Risk Management and Internal Controls, Exams of Risk Analysis

Various aspects of risk management and internal controls within organizations. It covers topics such as the role of the board of directors in establishing a risk management framework, the types of risks organizations face (individual and general risk, operational risk, reputational risk, etc.), the importance of data governance and risk management information systems, the responsibilities of the chief risk officer, and the relationship between internal audit and enterprise risk management. The document also touches on compliance requirements, risk appetite, and the use of technology in risk management. Overall, the document provides a comprehensive overview of the key elements and best practices in effective risk management and internal control systems for organizations.

Typology: Exams

2024/2025

Available from 09/29/2024

exam-hut
exam-hut 🇺🇸

4.8

(5)

1.6K documents

1 / 29

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
ARM 400 Practice Exam/Combined Arms
Exam Comprehensive Solutions for Every
Question With Detailed Explanations and
Answers
A. The selected method does not align with the Committee of Sponsoring Organizations of the
Treadway Commission's (COSO) Internal Control—Integrated Framework because it must also be
applied at the operating unit and functional levels and it must be monitored.An independent
auditor has been given the task of evaluating internal controls at Westside Company (Westside).
The auditor has determined that Westside's board of directors has endorsed a framework
requiring management to have documented internal reporting controls to ensure efficient
operations, accuracy of financial statements, and compliance with regulations. The framework is
applied at the entity and divisional levels, but not the operating unit or functional levels. The
program is new so it has not yet been monitored. The auditor is likely to report that
B. The selected method aligns with the Committee of Sponsoring Organizations of the Treadway
Commission - -correct ans- -A. The selected method does not align with the Committee of
Sponsoring Organizations of the Treadway Commission's (COSO) Internal Control—Integrated
Framework because it must also be applied at the operating unit and functional levels and it
must be monitored.
There are two types of associated risk for data privacy, individual and general risk. General data
privacy risk
A. Varies by the type of business or industry.
B. Involves legal and regulatory requirements.
C. Is of specific concern to the European Union.
D. Can be categorized operational or reputational. - -correct ans- -D. Can be categorized
operational or reputational.
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d

Partial preview of the text

Download Risk Management and Internal Controls and more Exams Risk Analysis in PDF only on Docsity!

ARM 400 Practice Exam/Combined Arms

Exam Comprehensive Solutions for Every

Question With Detailed Explanations and

Answers

A. The selected method does not align with the Committee of Sponsoring Organizations of the Treadway Commission's (COSO) Internal Control—Integrated Framework because it must also be applied at the operating unit and functional levels and it must be monitored.An independent auditor has been given the task of evaluating internal controls at Westside Company (Westside). The auditor has determined that Westside's board of directors has endorsed a framework requiring management to have documented internal reporting controls to ensure efficient operations, accuracy of financial statements, and compliance with regulations. The framework is applied at the entity and divisional levels, but not the operating unit or functional levels. The program is new so it has not yet been monitored. The auditor is likely to report that B. The selected method aligns with the Committee of Sponsoring Organizations of the Treadway Commission - -correct ans- -A. The selected method does not align with the Committee of Sponsoring Organizations of the Treadway Commission's (COSO) Internal Control—Integrated Framework because it must also be applied at the operating unit and functional levels and it must be monitored. There are two types of associated risk for data privacy, individual and general risk. General data privacy risk A. Varies by the type of business or industry. B. Involves legal and regulatory requirements. C. Is of specific concern to the European Union. D. Can be categorized operational or reputational. - -correct ans- -D. Can be categorized operational or reputational.

An organization must meet the standard of care that it owes to others in order to ensure that A. Post-loss goals are in place. B. Legal obligations are satisfied. C. Operations are efficient. D. Contracts are not breached. - -correct ans- -B. Legal obligations are satisfied. The opening day finally arrived for a local amusement park that advertised its new roller coaster for months. The crowds were bigger than normal that day as folks lined up to try the new thrill ride. Everything was going well for the first few hours until around mid-day the ride all of a sudden screeched to a halt in the middle of a run. Fortunately the delay was only 15 minutes and the coaster was on flat track at the time and not a loop. However some technical issues prevented the ride from continuing that day and it had to be shut down. As a result, many patrons were upset and disappointed with the outcome. Knowing that successfully managing reputational risk involves quickly recognizing the risk to reputation, rapidly making important decisions to manage the risk and relying on leadership and culture for a favorable outcome, all of the following fit this criteria, EXCEPT: A. Contacting the local news channel and - -correct ans- -C. Reminding patrons that their attendance comes with an assumption of risk and no guarantees. North American Furnishings is using business process management to help it identify risks that threaten its processes. Which one of the following risks would be considered an internal risk? A. The rise in the cost of materials due to new forestry regulations B. The drop in demand due to rising interest rates C. The loss of skilled craftspeople due to retirement D. The loss of available materials due to tornadoes - -correct ans- -C. The loss of skilled craftspeople due to retirement

