reviews
C)Event identification
D)Segregation of duties

A)Means
B)Regression
C)Percentages
D)Ranking likelihood

A)IT governance
B)Business processes
C)IT processes and services
IT general controls

A)Current regulations
B)Industry standards
C)Costs and benefits
D)B and C

A)The reliability of both internal and external reports, including both financial and nonfinancial information
B)The effective and efficient use of the entity's resources
C)An entity's compliance with applicable laws and regulations
D)An entity's ability to mitigate risk

A)Changes in regulations
B)Data integrity
C)New technology
D)Product competition

A)Financial objective
B)Reporting objective
C)Operations objective
D)Compliance objective

A)This risk response involves ________ or exiting the activities that give rise to the risk.
B)An entity reduces risk likelihood or risk impact by ________ the risk with another entity.
C)This risk response refers to actions taken to ________ risk likelihood, risk impact, or both.
D)When an entity responds to risk with ________, the entity takes no action to affect risk likelihood or risk impact.
Reduce

A)By anticipating all possible risks
B)By providing event specific examples
C)By being well-developed and articulated
D)By setting employee expectations

A)This risk response involves ________ or exiting the activities that give rise to the risk.
B)An entity reduces risk likelihood or risk impact by ________ the risk with another entity.
C)This risk response refers to actions taken to ________ risk likelihood, risk impact, or both.
D)When an entity responds to risk with ________, the entity takes no action to affect risk likelihood or risk impact.
Sharing

A)Changes in consumer demographics
B)New legislation
C)Employee competence
D)Liquidity factors