Topics

Explore all topics

Universities

uni logo
University of North Carolina at Chapel Hill
uni logo
University of Notre Dame
uni logo
Clemson University
Explore all Universities

Professors

Overall Quality
-/5
c c
Overall Quality
-/5
Billt Camp
Overall Quality
-/5
mathio g
Explore all Professors
Add Browser Extension
Start Free Trial
Need Help? Contact us
title
Textbook Solutions
Step-by-step solutions verified by experts
title
24/7 Homework Help
Complete assignments with the help of our community
title
Flashcards
Stimulate your visual memory & walk into test day with confidence
title
DocuAssist
Upload your study materials and we’ll help fill in the answers.
title
Campus Reps
Become a Campus Rep and earn up to 20% commission, plus weekly and monthly cash prizes.
title
My Courses
Add the courses you're enrolled in for tailored study material to meet your requirements
Explore all services
Add Browser Extension
Start Free Trial
Need Help? Contact us
back arrowfull exam logo
العربية
search
ai logoChat with AI
Servicesarrow
Textbook Solutions icon
Textbook Solutions
24/7 Homework Help icon
24/7 Homework Help
Flashcards icon
Flashcards
DocuAssist icon
DocuAssist
Campus Reps icon
Campus Reps
My Courses icon
My Courses
Mobile App icon
Mobile App
Explore All Services
Discoverarrow

Topics

Explore All Services

Universities

uni logo
University of North Carolina at Chapel Hill
uni logo
University of Notre Dame
uni logo
Clemson University
Explore all Universities

professors

/5
c c
/5
Billt Camp
/5
mathio g
Explore all Professors
Explore all topics
Discover more topics
HomeSchoolingAsk a question

Deck 12: The Risk Intelligent Enterprise: Enterprise Risk Management

Full screen (f)
exit full mode
Question
The International Organization for Standardization framework for risk management is ________.
Use Space or
up arrow
down arrow
to flip the card.
Question
________ risk is a risk that has the possibility of a positive payoff associate with it.
Question
Risk intelligence moves beyond just managing risk to using risk intelligently to create value for the enterprise.
Question
Application controls are controls over IT services, such as networks and database systems.
Question
A silo approach with separate departments developing separate security programs without consideration of comprehensive risk management can prove to be very effective.
Question
At the top management level, ________ IT controls provide IT governance that sets the tone from the top of the enterprise.
Question
Which of the following titles does not refer to someone in the C-Suite?

A)CIO: Chief Information Officer
B)CSO: Chief Sustainability Officer
C)CIA: Certified Internal Auditor
D)CFO: Chief Financial Officer
Question
________ risks have no positive payoff.
Question
Risk management shifts an enterprise from a proactive approach of anticipating and mitigating future risks before incidents occur to a reactive approach.
Question
Risk intelligence involves using risk in a proactive, constructive way to create additional value for the enterprise.
Question
Which of the following is not considered part of IT controls?

A)ERM
B)Application controls
C)Entity-level controls
D)IT general controls
Question
________ includes managing not only adverse risks, but also capitalizing on risk that presents the enterprise with opportunities to create value, such as evaluating risk associated with a new business acquisition.
Question
Controls are risk driven, so understanding risk is a prerequisite to the appreciation and application of control.
Question
The IT control associated with business processes is

A)Entity-level controls
B)IT general controls
C)Application controls
D)Event controls
Question
What percentage of CFOs provide advice on IT?

A)64%
B)48%
C)83%
D)72%
Question
The IT control associated with top management is

A)IT general controls
B)Entity-level controls
C)Application controls
D)Event controls
Question
Which of the following is not part of IT controls?

A)Event controls
B)IT general controls
C)Entity-level controls
D)Application controls
Question
Identifying, assessing, and mitigating risks has not been shown to produce better business performance.
Question
Enterprise risk management (ERM)goes beyond just security and controls.
Question
________ are controls embedded in business processes where a majority of security breaches occur.
Question
ERM Operational objectives relate to goals that support the entity's mission.
Question
Match the ERM component name to the appropriate definition.

A)This ensures that the enterprise has a process for setting goals that are consistent with the entity's mission and risk appetite.
B)This involves ensuring relevant data is captured and communicated effectively throughout the organization to appropriate individuals in a timely manner.
C)This involves watched evaluation and feedback that permits modifications as needed.
D)This involves the risk management philosophy of the enterprise, including the tone set by top management.
E)This is comprised of policies and procedures established and implemented to ensure risk responses are effective.
F)This involves identifying occurrences that affect an enterprise's ability to attain its objectives.
Event identification
Question
Which of the following is not part of the ERM units?

A)Subsidiary
B)Entity-level
C)Operations
D)Division
Question
Match the ERM Objective with the appropriate definition.

