Topics

Explore all topics

Universities

uni logo
University of North Carolina at Chapel Hill
uni logo
University of Notre Dame
uni logo
Clemson University
Explore all Universities

Professors

Overall Quality
-/5
c c
Overall Quality
-/5
Billt Camp
Overall Quality
-/5
mathio g
Explore all Professors
Add Browser Extension
Start Free Trial
Need Help? Contact us
title
Textbook Solutions
Step-by-step solutions verified by experts
title
24/7 Homework Help
Complete assignments with the help of our community
title
Flashcards
Stimulate your visual memory & walk into test day with confidence
title
DocuAssist
Upload your study materials and we’ll help fill in the answers.
title
Campus Reps
Become a Campus Rep and earn up to 20% commission, plus weekly and monthly cash prizes.
title
My Courses
Add the courses you're enrolled in for tailored study material to meet your requirements
Explore all services
Add Browser Extension
Start Free Trial
Need Help? Contact us
back arrowfull exam logo
العربية
search
ai logoChat with AI
Servicesarrow
Textbook Solutions icon
Textbook Solutions
24/7 Homework Help icon
24/7 Homework Help
Flashcards icon
Flashcards
DocuAssist icon
DocuAssist
Campus Reps icon
Campus Reps
My Courses icon
My Courses
Mobile App icon
Mobile App
Explore All Services
Discoverarrow

Topics

Explore All Services

Universities

uni logo
University of North Carolina at Chapel Hill
uni logo
University of Notre Dame
uni logo
Clemson University
Explore all Universities

professors

/5
c c
/5
Billt Camp
/5
mathio g
Explore all Professors
Explore all topics
Discover more topics
HomeSchoolingAsk a question

Deck 12: The Risk Intelligent Enterprise: Enterprise Risk Management

Full screen (f)
exit full mode
Question
Which of the following is NOT part of IT controls?

A)Event controls
B)IT general controls
C)Entity-level controls
D)Application controls
Use Space or
up arrow
down arrow
to flip the card.
Question
What is risk intelligence?
Question
Enterprise risk management (ERM)goes beyond just security and controls.
Question
A silo approach with separate departments developing separate security programs without consideration of comprehensive risk management can prove to be very effective.
Question
Risk intelligence involves using risk in a pro active, constructive way to create additional value for the enterprise.
Question
The SEC requires company boards to report in-depth on how their enterprises identify risk, set risk tolerances, and manage risk/reward trade-offs.
Question
The IT control associated with top management is

A)IT general controls
B)Entity-level controls
C)Application controls
D)Event controls
Question
Identifying, assessing, and mitigating risks has not been shown to produce better business performance.
Question
Controls are not task driven. Understanding risk is not a prerequisite to the appreciation and application of control.
Question
________ risks have no benefits, only threats to success.
Question
At the top management level, ________ IT controls provide IT governance that sets the tone from the top of the enterprise.
Question
________ risks have the possibility of benefits associated with it.
Question
What percentage of CFOs provide advice on enterprise risk management?

A)63%
B)58%
C)79%
D)83%
Question
Which of the following is NOT considered part of IT controls?

A)ERM
B)Application controls
C)Entity-level controls
D)IT general controls
Question
The International Organization for Standardization framework for risk management is ________.
Question
Risk management shifts an enterprise from a pro active approach of anticipating and mitigating future risks before incidents occur to a reactive approach.
Question
The IT control associated with business processes is

A)Entity-level controls
B)IT general controls
C)Application controls
D)Event controls
Question
________ are controls embedded in business processes where a majority of security breaches occur.
Question
Application controls are controls over IT services, such as networks and database systems.
Question
Which of the following titles does NOT refer to someone in the C-Suite?

A)CIO: Chief Information Officer
B)CSO: Chief Sustainability Officer
C)CIA: Certified Internal Auditor
D)CFO: Chief Financial Officer
Question
Match the ERM component name to the appropriate definition.

-Internal Environment

A)This is comprised of policies and procedures established and implemented to ensure risk responses are effective.
B)This involves identifying occurrences that affect an enterprise's ability to attain its objectives.
C)This involves ensuring relevant data is captured and communicated effectively throughout the organization to appropriate individuals in a timely manner.
D)This involves watched evaluation and feedback that permits modifications as needed.
E)This ensures that the enterprise has a process for setting goals that are consistent with the entity's mission and risk appetite.
F)This involves the risk management philosophy of the enterprise, including the tone set by top management.
Question
Which of the following is NOT a dimension in an ERM cube?

A)ERM resources
B)ERM objectives
C)ERM components
D)ERM units
Question
Which ERM component involves the risk management philosophy of the enterprise,including the tone set by top management?

A)Control activities
B)Information and communication
C)Internal environment
D)Event identification
Question
________ is a COSO framework that provides guidance for managing risk.
Question
Match the ERM Objective with the appropriate definition.

