Upgrade to remove ads
Chapter 4: Risk Management
Terms in this set (13)
1. According to COSO ERM, all of the following are elements of an organization's internal environment except:
a. Setting organizational objectives.
b. Establishing risk appetite.
c. Assigning authority and responsibility.
d. Having predominantly independent directors on the board.
1. A is the best answer. Setting organizational objectives is part of the objective-setting component, not the internal environment.
2. Which of the following external events will most likely impact a defense contractor that relies on large government contracts for its success?
a. Economic event.
b. Natural environment event.
c. Political event.
d. Social event.
2. C is the best answer. While any or all of those events may impact a defense contractor's success, a change in government or political agendas is most likely to have a significant impact.
3. Which of the following is not an example of a risk-sharing strategy?
a. Outsourcing a noncore, high-risk area.
b. Selling a nonstrategic business unit.
c. Hedging against interest rate fluctuations. d. Buying an insurance policy to protect against adverse weather.
3. B is the best answer. Selling a business unit is a risk avoidance strategy.
4. An organization tracks a website hosting anonymous blogs about its industry. Recently, anonymous posts have focused on potential legislation that could have a dramatic effect on this industry. Which of the following may create the greatest risk if this organization makes business decisions based on the information contained on this website?
a. Appropriateness of the information.
b. Timeliness of the information.
c. Accessibility of the information.
d. Accuracy and reliability of the information.
4. D is the best answer. While there are risks with the other factors, an anonymous website may not be accurate and reliable enough to support business decisions.
5. Which of the following risk management activities is out of sequence in terms of timing?
a. Identify, assess, and prioritize risks.
b. Develop risk responses/ treatments.
c. Determine key organizational objectives.
d. Monitor the effectiveness of risk responses/ treatments.
5. C is the best answer. Key organizational objectives must be determined before the risks that threaten the achievement of the objectives can be identified, assessed, and prioritized.
6. Who is responsible for implementing ERM? a. The chief financial officer.
b. The chief audit executive.
c. The chief compliance officer.
d. Management throughout the organization.
6. D is the best answer. ERM must be implemented by management throughout an organization.
7. Which of the following is not a potential value driver for implementing ERM?
a. Financial results will improve in the short run.
b. There will be fewer surprises from year to year.
c. There will be better information available to make risk decisions.
d. An organization's risk appetite can be aligned with strategic planning.
7. A is the best answer. While there may be long-term financial benefits from ERM, organizations should not expect to see such benefits in the short run.
8. Which of the following is the best reason for the CAE to consider the organization's strategic plan in developing the annual internal audit plan?
a. To emphasize the importance of the internal audit function to the organization.
b. To ensure that the internal audit plan will be approved by senior management.
c. To make recommendations to improve the strategic plan.
d. To ensure that the internal audit plan supports the overall business objectives.
8. D is the best answer. It is important to align the internal audit plan with the organization's business objectives.
9. When senior management accepts a level of residual risk that the CAE believes is unacceptable to the organization, the CAE should:
a. Report the unacceptable risk level immediately to the chair of the audit committee and the independent outside audit firm partner.
b. Resign his or her position in the organization.
c. Discuss the matter with knowledgeable members of senior management and, if not resolved, take it to the audit committee.
d. Accept senior management's position because it establishes the risk appetite for the organization.
9. C is the best answer. The chief audit executive (CAE) must first verify that he or she fully understands management's reasons for accepting that level of risk. If he or she is still not comfortable, the audit committee is the next higher authority.
10. The CAE is asked to lead the enterprise risk assessment as part of an organization's implementation of ERM. Which of the following would not be relevant with respect to protecting the internal audit function's independence and the objectivity of its internal auditors?
a. A cross-section of management is involved in assessing the impact and likelihood of each risk.
b. Risk owners are assigned responsibility for each key risk.
c. A member of senior management presents the results of the risk assessment to the board and communicates that it represents the organization's risk profile.
d. The internal audit function obtains assistance from an outside consultant in the conduct of the formal risk assessment session.
10. D is the best answer. Utilizing an outside consultant does not necessarily eliminate the impairment of the internal auditor's objectivity. The function may still be perceived to have responsibility for performing a management function.
11. An internal audit engagement was included in the approved internal audit plan. This is considered a moderately high-risk audit based on the internal audit function's risk model. It is currently on a two-year audit cycle. Which of the following will likely have the greatest impact on the scope and approach of the internal audit engagement?
a. The area being audited involves the processing of a high volume of transactions.
b. Certain components of the process are outsourced.
c. A new system was implemented during the year, which changed how the transactions are processed.
d. The total dollars processed in this area are material.
11. C is the best answer. The significant change in the underlying system will have a great impact on the current audit. The other factors will influence the overall risk rating of the audit project, but will typically have less impact on the scope and approach toward the audit.
12. A manufacturing company has identified the following risk: "Failure of employees to conduct required quality control procedures may result in a high level of customer returns." To which type of objective does this risk most directly relate?
12. B is the best answer. While inadequate quality control may have strategic, reporting, and compliance implications, quality control procedures are typically implemented to achieve operations' objectives.
13. A risk that a new competitor will significantly reduce the market share of an organization's product likely relates to which type of objective?
13. A is the best answer. Competitor actions typically affect strategic objectives.
THIS SET IS OFTEN IN FOLDERS WITH...
Chapter 3: Governance
Chapter 5: Business Processes and Risks
Chapter 6: Internal Control
Chapter 2: The International Professional Practice…
YOU MIGHT ALSO LIKE...
Internal Auditing Chapter 4
IA: Chapter 4 Risk Mangement
ACCT 422 Chapter 4
CH4: Risk Management
OTHER SETS BY THIS CREATOR
Chapter 9: Managing the Internal Audit Function
Chapter 10: Audit Evidence and Working Papers
Chapter 11: Audit Sampling
OTHER QUIZLET SETS
MGMT 310 Test 3 Review
C846 Chapter 3 Questions
IA test 2
Quizzes to Date