A)These objectives relate to the entity's compliance with all applicable laws and regulations.
B)These objectives relate to the effective and efficient use of the entity's resources.
C)These objectives relate to goals that support the entity's mission.
D)These objectives relate to the reliability of the enterprise's reporting, both internal and external.
Reporting objectives
Question
The COSO Enterprise Risk Management framework replaces the COSO framework for internal control.
Question
Match the ERM component name to the appropriate definition.

A)This ensures that the enterprise has a process for setting goals that are consistent with the entity's mission and risk appetite.
B)This involves ensuring relevant data is captured and communicated effectively throughout the organization to appropriate individuals in a timely manner.
C)This involves watched evaluation and feedback that permits modifications as needed.
D)This involves the risk management philosophy of the enterprise, including the tone set by top management.
E)This is comprised of policies and procedures established and implemented to ensure risk responses are effective.
F)This involves identifying occurrences that affect an enterprise's ability to attain its objectives.
Control activities
Question
What is the difference between unrewarded risks and rewarded risks?
Question
Match the ERM Objective with the appropriate definition.

A)These objectives relate to the entity's compliance with all applicable laws and regulations.
B)These objectives relate to the effective and efficient use of the entity's resources.
C)These objectives relate to goals that support the entity's mission.
D)These objectives relate to the reliability of the enterprise's reporting, both internal and external.
Strategic objectives
Question
Match the ERM component name to the appropriate definition.

A)This ensures that the enterprise has a process for setting goals that are consistent with the entity's mission and risk appetite.
B)This involves ensuring relevant data is captured and communicated effectively throughout the organization to appropriate individuals in a timely manner.
C)This involves watched evaluation and feedback that permits modifications as needed.
D)This involves the risk management philosophy of the enterprise, including the tone set by top management.
E)This is comprised of policies and procedures established and implemented to ensure risk responses are effective.
F)This involves identifying occurrences that affect an enterprise's ability to attain its objectives.
Internal Environment
Question
Which of the following is not an ERM category in an enterprise's objectives?

A)Operational objective
B)Reporting objective
C)Compliance objective
D)Shareholder objective
Question
It is possible for a company to be 100% risk free.
Question
Which ERM category relates to the effective and efficient use of a corporation's resources?

A)Operational objective
B)Compliance objective
C)Strategic objective
D)Reporting objective
Question
What is risk intelligence?
Question
Match the ERM component name to the appropriate definition.

A)This ensures that the enterprise has a process for setting goals that are consistent with the entity's mission and risk appetite.
B)This involves ensuring relevant data is captured and communicated effectively throughout the organization to appropriate individuals in a timely manner.
C)This involves watched evaluation and feedback that permits modifications as needed.
D)This involves the risk management philosophy of the enterprise, including the tone set by top management.
E)This is comprised of policies and procedures established and implemented to ensure risk responses are effective.
F)This involves identifying occurrences that affect an enterprise's ability to attain its objectives.
Objective setting
Question
Match the ERM Objective with the appropriate definition.

A)These objectives relate to the entity's compliance with all applicable laws and regulations.
B)These objectives relate to the effective and efficient use of the entity's resources.
C)These objectives relate to goals that support the entity's mission.
D)These objectives relate to the reliability of the enterprise's reporting, both internal and external.
Operational objectives
Question
________ is a COSO framework that provides guidance for managing risk.
Question
Match the ERM component name to the appropriate definition.

A)This ensures that the enterprise has a process for setting goals that are consistent with the entity's mission and risk appetite.
B)This involves ensuring relevant data is captured and communicated effectively throughout the organization to appropriate individuals in a timely manner.
C)This involves watched evaluation and feedback that permits modifications as needed.
D)This involves the risk management philosophy of the enterprise, including the tone set by top management.
E)This is comprised of policies and procedures established and implemented to ensure risk responses are effective.
F)This involves identifying occurrences that affect an enterprise's ability to attain its objectives.
Monitoring
Question
Which of the following is not a dimension in an ERM cube?

A)ERM resources
B)ERM objectives
C)ERM components
D)ERM units
Question
Match the ERM component name to the appropriate definition.

A)This ensures that the enterprise has a process for setting goals that are consistent with the entity's mission and risk appetite.
B)This involves ensuring relevant data is captured and communicated effectively throughout the organization to appropriate individuals in a timely manner.
C)This involves watched evaluation and feedback that permits modifications as needed.
D)This involves the risk management philosophy of the enterprise, including the tone set by top management.
E)This is comprised of policies and procedures established and implemented to ensure risk responses are effective.
F)This involves identifying occurrences that affect an enterprise's ability to attain its objectives.
Information and communication
Question
Match the ERM Objective with the appropriate definition.