-Reporting objectives

A)These objectives relate to the reliability of the enterprise's reporting, both internal and external.
B)These objectives relate to the effective and efficient use of the entity's resources.
C)These objectives relate to goals that support the entity's mission.
D)These objectives relate to the entity's compliance with all applicable laws and regulations.
Question
Match the ERM component name to the appropriate definition.

-Control activities

A)This is comprised of policies and procedures established and implemented to ensure risk responses are effective.
B)This involves identifying occurrences that affect an enterprise's ability to attain its objectives.
C)This involves ensuring relevant data is captured and communicated effectively throughout the organization to appropriate individuals in a timely manner.
D)This involves watched evaluation and feedback that permits modifications as needed.
E)This ensures that the enterprise has a process for setting goals that are consistent with the entity's mission and risk appetite.
F)This involves the risk management philosophy of the enterprise, including the tone set by top management.
Question
Given the impossibility of foreseeing every conceivable control to address all threats, risk management uses the approach of assessing risk to determine the probability of risk, its frequency, and its impact.
Question
Match the ERM component name to the appropriate definition.

-Monitoring

A)This is comprised of policies and procedures established and implemented to ensure risk responses are effective.
B)This involves identifying occurrences that affect an enterprise's ability to attain its objectives.
C)This involves ensuring relevant data is captured and communicated effectively throughout the organization to appropriate individuals in a timely manner.
D)This involves watched evaluation and feedback that permits modifications as needed.
E)This ensures that the enterprise has a process for setting goals that are consistent with the entity's mission and risk appetite.
F)This involves the risk management philosophy of the enterprise, including the tone set by top management.
Question
Which ERM objective relates to the effective and efficient use of a corporation's resources?

A)Operational objective
B)Compliance objective
C)Strategic objective
D)Reporting objective
Question
It is possible for a company to be 100% risk free.
Question
The COSO Enterprise Risk Management framework replaces the COSO framework for internal control.
Question
Match the ERM Objective with the appropriate definition.

-Compliance objectives

A)These objectives relate to the reliability of the enterprise's reporting, both internal and external.
B)These objectives relate to the effective and efficient use of the entity's resources.
C)These objectives relate to goals that support the entity's mission.
D)These objectives relate to the entity's compliance with all applicable laws and regulations.
Question
Match the ERM Objective with the appropriate definition.

-Strategic objectives

A)These objectives relate to the reliability of the enterprise's reporting, both internal and external.
B)These objectives relate to the effective and efficient use of the entity's resources.
C)These objectives relate to goals that support the entity's mission.
D)These objectives relate to the entity's compliance with all applicable laws and regulations.
Question
Match the ERM Objective with the appropriate definition.

-Operational objectives

A)These objectives relate to the reliability of the enterprise's reporting, both internal and external.
B)These objectives relate to the effective and efficient use of the entity's resources.
C)These objectives relate to goals that support the entity's mission.
D)These objectives relate to the entity's compliance with all applicable laws and regulations.
Question
Which ERM objective relates to the goals that support a corporation's mission?

A)Reporting objective
B)Operational objective
C)Strategic objective
D)Compliance objective
Question
What is the difference between downside risks and upside risks?
Question
Which of the following is part of the ERM units?

A)Internal Environments
B)Entity-level
C)Operations
D)Monitoring
Question
Match the ERM component name to the appropriate definition.

-Information and communication

A)This is comprised of policies and procedures established and implemented to ensure risk responses are effective.
B)This involves identifying occurrences that affect an enterprise's ability to attain its objectives.
C)This involves ensuring relevant data is captured and communicated effectively throughout the organization to appropriate individuals in a timely manner.
D)This involves watched evaluation and feedback that permits modifications as needed.
E)This ensures that the enterprise has a process for setting goals that are consistent with the entity's mission and risk appetite.
F)This involves the risk management philosophy of the enterprise, including the tone set by top management.
Question
Match the ERM component name to the appropriate definition.

-Objective setting

A)This is comprised of policies and procedures established and implemented to ensure risk responses are effective.
B)This involves identifying occurrences that affect an enterprise's ability to attain its objectives.
C)This involves ensuring relevant data is captured and communicated effectively throughout the organization to appropriate individuals in a timely manner.
D)This involves watched evaluation and feedback that permits modifications as needed.
E)This ensures that the enterprise has a process for setting goals that are consistent with the entity's mission and risk appetite.
F)This involves the risk management philosophy of the enterprise, including the tone set by top management.
Question
Match the ERM component name to the appropriate definition.

