2. Risk Management – Flashcards

Unlock all answers in this set

Unlock answers
question
The IIA Practice Guide concerning the ISO 31000 model describes three approaches to providing assurance on risk management processes.
answer
1. The maturity model approach is based on the principle that effective risk management processes develop as value is added at each stage of maturation. 2. The process element approach determines whether each element has been implemented 3. The key principles approach determines the extent to which risk management creates and protects value, is fully integrated with management at all levels, etc.
question
Control activities
answer
Control activities are policies and procedures to ensure the effectiveness of risk responses
question
Risk modeling in a consulting service
answer
Risk modeling in a consulting service is done by ranking the engagement's potential to (1) improve management of risks, (2) add value, and (3) improve the organization's operations (Impl. Std. 2010.C1). Senior management assigns a weight to each item based on organizational objectives. The engagements with the appropriate weighted values are included in the annual audit plan.
question
qualities should be possessed by a board of directors
answer
Directors' attitudes are a key component of the internal environment. They must possess certain qualities to be effective.•A majority of the board should be outside directors. •Directors generally should have years of experience either in the industry or in corporate governance. •Directors must be willing to challenge management's choices. Complacent directors increase the chances of adverse consequences.
question
Inherent risk is
answer
Inherent risk is the risk when management has not taken action to reduce the impact or likelihood of an adverse event. Thus, it is risk in the absence of a risk response.
question
Risk appetite should be considered in
answer
1.Evaluating strategies, 2.Setting related objectives, and 3.Developing risk management methods.
question
components of the ISO 31000 model as described in The IIA Practice Guide
answer
1. Design of framework. 2. Continual improvement. 3. Monitoring and review.
question
In the risk management process, management's view of the internal audit activity's role is likely to be determined by
answer
1. Ability of the internal audit staff. 2. Local conditions and customs of the country. 3. Organizational culture.
question
Risk exploitation
answer
Risk exploitation seeks risk to pursue a high return on investment
question
Difference between traditional risk management and ERM
answer
The enterprise risk management approach set forth by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) attempts to approach an organization as a whole instead of focusing on any specific area or risk
question
Risk modeling or risk analysis is often used in conjunction with development of long-range engagement work schedules. The key input in the evaluation of risk is...
answer
Judgment of the internal auditors. Assessing the risk of an activity entails analysis of numerous factors, estimation of probabilities and amounts of potential losses, and an appraisal of the costs and benefits of risk reduction. Consequently, in assessing the magnitude of risk associated with any factor in a risk model, informed judgment by the internal auditor is required.
question
Which approach is to providing assurance on the risk management process is based on the principle that effective risk management processes develop as value is added at each stage of maturation?
answer
The maturity model approach is based on the principle that effective risk management processes develop as value is added at each stage of maturation. Accordingly, this approach determines where risk management is on the maturity curve and whether it (1) is progressing as expected, (2) adds value, and (3) meets organizational needs.
question
affected by external events that the entity may not be able to control
answer
Strategic and operational matters are affected by external events that the entity may not control. Thus, ERM should provide reasonable assurance that management and the board receive timely information about whether those objectives are being achieved. Reporting and compliance are within the entity's control. Accordingly, ERM should provide reasonable assurance of achieving those objectives
question
Quantitative risk management methods are most appropriate for
answer
The use of derivatives by the organization. The organization designs risk management processes based on its culture, management style, and business objectives. For example, the use of derivatives or other sophisticated capital market products by the organization could require the use of quantitative risk management tools. But the internal auditor determines that the methodology chosen is sufficiently comprehensive and appropriate for the nature of the organization
question
Risk management is the responsibility of management. The role of the internal audit activity in the risk management process may include
answer
The internal audit activity's role in the risk management process of an organization can change over time and may include responsibilities along a continuum that extends from (1) no role; (2) auditing the risk management process as part of the internal audit plan; (3) active, continuous support and involvement in the risk management process, such as participation on oversight committees, monitoring activities, and status reporting; and (4) managing and coordinating the process (PA 2120-1, para. 4).
question
When ERM is effective regarding all of the objectives, the board and management have reasonable assurance that
answer
When ERM is effective regarding all of the objectives, the board and management have reasonable assurance that (1) reporting is reliable, (2) compliance is achieved, and (3) the extent of achievement of strategic and operations objectives is known.
question
Which of the following is a principal benefit of enterprise risk management (ERM)?
answer
Preventing loss of reputation and resources.
question
The correct order for performing the first four phases of the enterprise risk management (ERM) process is
answer
The correct order for performing the first four phases of the enterprise risk management (ERM) process is as follows: internal environment, objective setting, event identification, risk assessment.
question
Risk is measured in terms of significance and likelihood. Excessive cash disbursements due to duplicate payments to vendors are events that most likely are placed in which area of a risk map?
answer
High significance, medium likelihood.
question
The function of the chief risk officer is moonmentst effective when the chief risk officer
answer
Monitors risk as part of the enterprise risk management team. A chief risk officer is a member of management assigned primary responsibility for enterprise risk management processes. The chief risk officer is most effective when supported by a specific team with the necessary expertise and experience related to organization-wide risk.
question
Internal environment
answer
Risk response is a separate component of the COSO ERM model from the internal environment component.
question
Internal audit assessment
answer
Significant risks and ongoing monitoring activities are assessed by the internal audit activity as part of the risk management process (Inter. Std. 2120). But review of previous risk evaluation reports is a means of obtaining evidence for an assessment.
question
Senior management has identified the trading of marketable securities as a high-risk activity. In response, a new supervisory position was created. Every evening after the close of business, this supervisor reviews every trade made during the day. After 6 months of trading marketable securities under this system, the quantified risk reported by the internal audit activity is termed
answer
Residual risk. It is the risk after a risk response.
question
capability of enterprise risk management (ERM):
answer
1.Quicker response to opportunities. 2.Better capital allocation. 3.Reduction of operational surprises and losses
question
Risk appetite should be considered in1.Evaluating strategies, 2.Setting related objectives, and 3.Developing risk management methods.
answer
Increasing the net present value of investments is an operational objective. It would be determined after consideration of the entity's risk appetite and other strategic factors.
Get an explanation on any task
Get unstuck with the help of our AI assistant in seconds
New