A)These objectives relate to the entity's compliance with all applicable laws and regulations.
B)These objectives relate to the effective and efficient use of the entity's resources.
C)These objectives relate to goals that support the entity's mission.
D)These objectives relate to the reliability of the enterprise's reporting, both internal and external.
Compliance objectives
Question
Since it is impossible to foreseeing and control for every possible threat, what approach does enterprise risk management take?
Question
________ is the process of assessing the extent to which events would impact an entity's ability to achieve its objectives.
Question
When risk responses are being considered, the costs and benefits of options may play a major role in the final decision.
Question
________ objectives, sometimes called mission or vision, establish the entity's purpose.
Question
The integrated enterprise system is unable to provide management with additional data and information for use in making enterprise risk management assessments and decisions.
Question
List and define the eight interrelated ERM components.
Question
In ERM risk assessment, ________ may refer to assessing likelihood using qualitative measures, such as high, medium, or low.
Question
In the context of enterprise risk management, ________ refers to the process of monitoring an entity's enterprise risk management.
Question
In ERM risk assessment, possibility may refer to assessing likelihood using a quantitative measure, such as percentages.
Question
The ________ relates to the culture of the organization and its risk consciousness.
Question
What is the main limitation in the ERM framework? Why is it a limitation?
Question
Which ERM component is comprised of policies and procedures established and implemented to ensure risk responses are effective?

A)Risk assessment
B)Control activities
C)Information and communication
D)Objective setting
Question
Match the word to the appropriate sentence to complete the risk response definition.

A)This risk response involves ________ or exiting the activities that give rise to the risk.
B)An entity reduces risk likelihood or risk impact by ________ the risk with another entity.
C)This risk response refers to actions taken to ________ risk likelihood, risk impact, or both.
D)When an entity responds to risk with ________, the entity takes no action to affect risk likelihood or risk impact.
Avoiding
Question
In ERM risk assessment, ________ may refer to assessing likelihood using a quantitative measure, such as percentages.
Question
________ is the acceptable level of variation in attaining objectives.
Question
Which ERM category relates to the goals that support a corporation's mission?

A)Reporting objective
B)Operational objective
C)Strategic objective
D)Compliance objective
Question
Risk assessment is the acceptable level of variation in attaining objectives.
Question
The ________ component involves identifying potential events that might affect the entity.
Question
Which ERM component involves the risk management philosophy of the enterprise, including the tone set by top management?

A)Control activities
B)Information and communication
C)Internal environment
D)Event identification
Question
The amount of risk an entity is willing to accept in pursuit of value is called ________.
Question
Assessment techniques used to assess risk are grouped into two categories. What are these categories? Define each.
Question
Match the IT control activity to the appropriate enterprise level.

A)IT governance
B)Business processes
C)IT processes and services
Entity-level IT controls
Question
Match the word to the appropriate sentence to complete the risk response definition.

A)This risk response involves ________ or exiting the activities that give rise to the risk.
B)An entity reduces risk likelihood or risk impact by ________ the risk with another entity.
C)This risk response refers to actions taken to ________ risk likelihood, risk impact, or both.
D)When an entity responds to risk with ________, the entity takes no action to affect risk likelihood or risk impact.
Acceptance
Question
Match the IT control activity to the appropriate enterprise level.

A)IT governance
B)Business processes
C)IT processes and services
Application controls
Question
Which question pertains to assessing risk likelihood?

A)What is the estimated frequency of the threat occurring?
B)What is the asset's value?
C)What is the estimated potential loss per threat?
D)How much is the asset worth to the competition?
Question
What is risk tolerance? Provide an example.
Question
Strategic objectives, also called ________, establish an organization's purpose.

A)Mission
B)Goal
C)Vision
D)A and C
Question
Which of the following is not considered a control activity?

A)Locked door
B)Performance reviews
C)Event identification
D)Segregation of duties
Question
What are the important questions to ask with assessing a risk's likelihood of occurring?
Question
Qualitative measures include

A)Means
B)Regression
C)Percentages
D)Ranking likelihood
Question
Match the IT control activity to the appropriate enterprise level.

A)IT governance
B)Business processes
C)IT processes and services
IT general controls
Question
When identifying risk responses, what typically plays a major role in the final decision?

A)Current regulations
B)Industry standards
C)Costs and benefits
D)B and C
Question
Operation objectives relate to

A)The reliability of both internal and external reports, including both financial and nonfinancial information
B)The effective and efficient use of the entity's resources
C)An entity's compliance with applicable laws and regulations
D)An entity's ability to mitigate risk
Question
What are the important questions to ask when assessing a risk's impact?
Question
Which of the following is an incident or occurrence that originates inside an organization?