-Event identification

A)This is comprised of policies and procedures established and implemented to ensure risk responses are effective.
B)This involves identifying occurrences that affect an enterprise's ability to attain its objectives.
C)This involves ensuring relevant data is captured and communicated effectively throughout the organization to appropriate individuals in a timely manner.
D)This involves watched evaluation and feedback that permits modifications as needed.
E)This ensures that the enterprise has a process for setting goals that are consistent with the entity's mission and risk appetite.
F)This involves the risk management philosophy of the enterprise, including the tone set by top management.
Question
In the context of enterprise risk management, ________ refers to the process of monitoring an entity's enterprise risk management.
Question
Match the word to the appropriate sentence to complete the risk response definition.

-Sharing

A)An entity reduces risk likelihood or risk impact by ________ the risk with another entity.
B)This risk response refers to actions taken to ________ risk likelihood, risk impact, or both.
C)When an entity responds to risk with ________, the entity takes no action to affect risk likelihood or risk impact.
D)This risk response involves ________ or exiting the activities that give rise to the risk.
Question
________ forms the basis for operations, reporting, and compliance objectives.
Question
________ is the acceptable level of variation in attaining objectives.
Question
What is the main limitation in the ERM framework? Why is it a limitation?
Question
List and define the eight interrelated ERM components.
Question
In ERM risk assessment, ________ may refer to assessing likelihood using qualitative measures, such as high, medium, or low.
Question
In ERM risk assessment, possibility may refer to assessing likelihood using a quantitative measure, such as percentages.
Question
________ is the process of assessing the extent to which events would impact an entity's ability to achieve its objectives.
Question
The ________ is also impacted by human resource policies, including hiring practices.
Question
List and define the four categories in the ERM framework of an enterprise's objectives.
Question
In ERM risk assessment, ________ may refer to assessing likelihood using a quantitative measure, such as percentages.
Question
The ________ component involves identifying potential events that might affect the entity.
Question
When risk responses are being considered, the costs and benefits of options may play a major role in the final decision.
Question
The integrated enterprise system is unable to provide management with additional data and information for use in making enterprise risk management assessments and decisions.
Question
The ________ relates to the culture of the organization and its risk consciousness.
Question
Which ERM component is comprised of policies and procedures established and implemented to ensure risk responses are effective?

A)Risk assessment
B)Control activities
C)Information and communication
D)Objective setting
Question
Match the word to the appropriate sentence to complete the risk response definition.

-Reduce

A)An entity reduces risk likelihood or risk impact by ________ the risk with another entity.
B)This risk response refers to actions taken to ________ risk likelihood, risk impact, or both.
C)When an entity responds to risk with ________, the entity takes no action to affect risk likelihood or risk impact.
D)This risk response involves ________ or exiting the activities that give rise to the risk.
Question
A well developed and articulated risk management philosophy can provide consistency in risk attitudes throughout the entire enterprise.
Question
Match the word to the appropriate sentence to complete the risk response definition.

-Avoiding

A)An entity reduces risk likelihood or risk impact by ________ the risk with another entity.
B)This risk response refers to actions taken to ________ risk likelihood, risk impact, or both.
C)When an entity responds to risk with ________, the entity takes no action to affect risk likelihood or risk impact.
D)This risk response involves ________ or exiting the activities that give rise to the risk.
Question
Which question pertains to assessing risk likelihood?

A)What is the estimated frequency of the threat occurring?
B)What is the asset's value?
C)What is the estimated potential loss per threat?
D)How much is the asset worth to the competition?
Question
Match the IT control activity to the appropriate enterprise level.

-Entity-level IT controls

A)IT governance
B)Business processes
C)IT processes and services
Question
Qualitative measures include

A)Means
B)Regression
C)Percentages
D)Ranking likelihood
Question
What are the four risk response categories? Include a definition of each.
Question
Match the IT control activity to the appropriate enterprise level.

-IT general controls

A)IT governance
B)Business processes
C)IT processes and services
Question
What are five external events that may pose a risk to an enterprise's ability to achieve objectives? Provide examples.
Question
Operation objectives relate to

A)The reliability of both internal and external reports, including both financial and nonfinancial information
B)The effective and efficient use of the entity's resources
C)An entity's compliance with applicable laws and regulations
D)An entity's ability to mitigate risk
Question
Match the IT control activity to the appropriate enterprise level.

-Application controls

A)IT governance
B)Business processes
C)IT processes and services
Question
Match the word to the appropriate sentence to complete the risk response definition.

-Acceptance

A)An entity reduces risk likelihood or risk impact by ________ the risk with another entity.
B)This risk response refers to actions taken to ________ risk likelihood, risk impact, or both.
C)When an entity responds to risk with ________, the entity takes no action to affect risk likelihood or risk impact.
D)This risk response involves ________ or exiting the activities that give rise to the risk.
Question
What are four internal events that may pose a risk to an enterprise's ability to achieve objectives? Provide examples.
Question
Assessment techniques used to assess risk are grouped into two categories. What are these categories? Define each.
Question
Which of the following is NOT an external factor that might affect an enterprise's ability to achieve objectives?

A)Economic events
B)Natural environment
C)Processes
D)Political events
Question
Which of the following is an incident or occurrence that originates inside an organization?

A)Changes in regulations
B)Data integrity
C)New technology
D)Product competition
Question
The risk time frame ________ relates to the organization's strategy, affecting three to five years or longer.
Question
Which of the following is both an internal and external factor that might affect an enterprise's ability to achieve objectives?

A)Infrastructures
B)Technology events
C)Economic events
D)Social events
Question
Which of the following is NOT considered a control activity?

A)Locked door
B)Performance reviews
C)Event identification
D)Segregation of duties
Question
Hiring competent employees who are provided ongoing training

A)Can increase risks from accidents and errors
B)Can increase the amount of fraud
C)Can reduce risks from accidents and errors
D)Can reduce an enterprise's risk tolerance
Question
ISO 13000 is not the only internationally accepted enterprise risk management standard.
Question
Which of the following is NOT an incident or occurrence that originates outside an organization?

A)Changes in consumer demographics
B)New legislation
C)Employee competence
D)Liquidity factors
Question
What is risk tolerance? Provide an example.
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/108
auto play flashcards
Play
simple tutorial
Full screen (f)
exit full mode
Deck 12: The Risk Intelligent Enterprise: Enterprise Risk Management
1
Which of the following is NOT part of IT controls?

A)Event controls
B)IT general controls
C)Entity-level controls
D)Application controls
A
2
What is risk intelligence?
Risk intelligence moves beyond just managing risk to using risk intelligently to create value for the enterprise. Some risk has only a downside or loss associated with it, such as computer viruses that destroy corporate emails. Risk intelligence includes managing not only adverse risks, but also capitalizing on risk that presents the enterprise with opportunities to create value, such as evaluating risk associated with a new business acquisition.
3
Enterprise risk management (ERM)goes beyond just security and controls.
True
4
A silo approach with separate departments developing separate security programs without consideration of comprehensive risk management can prove to be very effective.
Unlock Deck
Unlock for access to all 108 flashcards in this deck.
Unlock Deck
k this deck
5
Risk intelligence involves using risk in a pro active, constructive way to create additional value for the enterprise.
Unlock Deck
Unlock for access to all 108 flashcards in this deck.
Unlock Deck
k this deck
6
The SEC requires company boards to report in-depth on how their enterprises identify risk, set risk tolerances, and manage risk/reward trade-offs.
Unlock Deck
Unlock for access to all 108 flashcards in this deck.
Unlock Deck
k this deck
7
The IT control associated with top management is

A)IT general controls
B)Entity-level controls
C)Application controls
D)Event controls
Unlock Deck
Unlock for access to all 108 flashcards in this deck.
Unlock Deck
k this deck
8
Identifying, assessing, and mitigating risks has not been shown to produce better business performance.
Unlock Deck
Unlock for access to all 108 flashcards in this deck.
Unlock Deck
k this deck
9
Controls are not task driven. Understanding risk is not a prerequisite to the appreciation and application of control.
Unlock Deck
Unlock for access to all 108 flashcards in this deck.
Unlock Deck
k this deck
10
________ risks have no benefits, only threats to success.
Unlock Deck
Unlock for access to all 108 flashcards in this deck.
Unlock Deck
k this deck
11
At the top management level, ________ IT controls provide IT governance that sets the tone from the top of the enterprise.
Unlock Deck
Unlock for access to all 108 flashcards in this deck.
Unlock Deck
k this deck
12
________ risks have the possibility of benefits associated with it.
Unlock Deck
Unlock for access to all 108 flashcards in this deck.
Unlock Deck
k this deck
13
What percentage of CFOs provide advice on enterprise risk management?

A)63%
B)58%
C)79%
D)83%
Unlock Deck
Unlock for access to all 108 flashcards in this deck.
Unlock Deck
k this deck
14
Which of the following is NOT considered part of IT controls?

A)ERM
B)Application controls
C)Entity-level controls
D)IT general controls
Unlock Deck
Unlock for access to all 108 flashcards in this deck.
Unlock Deck
k this deck
15
The International Organization for Standardization framework for risk management is ________.
Unlock Deck
Unlock for access to all 108 flashcards in this deck.
Unlock Deck
k this deck
16
Risk management shifts an enterprise from a pro active approach of anticipating and mitigating future risks before incidents occur to a reactive approach.
Unlock Deck
Unlock for access to all 108 flashcards in this deck.
Unlock Deck
k this deck
17
The IT control associated with business processes is

A)Entity-level controls
B)IT general controls
C)Application controls
D)Event controls
Unlock Deck
Unlock for access to all 108 flashcards in this deck.
Unlock Deck
k this deck
18
________ are controls embedded in business processes where a majority of security breaches occur.
Unlock Deck
Unlock for access to all 108 flashcards in this deck.
Unlock Deck
k this deck
19
Application controls are controls over IT services, such as networks and database systems.
Unlock Deck
Unlock for access to all 108 flashcards in this deck.
Unlock Deck
k this deck
20
Which of the following titles does NOT refer to someone in the C-Suite?