A)Changes in regulations
B)Data integrity
C)New technology
D)Product competition
Question
Strategic objectives form the basis for the following objectives except

A)Financial objective
B)Reporting objective
C)Operations objective
D)Compliance objective
Question
Match the word to the appropriate sentence to complete the risk response definition.

A)This risk response involves ________ or exiting the activities that give rise to the risk.
B)An entity reduces risk likelihood or risk impact by ________ the risk with another entity.
C)This risk response refers to actions taken to ________ risk likelihood, risk impact, or both.
D)When an entity responds to risk with ________, the entity takes no action to affect risk likelihood or risk impact.
Reduce
Question
How can a risk management philosophy provide consistency in risk attitudes throughout an organization?

A)By anticipating all possible risks
B)By providing event specific examples
C)By being well-developed and articulated
D)By setting employee expectations
Question
Match the word to the appropriate sentence to complete the risk response definition.

A)This risk response involves ________ or exiting the activities that give rise to the risk.
B)An entity reduces risk likelihood or risk impact by ________ the risk with another entity.
C)This risk response refers to actions taken to ________ risk likelihood, risk impact, or both.
D)When an entity responds to risk with ________, the entity takes no action to affect risk likelihood or risk impact.
Sharing
Question
Which of the following is not an incident or occurrence that originates outside an organization?

A)Changes in consumer demographics
B)New legislation
C)Employee competence
D)Liquidity factors
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/100
auto play flashcards
Play
simple tutorial
Full screen (f)
exit full mode
Deck 12: The Risk Intelligent Enterprise: Enterprise Risk Management
1
The International Organization for Standardization framework for risk management is ________.
ISO 31000
2
________ risk is a risk that has the possibility of a positive payoff associate with it.
Rewarded
3
Risk intelligence moves beyond just managing risk to using risk intelligently to create value for the enterprise.
True
4
Application controls are controls over IT services, such as networks and database systems.
Unlock Deck
Unlock for access to all 100 flashcards in this deck.
Unlock Deck
k this deck
5
A silo approach with separate departments developing separate security programs without consideration of comprehensive risk management can prove to be very effective.
Unlock Deck
Unlock for access to all 100 flashcards in this deck.
Unlock Deck
k this deck
6
At the top management level, ________ IT controls provide IT governance that sets the tone from the top of the enterprise.
Unlock Deck
Unlock for access to all 100 flashcards in this deck.
Unlock Deck
k this deck
7
Which of the following titles does not refer to someone in the C-Suite?

A)CIO: Chief Information Officer
B)CSO: Chief Sustainability Officer
C)CIA: Certified Internal Auditor
D)CFO: Chief Financial Officer
Unlock Deck
Unlock for access to all 100 flashcards in this deck.
Unlock Deck
k this deck
8
________ risks have no positive payoff.
Unlock Deck
Unlock for access to all 100 flashcards in this deck.
Unlock Deck
k this deck
9
Risk management shifts an enterprise from a proactive approach of anticipating and mitigating future risks before incidents occur to a reactive approach.
Unlock Deck
Unlock for access to all 100 flashcards in this deck.
Unlock Deck
k this deck
10
Risk intelligence involves using risk in a proactive, constructive way to create additional value for the enterprise.
Unlock Deck
Unlock for access to all 100 flashcards in this deck.
Unlock Deck
k this deck
11
Which of the following is not considered part of IT controls?

A)ERM
B)Application controls
C)Entity-level controls
D)IT general controls
Unlock Deck
Unlock for access to all 100 flashcards in this deck.
Unlock Deck
k this deck
12
________ includes managing not only adverse risks, but also capitalizing on risk that presents the enterprise with opportunities to create value, such as evaluating risk associated with a new business acquisition.
Unlock Deck
Unlock for access to all 100 flashcards in this deck.
Unlock Deck
k this deck
13
Controls are risk driven, so understanding risk is a prerequisite to the appreciation and application of control.
Unlock Deck
Unlock for access to all 100 flashcards in this deck.
Unlock Deck
k this deck
14
The IT control associated with business processes is

A)Entity-level controls
B)IT general controls
C)Application controls
D)Event controls
Unlock Deck
Unlock for access to all 100 flashcards in this deck.
Unlock Deck
k this deck
15
What percentage of CFOs provide advice on IT?

A)64%
B)48%
C)83%
D)72%
Unlock Deck
Unlock for access to all 100 flashcards in this deck.
Unlock Deck
k this deck
16
The IT control associated with top management is

A)IT general controls
B)Entity-level controls
C)Application controls
D)Event controls
Unlock Deck
Unlock for access to all 100 flashcards in this deck.
Unlock Deck
k this deck
17
Which of the following is not part of IT controls?

A)Event controls
B)IT general controls
C)Entity-level controls
D)Application controls
Unlock Deck
Unlock for access to all 100 flashcards in this deck.
Unlock Deck
k this deck
18
Identifying, assessing, and mitigating risks has not been shown to produce better business performance.
Unlock Deck
Unlock for access to all 100 flashcards in this deck.
Unlock Deck
k this deck
19
Enterprise risk management (ERM)goes beyond just security and controls.
Unlock Deck
Unlock for access to all 100 flashcards in this deck.
Unlock Deck
k this deck
20
________ are controls embedded in business processes where a majority of security breaches occur.
Unlock Deck
Unlock for access to all 100 flashcards in this deck.
Unlock Deck
k this deck
21
ERM Operational objectives relate to goals that support the entity's mission.
Unlock Deck
Unlock for access to all 100 flashcards in this deck.
Unlock Deck
k this deck
22
Match the ERM component name to the appropriate definition.

A)This ensures that the enterprise has a process for setting goals that are consistent with the entity's mission and risk appetite.
B)This involves ensuring relevant data is captured and communicated effectively throughout the organization to appropriate individuals in a timely manner.
C)This involves watched evaluation and feedback that permits modifications as needed.
D)This involves the risk management philosophy of the enterprise, including the tone set by top management.
E)This is comprised of policies and procedures established and implemented to ensure risk responses are effective.
F)This involves identifying occurrences that affect an enterprise's ability to attain its objectives.
Event identification
Unlock Deck
Unlock for access to all 100 flashcards in this deck.
Unlock Deck
k this deck
23
Which of the following is not part of the ERM units?

A)Subsidiary
B)Entity-level
C)Operations
D)Division
Unlock Deck
Unlock for access to all 100 flashcards in this deck.
Unlock Deck
k this deck
24
Match the ERM Objective with the appropriate definition.

A)These objectives relate to the entity's compliance with all applicable laws and regulations.
B)These objectives relate to the effective and efficient use of the entity's resources.
C)These objectives relate to goals that support the entity's mission.
D)These objectives relate to the reliability of the enterprise's reporting, both internal and external.
Reporting objectives
Unlock Deck
Unlock for access to all 100 flashcards in this deck.
Unlock Deck
k this deck
25
The COSO Enterprise Risk Management framework replaces the COSO framework for internal control.
Unlock Deck
Unlock for access to all 100 flashcards in this deck.
Unlock Deck
k this deck
26
Match the ERM component name to the appropriate definition.

A)This ensures that the enterprise has a process for setting goals that are consistent with the entity's mission and risk appetite.
B)This involves ensuring relevant data is captured and communicated effectively throughout the organization to appropriate individuals in a timely manner.
C)This involves watched evaluation and feedback that permits modifications as needed.
D)This involves the risk management philosophy of the enterprise, including the tone set by top management.
E)This is comprised of policies and procedures established and implemented to ensure risk responses are effective.
F)This involves identifying occurrences that affect an enterprise's ability to attain its objectives.
Control activities
Unlock Deck
Unlock for access to all 100 flashcards in this deck.
Unlock Deck
k this deck
27
What is the difference between unrewarded risks and rewarded risks?
Unlock Deck
Unlock for access to all 100 flashcards in this deck.
Unlock Deck
k this deck
28
Match the ERM Objective with the appropriate definition.

A)These objectives relate to the entity's compliance with all applicable laws and regulations.
B)These objectives relate to the effective and efficient use of the entity's resources.
C)These objectives relate to goals that support the entity's mission.
D)These objectives relate to the reliability of the enterprise's reporting, both internal and external.
Strategic objectives
Unlock Deck
Unlock for access to all 100 flashcards in this deck.
Unlock Deck
k this deck
29
Match the ERM component name to the appropriate definition.

A)This ensures that the enterprise has a process for setting goals that are consistent with the entity's mission and risk appetite.
B)This involves ensuring relevant data is captured and communicated effectively throughout the organization to appropriate individuals in a timely manner.
C)This involves watched evaluation and feedback that permits modifications as needed.
D)This involves the risk management philosophy of the enterprise, including the tone set by top management.
E)This is comprised of policies and procedures established and implemented to ensure risk responses are effective.
F)This involves identifying occurrences that affect an enterprise's ability to attain its objectives.
Internal Environment
Unlock Deck
Unlock for access to all 100 flashcards in this deck.
Unlock Deck
k this deck
30
Which of the following is not an ERM category in an enterprise's objectives?

A)Operational objective
B)Reporting objective
C)Compliance objective
D)Shareholder objective
Unlock Deck
Unlock for access to all 100 flashcards in this deck.
Unlock Deck
k this deck
31
It is possible for a company to be 100% risk free.
Unlock Deck
Unlock for access to all 100 flashcards in this deck.
Unlock Deck
k this deck
32
Which ERM category relates to the effective and efficient use of a corporation's resources?