A)CIO: Chief Information Officer
B)CSO: Chief Sustainability Officer
C)CIA: Certified Internal Auditor
D)CFO: Chief Financial Officer
Unlock Deck
Unlock for access to all 108 flashcards in this deck.
Unlock Deck
k this deck
21
Match the ERM component name to the appropriate definition.

-Internal Environment

A)This is comprised of policies and procedures established and implemented to ensure risk responses are effective.
B)This involves identifying occurrences that affect an enterprise's ability to attain its objectives.
C)This involves ensuring relevant data is captured and communicated effectively throughout the organization to appropriate individuals in a timely manner.
D)This involves watched evaluation and feedback that permits modifications as needed.
E)This ensures that the enterprise has a process for setting goals that are consistent with the entity's mission and risk appetite.
F)This involves the risk management philosophy of the enterprise, including the tone set by top management.
Unlock Deck
Unlock for access to all 108 flashcards in this deck.
Unlock Deck
k this deck
22
Which of the following is NOT a dimension in an ERM cube?

A)ERM resources
B)ERM objectives
C)ERM components
D)ERM units
Unlock Deck
Unlock for access to all 108 flashcards in this deck.
Unlock Deck
k this deck
23
Which ERM component involves the risk management philosophy of the enterprise,including the tone set by top management?

A)Control activities
B)Information and communication
C)Internal environment
D)Event identification
Unlock Deck
Unlock for access to all 108 flashcards in this deck.
Unlock Deck
k this deck
24
________ is a COSO framework that provides guidance for managing risk.
Unlock Deck
Unlock for access to all 108 flashcards in this deck.
Unlock Deck
k this deck
25
Match the ERM Objective with the appropriate definition.

-Reporting objectives

A)These objectives relate to the reliability of the enterprise's reporting, both internal and external.
B)These objectives relate to the effective and efficient use of the entity's resources.
C)These objectives relate to goals that support the entity's mission.
D)These objectives relate to the entity's compliance with all applicable laws and regulations.
Unlock Deck
Unlock for access to all 108 flashcards in this deck.
Unlock Deck
k this deck
26
Match the ERM component name to the appropriate definition.

-Control activities

A)This is comprised of policies and procedures established and implemented to ensure risk responses are effective.
B)This involves identifying occurrences that affect an enterprise's ability to attain its objectives.
C)This involves ensuring relevant data is captured and communicated effectively throughout the organization to appropriate individuals in a timely manner.
D)This involves watched evaluation and feedback that permits modifications as needed.
E)This ensures that the enterprise has a process for setting goals that are consistent with the entity's mission and risk appetite.
F)This involves the risk management philosophy of the enterprise, including the tone set by top management.
Unlock Deck
Unlock for access to all 108 flashcards in this deck.
Unlock Deck
k this deck
27
Given the impossibility of foreseeing every conceivable control to address all threats, risk management uses the approach of assessing risk to determine the probability of risk, its frequency, and its impact.
Unlock Deck
Unlock for access to all 108 flashcards in this deck.
Unlock Deck
k this deck
28
Match the ERM component name to the appropriate definition.

-Monitoring

A)This is comprised of policies and procedures established and implemented to ensure risk responses are effective.
B)This involves identifying occurrences that affect an enterprise's ability to attain its objectives.
C)This involves ensuring relevant data is captured and communicated effectively throughout the organization to appropriate individuals in a timely manner.
D)This involves watched evaluation and feedback that permits modifications as needed.
E)This ensures that the enterprise has a process for setting goals that are consistent with the entity's mission and risk appetite.
F)This involves the risk management philosophy of the enterprise, including the tone set by top management.
Unlock Deck
Unlock for access to all 108 flashcards in this deck.
Unlock Deck
k this deck
29
Which ERM objective relates to the effective and efficient use of a corporation's resources?

A)Operational objective
B)Compliance objective
C)Strategic objective
D)Reporting objective
Unlock Deck
Unlock for access to all 108 flashcards in this deck.
Unlock Deck
k this deck
30
It is possible for a company to be 100% risk free.
Unlock Deck
Unlock for access to all 108 flashcards in this deck.
Unlock Deck
k this deck
31
The COSO Enterprise Risk Management framework replaces the COSO framework for internal control.
Unlock Deck
Unlock for access to all 108 flashcards in this deck.
Unlock Deck
k this deck
32
Match the ERM Objective with the appropriate definition.

-Compliance objectives

A)These objectives relate to the reliability of the enterprise's reporting, both internal and external.
B)These objectives relate to the effective and efficient use of the entity's resources.
C)These objectives relate to goals that support the entity's mission.
D)These objectives relate to the entity's compliance with all applicable laws and regulations.
Unlock Deck
Unlock for access to all 108 flashcards in this deck.
Unlock Deck
k this deck
33
Match the ERM Objective with the appropriate definition.

-Strategic objectives

A)These objectives relate to the reliability of the enterprise's reporting, both internal and external.
B)These objectives relate to the effective and efficient use of the entity's resources.
C)These objectives relate to goals that support the entity's mission.
D)These objectives relate to the entity's compliance with all applicable laws and regulations.
Unlock Deck
Unlock for access to all 108 flashcards in this deck.
Unlock Deck
k this deck
34
Match the ERM Objective with the appropriate definition.

-Operational objectives

A)These objectives relate to the reliability of the enterprise's reporting, both internal and external.
B)These objectives relate to the effective and efficient use of the entity's resources.
C)These objectives relate to goals that support the entity's mission.
D)These objectives relate to the entity's compliance with all applicable laws and regulations.
Unlock Deck
Unlock for access to all 108 flashcards in this deck.
Unlock Deck
k this deck
35
Which ERM objective relates to the goals that support a corporation's mission?

A)Reporting objective
B)Operational objective
C)Strategic objective
D)Compliance objective
Unlock Deck
Unlock for access to all 108 flashcards in this deck.
Unlock Deck
k this deck
36
What is the difference between downside risks and upside risks?
Unlock Deck
Unlock for access to all 108 flashcards in this deck.
Unlock Deck
k this deck
37
Which of the following is part of the ERM units?

A)Internal Environments
B)Entity-level
C)Operations
D)Monitoring
Unlock Deck
Unlock for access to all 108 flashcards in this deck.
Unlock Deck
k this deck
38
Match the ERM component name to the appropriate definition.

-Information and communication

A)This is comprised of policies and procedures established and implemented to ensure risk responses are effective.
B)This involves identifying occurrences that affect an enterprise's ability to attain its objectives.
C)This involves ensuring relevant data is captured and communicated effectively throughout the organization to appropriate individuals in a timely manner.
D)This involves watched evaluation and feedback that permits modifications as needed.
E)This ensures that the enterprise has a process for setting goals that are consistent with the entity's mission and risk appetite.
F)This involves the risk management philosophy of the enterprise, including the tone set by top management.
Unlock Deck
Unlock for access to all 108 flashcards in this deck.
Unlock Deck
k this deck
39
Match the ERM component name to the appropriate definition.

-Objective setting

A)This is comprised of policies and procedures established and implemented to ensure risk responses are effective.
B)This involves identifying occurrences that affect an enterprise's ability to attain its objectives.
C)This involves ensuring relevant data is captured and communicated effectively throughout the organization to appropriate individuals in a timely manner.
D)This involves watched evaluation and feedback that permits modifications as needed.
E)This ensures that the enterprise has a process for setting goals that are consistent with the entity's mission and risk appetite.
F)This involves the risk management philosophy of the enterprise, including the tone set by top management.
Unlock Deck
Unlock for access to all 108 flashcards in this deck.
Unlock Deck
k this deck
40
Match the ERM component name to the appropriate definition.

-Event identification

A)This is comprised of policies and procedures established and implemented to ensure risk responses are effective.
B)This involves identifying occurrences that affect an enterprise's ability to attain its objectives.
C)This involves ensuring relevant data is captured and communicated effectively throughout the organization to appropriate individuals in a timely manner.
D)This involves watched evaluation and feedback that permits modifications as needed.
E)This ensures that the enterprise has a process for setting goals that are consistent with the entity's mission and risk appetite.
F)This involves the risk management philosophy of the enterprise, including the tone set by top management.
Unlock Deck
Unlock for access to all 108 flashcards in this deck.
Unlock Deck
k this deck
41
In the context of enterprise risk management, ________ refers to the process of monitoring an entity's enterprise risk management.
Unlock Deck
Unlock for access to all 108 flashcards in this deck.
Unlock Deck
k this deck
42
Match the word to the appropriate sentence to complete the risk response definition.