A)Operational objective
B)Compliance objective
C)Strategic objective
D)Reporting objective
Unlock Deck
Unlock for access to all 100 flashcards in this deck.
Unlock Deck
k this deck
33
What is risk intelligence?
Unlock Deck
Unlock for access to all 100 flashcards in this deck.
Unlock Deck
k this deck
34
Match the ERM component name to the appropriate definition.

A)This ensures that the enterprise has a process for setting goals that are consistent with the entity's mission and risk appetite.
B)This involves ensuring relevant data is captured and communicated effectively throughout the organization to appropriate individuals in a timely manner.
C)This involves watched evaluation and feedback that permits modifications as needed.
D)This involves the risk management philosophy of the enterprise, including the tone set by top management.
E)This is comprised of policies and procedures established and implemented to ensure risk responses are effective.
F)This involves identifying occurrences that affect an enterprise's ability to attain its objectives.
Objective setting
Unlock Deck
Unlock for access to all 100 flashcards in this deck.
Unlock Deck
k this deck
35
Match the ERM Objective with the appropriate definition.

A)These objectives relate to the entity's compliance with all applicable laws and regulations.
B)These objectives relate to the effective and efficient use of the entity's resources.
C)These objectives relate to goals that support the entity's mission.
D)These objectives relate to the reliability of the enterprise's reporting, both internal and external.
Operational objectives
Unlock Deck
Unlock for access to all 100 flashcards in this deck.
Unlock Deck
k this deck
36
________ is a COSO framework that provides guidance for managing risk.
Unlock Deck
Unlock for access to all 100 flashcards in this deck.
Unlock Deck
k this deck
37
Match the ERM component name to the appropriate definition.

A)This ensures that the enterprise has a process for setting goals that are consistent with the entity's mission and risk appetite.
B)This involves ensuring relevant data is captured and communicated effectively throughout the organization to appropriate individuals in a timely manner.
C)This involves watched evaluation and feedback that permits modifications as needed.
D)This involves the risk management philosophy of the enterprise, including the tone set by top management.
E)This is comprised of policies and procedures established and implemented to ensure risk responses are effective.
F)This involves identifying occurrences that affect an enterprise's ability to attain its objectives.
Monitoring
Unlock Deck
Unlock for access to all 100 flashcards in this deck.
Unlock Deck
k this deck
38
Which of the following is not a dimension in an ERM cube?

A)ERM resources
B)ERM objectives
C)ERM components
D)ERM units
Unlock Deck
Unlock for access to all 100 flashcards in this deck.
Unlock Deck
k this deck
39
Match the ERM component name to the appropriate definition.

A)This ensures that the enterprise has a process for setting goals that are consistent with the entity's mission and risk appetite.
B)This involves ensuring relevant data is captured and communicated effectively throughout the organization to appropriate individuals in a timely manner.
C)This involves watched evaluation and feedback that permits modifications as needed.
D)This involves the risk management philosophy of the enterprise, including the tone set by top management.
E)This is comprised of policies and procedures established and implemented to ensure risk responses are effective.
F)This involves identifying occurrences that affect an enterprise's ability to attain its objectives.
Information and communication
Unlock Deck
Unlock for access to all 100 flashcards in this deck.
Unlock Deck
k this deck
40
Match the ERM Objective with the appropriate definition.

A)These objectives relate to the entity's compliance with all applicable laws and regulations.
B)These objectives relate to the effective and efficient use of the entity's resources.
C)These objectives relate to goals that support the entity's mission.
D)These objectives relate to the reliability of the enterprise's reporting, both internal and external.
Compliance objectives
Unlock Deck
Unlock for access to all 100 flashcards in this deck.
Unlock Deck
k this deck
41
Since it is impossible to foreseeing and control for every possible threat, what approach does enterprise risk management take?
Unlock Deck
Unlock for access to all 100 flashcards in this deck.
Unlock Deck
k this deck
42
________ is the process of assessing the extent to which events would impact an entity's ability to achieve its objectives.
Unlock Deck
Unlock for access to all 100 flashcards in this deck.
Unlock Deck
k this deck
43
When risk responses are being considered, the costs and benefits of options may play a major role in the final decision.
Unlock Deck
Unlock for access to all 100 flashcards in this deck.
Unlock Deck
k this deck
44
________ objectives, sometimes called mission or vision, establish the entity's purpose.
Unlock Deck
Unlock for access to all 100 flashcards in this deck.
Unlock Deck
k this deck
45
The integrated enterprise system is unable to provide management with additional data and information for use in making enterprise risk management assessments and decisions.
Unlock Deck
Unlock for access to all 100 flashcards in this deck.
Unlock Deck
k this deck
46
List and define the eight interrelated ERM components.
Unlock Deck
Unlock for access to all 100 flashcards in this deck.
Unlock Deck
k this deck
47
In ERM risk assessment, ________ may refer to assessing likelihood using qualitative measures, such as high, medium, or low.
Unlock Deck
Unlock for access to all 100 flashcards in this deck.
Unlock Deck
k this deck
48
In the context of enterprise risk management, ________ refers to the process of monitoring an entity's enterprise risk management.
Unlock Deck
Unlock for access to all 100 flashcards in this deck.
Unlock Deck
k this deck
49
In ERM risk assessment, possibility may refer to assessing likelihood using a quantitative measure, such as percentages.
Unlock Deck
Unlock for access to all 100 flashcards in this deck.
Unlock Deck
k this deck
50
The ________ relates to the culture of the organization and its risk consciousness.
Unlock Deck
Unlock for access to all 100 flashcards in this deck.
Unlock Deck
k this deck
51
What is the main limitation in the ERM framework? Why is it a limitation?
Unlock Deck
Unlock for access to all 100 flashcards in this deck.
Unlock Deck
k this deck
52
Which ERM component is comprised of policies and procedures established and implemented to ensure risk responses are effective?