-Sharing

A)An entity reduces risk likelihood or risk impact by ________ the risk with another entity.
B)This risk response refers to actions taken to ________ risk likelihood, risk impact, or both.
C)When an entity responds to risk with ________, the entity takes no action to affect risk likelihood or risk impact.
D)This risk response involves ________ or exiting the activities that give rise to the risk.
Unlock Deck
Unlock for access to all 108 flashcards in this deck.
Unlock Deck
k this deck
43
________ forms the basis for operations, reporting, and compliance objectives.
Unlock Deck
Unlock for access to all 108 flashcards in this deck.
Unlock Deck
k this deck
44
________ is the acceptable level of variation in attaining objectives.
Unlock Deck
Unlock for access to all 108 flashcards in this deck.
Unlock Deck
k this deck
45
What is the main limitation in the ERM framework? Why is it a limitation?
Unlock Deck
Unlock for access to all 108 flashcards in this deck.
Unlock Deck
k this deck
46
List and define the eight interrelated ERM components.
Unlock Deck
Unlock for access to all 108 flashcards in this deck.
Unlock Deck
k this deck
47
In ERM risk assessment, ________ may refer to assessing likelihood using qualitative measures, such as high, medium, or low.
Unlock Deck
Unlock for access to all 108 flashcards in this deck.
Unlock Deck
k this deck
48
In ERM risk assessment, possibility may refer to assessing likelihood using a quantitative measure, such as percentages.
Unlock Deck
Unlock for access to all 108 flashcards in this deck.
Unlock Deck
k this deck
49
________ is the process of assessing the extent to which events would impact an entity's ability to achieve its objectives.
Unlock Deck
Unlock for access to all 108 flashcards in this deck.
Unlock Deck
k this deck
50
The ________ is also impacted by human resource policies, including hiring practices.
Unlock Deck
Unlock for access to all 108 flashcards in this deck.
Unlock Deck
k this deck
51
List and define the four categories in the ERM framework of an enterprise's objectives.
Unlock Deck
Unlock for access to all 108 flashcards in this deck.
Unlock Deck
k this deck
52
In ERM risk assessment, ________ may refer to assessing likelihood using a quantitative measure, such as percentages.
Unlock Deck
Unlock for access to all 108 flashcards in this deck.
Unlock Deck
k this deck
53
The ________ component involves identifying potential events that might affect the entity.
Unlock Deck
Unlock for access to all 108 flashcards in this deck.
Unlock Deck
k this deck
54
When risk responses are being considered, the costs and benefits of options may play a major role in the final decision.
Unlock Deck
Unlock for access to all 108 flashcards in this deck.
Unlock Deck
k this deck
55
The integrated enterprise system is unable to provide management with additional data and information for use in making enterprise risk management assessments and decisions.
Unlock Deck
Unlock for access to all 108 flashcards in this deck.
Unlock Deck
k this deck
56
The ________ relates to the culture of the organization and its risk consciousness.
Unlock Deck
Unlock for access to all 108 flashcards in this deck.
Unlock Deck
k this deck
57
Which ERM component is comprised of policies and procedures established and implemented to ensure risk responses are effective?

A)Risk assessment
B)Control activities
C)Information and communication
D)Objective setting
Unlock Deck
Unlock for access to all 108 flashcards in this deck.
Unlock Deck
k this deck
58
Match the word to the appropriate sentence to complete the risk response definition.

-Reduce

A)An entity reduces risk likelihood or risk impact by ________ the risk with another entity.
B)This risk response refers to actions taken to ________ risk likelihood, risk impact, or both.
C)When an entity responds to risk with ________, the entity takes no action to affect risk likelihood or risk impact.
D)This risk response involves ________ or exiting the activities that give rise to the risk.
Unlock Deck
Unlock for access to all 108 flashcards in this deck.
Unlock Deck
k this deck
59
A well developed and articulated risk management philosophy can provide consistency in risk attitudes throughout the entire enterprise.
Unlock Deck
Unlock for access to all 108 flashcards in this deck.
Unlock Deck
k this deck
60
Match the word to the appropriate sentence to complete the risk response definition.

-Avoiding

A)An entity reduces risk likelihood or risk impact by ________ the risk with another entity.
B)This risk response refers to actions taken to ________ risk likelihood, risk impact, or both.
C)When an entity responds to risk with ________, the entity takes no action to affect risk likelihood or risk impact.
D)This risk response involves ________ or exiting the activities that give rise to the risk.
Unlock Deck
Unlock for access to all 108 flashcards in this deck.
Unlock Deck
k this deck
61
Which question pertains to assessing risk likelihood?

A)What is the estimated frequency of the threat occurring?
B)What is the asset's value?
C)What is the estimated potential loss per threat?
D)How much is the asset worth to the competition?
Unlock Deck
Unlock for access to all 108 flashcards in this deck.
Unlock Deck
k this deck
62
Match the IT control activity to the appropriate enterprise level.

-Entity-level IT controls

A)IT governance
B)Business processes
C)IT processes and services
Unlock Deck
Unlock for access to all 108 flashcards in this deck.
Unlock Deck
k this deck
63
Qualitative measures include

A)Means
B)Regression
C)Percentages
D)Ranking likelihood
Unlock Deck
Unlock for access to all 108 flashcards in this deck.
Unlock Deck
k this deck
64
What are the four risk response categories? Include a definition of each.
Unlock Deck
Unlock for access to all 108 flashcards in this deck.
Unlock Deck
k this deck
65
Match the IT control activity to the appropriate enterprise level.