A)Risk assessment
B)Control activities
C)Information and communication
D)Objective setting
Unlock Deck
Unlock for access to all 100 flashcards in this deck.
Unlock Deck
k this deck
53
Match the word to the appropriate sentence to complete the risk response definition.

A)This risk response involves ________ or exiting the activities that give rise to the risk.
B)An entity reduces risk likelihood or risk impact by ________ the risk with another entity.
C)This risk response refers to actions taken to ________ risk likelihood, risk impact, or both.
D)When an entity responds to risk with ________, the entity takes no action to affect risk likelihood or risk impact.
Avoiding
Unlock Deck
Unlock for access to all 100 flashcards in this deck.
Unlock Deck
k this deck
54
In ERM risk assessment, ________ may refer to assessing likelihood using a quantitative measure, such as percentages.
Unlock Deck
Unlock for access to all 100 flashcards in this deck.
Unlock Deck
k this deck
55
________ is the acceptable level of variation in attaining objectives.
Unlock Deck
Unlock for access to all 100 flashcards in this deck.
Unlock Deck
k this deck
56
Which ERM category relates to the goals that support a corporation's mission?

A)Reporting objective
B)Operational objective
C)Strategic objective
D)Compliance objective
Unlock Deck
Unlock for access to all 100 flashcards in this deck.
Unlock Deck
k this deck
57
Risk assessment is the acceptable level of variation in attaining objectives.
Unlock Deck
Unlock for access to all 100 flashcards in this deck.
Unlock Deck
k this deck
58
The ________ component involves identifying potential events that might affect the entity.
Unlock Deck
Unlock for access to all 100 flashcards in this deck.
Unlock Deck
k this deck
59
Which ERM component involves the risk management philosophy of the enterprise, including the tone set by top management?

A)Control activities
B)Information and communication
C)Internal environment
D)Event identification
Unlock Deck
Unlock for access to all 100 flashcards in this deck.
Unlock Deck
k this deck
60
The amount of risk an entity is willing to accept in pursuit of value is called ________.
Unlock Deck
Unlock for access to all 100 flashcards in this deck.
Unlock Deck
k this deck
61
Assessment techniques used to assess risk are grouped into two categories. What are these categories? Define each.
Unlock Deck
Unlock for access to all 100 flashcards in this deck.
Unlock Deck
k this deck
62
Match the IT control activity to the appropriate enterprise level.

A)IT governance
B)Business processes
C)IT processes and services
Entity-level IT controls
Unlock Deck
Unlock for access to all 100 flashcards in this deck.
Unlock Deck
k this deck
63
Match the word to the appropriate sentence to complete the risk response definition.

A)This risk response involves ________ or exiting the activities that give rise to the risk.
B)An entity reduces risk likelihood or risk impact by ________ the risk with another entity.
C)This risk response refers to actions taken to ________ risk likelihood, risk impact, or both.
D)When an entity responds to risk with ________, the entity takes no action to affect risk likelihood or risk impact.
Acceptance
Unlock Deck
Unlock for access to all 100 flashcards in this deck.
Unlock Deck
k this deck
64
Match the IT control activity to the appropriate enterprise level.

A)IT governance
B)Business processes
C)IT processes and services
Application controls
Unlock Deck
Unlock for access to all 100 flashcards in this deck.
Unlock Deck
k this deck
65
Which question pertains to assessing risk likelihood?