-IT general controls

A)IT governance
B)Business processes
C)IT processes and services
Unlock Deck
Unlock for access to all 108 flashcards in this deck.
Unlock Deck
k this deck
66
What are five external events that may pose a risk to an enterprise's ability to achieve objectives? Provide examples.
Unlock Deck
Unlock for access to all 108 flashcards in this deck.
Unlock Deck
k this deck
67
Operation objectives relate to

A)The reliability of both internal and external reports, including both financial and nonfinancial information
B)The effective and efficient use of the entity's resources
C)An entity's compliance with applicable laws and regulations
D)An entity's ability to mitigate risk
Unlock Deck
Unlock for access to all 108 flashcards in this deck.
Unlock Deck
k this deck
68
Match the IT control activity to the appropriate enterprise level.

-Application controls

A)IT governance
B)Business processes
C)IT processes and services
Unlock Deck
Unlock for access to all 108 flashcards in this deck.
Unlock Deck
k this deck
69
Match the word to the appropriate sentence to complete the risk response definition.

-Acceptance

A)An entity reduces risk likelihood or risk impact by ________ the risk with another entity.
B)This risk response refers to actions taken to ________ risk likelihood, risk impact, or both.
C)When an entity responds to risk with ________, the entity takes no action to affect risk likelihood or risk impact.
D)This risk response involves ________ or exiting the activities that give rise to the risk.
Unlock Deck
Unlock for access to all 108 flashcards in this deck.
Unlock Deck
k this deck
70
What are four internal events that may pose a risk to an enterprise's ability to achieve objectives? Provide examples.
Unlock Deck
Unlock for access to all 108 flashcards in this deck.
Unlock Deck
k this deck
71
Assessment techniques used to assess risk are grouped into two categories. What are these categories? Define each.
Unlock Deck
Unlock for access to all 108 flashcards in this deck.
Unlock Deck
k this deck
72
Which of the following is NOT an external factor that might affect an enterprise's ability to achieve objectives?

A)Economic events
B)Natural environment
C)Processes
D)Political events
Unlock Deck
Unlock for access to all 108 flashcards in this deck.
Unlock Deck
k this deck
73
Which of the following is an incident or occurrence that originates inside an organization?

A)Changes in regulations
B)Data integrity
C)New technology
D)Product competition
Unlock Deck
Unlock for access to all 108 flashcards in this deck.
Unlock Deck
k this deck
74
The risk time frame ________ relates to the organization's strategy, affecting three to five years or longer.
Unlock Deck
Unlock for access to all 108 flashcards in this deck.
Unlock Deck
k this deck
75
Which of the following is both an internal and external factor that might affect an enterprise's ability to achieve objectives?

A)Infrastructures
B)Technology events
C)Economic events
D)Social events
Unlock Deck
Unlock for access to all 108 flashcards in this deck.
Unlock Deck
k this deck
76
Which of the following is NOT considered a control activity?

A)Locked door
B)Performance reviews
C)Event identification
D)Segregation of duties
Unlock Deck
Unlock for access to all 108 flashcards in this deck.
Unlock Deck
k this deck
77
Hiring competent employees who are provided ongoing training

A)Can increase risks from accidents and errors
B)Can increase the amount of fraud
C)Can reduce risks from accidents and errors
D)Can reduce an enterprise's risk tolerance
Unlock Deck
Unlock for access to all 108 flashcards in this deck.
Unlock Deck
k this deck
78
ISO 13000 is not the only internationally accepted enterprise risk management standard.
Unlock Deck
Unlock for access to all 108 flashcards in this deck.
Unlock Deck
k this deck
79
Which of the following is NOT an incident or occurrence that originates outside an organization?

A)Changes in consumer demographics
B)New legislation
C)Employee competence
D)Liquidity factors
Unlock Deck
Unlock for access to all 108 flashcards in this deck.
Unlock Deck
k this deck
80
What is risk tolerance? Provide an example.
Unlock Deck
Unlock for access to all 108 flashcards in this deck.
Unlock Deck
k this deck
locked card icon
Unlock Deck
Unlock for access to all 108 flashcards in this deck.
QuizPlus
surly
Quizplus
Work With Us
Policies
Download the App
Scan to downloadDownload the App
qr-code
Links
Links
Work With Us
Download the App
surly
English
English
العربية
Scan to downloadDownload the App
qr-code

English
English
العربية
Copyright © 2025 Quizplus LLC.
  • facebook-footer
  • instagram-footer
  • x-footer
  • tiktok
  • Linktree