A)What is the estimated frequency of the threat occurring?
B)What is the asset's value?
C)What is the estimated potential loss per threat?
D)How much is the asset worth to the competition?
Unlock Deck
Unlock for access to all 100 flashcards in this deck.
Unlock Deck
k this deck
66
What is risk tolerance? Provide an example.
Unlock Deck
Unlock for access to all 100 flashcards in this deck.
Unlock Deck
k this deck
67
Strategic objectives, also called ________, establish an organization's purpose.

A)Mission
B)Goal
C)Vision
D)A and C
Unlock Deck
Unlock for access to all 100 flashcards in this deck.
Unlock Deck
k this deck
68
Which of the following is not considered a control activity?

A)Locked door
B)Performance reviews
C)Event identification
D)Segregation of duties
Unlock Deck
Unlock for access to all 100 flashcards in this deck.
Unlock Deck
k this deck
69
What are the important questions to ask with assessing a risk's likelihood of occurring?
Unlock Deck
Unlock for access to all 100 flashcards in this deck.
Unlock Deck
k this deck
70
Qualitative measures include

A)Means
B)Regression
C)Percentages
D)Ranking likelihood
Unlock Deck
Unlock for access to all 100 flashcards in this deck.
Unlock Deck
k this deck
71
Match the IT control activity to the appropriate enterprise level.

A)IT governance
B)Business processes
C)IT processes and services
IT general controls
Unlock Deck
Unlock for access to all 100 flashcards in this deck.
Unlock Deck
k this deck
72
When identifying risk responses, what typically plays a major role in the final decision?

A)Current regulations
B)Industry standards
C)Costs and benefits
D)B and C
Unlock Deck
Unlock for access to all 100 flashcards in this deck.
Unlock Deck
k this deck
73
Operation objectives relate to

A)The reliability of both internal and external reports, including both financial and nonfinancial information
B)The effective and efficient use of the entity's resources
C)An entity's compliance with applicable laws and regulations
D)An entity's ability to mitigate risk
Unlock Deck
Unlock for access to all 100 flashcards in this deck.
Unlock Deck
k this deck
74
What are the important questions to ask when assessing a risk's impact?
Unlock Deck
Unlock for access to all 100 flashcards in this deck.
Unlock Deck
k this deck
75
Which of the following is an incident or occurrence that originates inside an organization?

A)Changes in regulations
B)Data integrity
C)New technology
D)Product competition
Unlock Deck
Unlock for access to all 100 flashcards in this deck.
Unlock Deck
k this deck
76
Strategic objectives form the basis for the following objectives except

A)Financial objective
B)Reporting objective
C)Operations objective
D)Compliance objective
Unlock Deck
Unlock for access to all 100 flashcards in this deck.
Unlock Deck
k this deck
77
Match the word to the appropriate sentence to complete the risk response definition.

A)This risk response involves ________ or exiting the activities that give rise to the risk.
B)An entity reduces risk likelihood or risk impact by ________ the risk with another entity.
C)This risk response refers to actions taken to ________ risk likelihood, risk impact, or both.
D)When an entity responds to risk with ________, the entity takes no action to affect risk likelihood or risk impact.
Reduce
Unlock Deck
Unlock for access to all 100 flashcards in this deck.
Unlock Deck
k this deck
78
How can a risk management philosophy provide consistency in risk attitudes throughout an organization?

A)By anticipating all possible risks
B)By providing event specific examples
C)By being well-developed and articulated
D)By setting employee expectations
Unlock Deck
Unlock for access to all 100 flashcards in this deck.
Unlock Deck
k this deck
79
Match the word to the appropriate sentence to complete the risk response definition.

A)This risk response involves ________ or exiting the activities that give rise to the risk.
B)An entity reduces risk likelihood or risk impact by ________ the risk with another entity.
C)This risk response refers to actions taken to ________ risk likelihood, risk impact, or both.
D)When an entity responds to risk with ________, the entity takes no action to affect risk likelihood or risk impact.
Sharing
Unlock Deck
Unlock for access to all 100 flashcards in this deck.
Unlock Deck
k this deck
80
Which of the following is not an incident or occurrence that originates outside an organization?

A)Changes in consumer demographics
B)New legislation
C)Employee competence
D)Liquidity factors
Unlock Deck
Unlock for access to all 100 flashcards in this deck.
Unlock Deck
k this deck
locked card icon
Unlock Deck
Unlock for access to all 100 flashcards in this deck.
QuizPlus
surly
Quizplus
Work With Us
Policies
Download the App
Scan to downloadDownload the App
qr-code
Links
Links
Work With Us
Download the App
surly
English
English
العربية
Scan to downloadDownload the App
qr-code

English
English
العربية
Copyright © 2025 Quizplus LLC.
  • facebook-footer
  • instagram-footer
  • x-footer
  • tiktok
  • Linktree