D. Employees do not have direct access to each other. - -correct ans- -B. Individuals know to whom to report. Metadata contains A. Accounting ledger entries as well as big data. B. Information about data as well as rules about that data. C. Both material limitations and sampling methodology. D. A combination of structured and unstructured data. - -correct ans- -B. Information about data as well as rules about that data. Which one of the following best describes how internal audit supports enterprise risk management (ERM)? A. Internal audit finds risks overlooked by ERM. B. Internal audit implements the risk assessments provided by ERM. C. ERM provides the assessments that internal audit uses to test the viability of controls. D. ERM implements risk management activities and internal audit assesses the results. - -correct ans- -D. ERM implements risk management activities and internal audit assesses the results. Data governance provides A. Definitions, standards and procedures for how data is used. B. The internal data entry processes needed to capture accounting transactions. C. A dynamic view of data without needing to move it between systems. D. A road map that details where data is located. - -correct ans- -A. Definitions, standards and procedures for how data is used.

Which one of the following best describes how the modern approach to internal auditing differs from the traditional approach? A. The modern approach uses many systems-based techniques, determines activity based on the organization's business objectives, materiality of the risk and key threats to achieving business objectives rather than evaluating current controls. B. The modern approach uses a systems-based technique, evaluating current controls and threats to the organization, and considers the materiality of risks, but does not consider an organization's business objectives. C. The traditional approach confines itself to review of current system controls, compliance with those controls and any potential to bypass those controls rather than the materiality of the risk. D. The traditional approach uses systems-based controls, determines materiality of potential risks to the organization's achievement of its objecti - -correct ans- -A. The modern approach uses many systems-based techniques, determines activity based on the organization's business objectives, materiality of the risk and key threats to achieving business objectives rather than evaluating current controls. Organizations are increasingly creating chief risk officer (CRO) positions. Which one of the following statements is correct with respect to CROs? A. The CRO's rank and importance to the board of directors are equal to those of the organization's other executive officers. B. A 2012 survey indicated that, in companies with annual revenue greater than $20 billion, fewer than 20% had created a CRO position. C. Typically, a CRO analyzes, measures, and monitors risk; compiles reports; and facilitates risk workshops without the need for staff. D. CROs' roles are relatively standardized from industry to industry; they focus primarily on measuring and controlling risk. - -correct ans- -A. The CRO's rank and importance to the board of directors are equal to those of the organization's other executive officers. One advantage that a national organization would derive from creating risk centers is that it

It is necessary to assess the risk appetite of a business supplier prior to doing business because understanding the risk appetite allows the organization to A. Negotiate better prices and delivery times. B. Ascertain whether the relationship is a good fit. C. Leverage its payments to the supplier to the organization's advantage D. Better control its production. - -correct ans- -B. Ascertain whether the relationship is a good fit. Successful organizations have goals and objectives. A financial or nonfinancial measurement that defines how successfully an organization is progressing toward its long-term goals is referred to as A. An operating standard (OS). B. An objective gauge (OG). C. A key performance indicator (KPI). D. A critical success factor (CSF). - -correct ans- -C. A key performance indicator (KPI).
Key risk indicators (KRIs) help organizations identify issues that can lead to losses. Effective KRIs are based on a company's A. Sales volume. B. Strategic objectives. C. Product or industry. D. Organizational structure. - -correct ans- -B. Strategic objectives.

The difference between risk tech and insurtech is A. Risk tech is applicable in personal risk management situations, which insurtech is designed for application in commercial business situations. B. Insurtech is a broader concept and incorporates risk tech as one of its underlying tenets. C. Insurtech applies to many different industries while risk tech is limited in focus to insurance, reinsurance, and nontraditional risk financing alternatives. D. Risk tech goes beyond insurtech by expanding its focus to making risk financing more efficient and preventing and mitigating losses in a variety of industries. - -correct ans- -D. Risk tech goes beyond insurtech by expanding its focus to making risk financing more efficient and preventing and mitigating losses in a variety of industries. The Federal Sentencing Guidelines require a senior manager to have responsibility for the organization's entire compliance program. The individual selected is typically from which one of the following functions of the organization? A. Internal audit B. Human development C. Operations D. Legal - -correct ans- -A. Internal audit In an effort to reduce expenses, increase profitability, and reduce human errors; ABC Insurance Company decided to automate most of its personal lines underwriting function. The company now uses standardized application forms that are submitted electronically to one of the company's regional offices. At each regional office, a computer with a scanner reads the applications. The computer has been programmed with acceptable answers to the questions. If the answers on the application are all acceptable, the policy is automatically issued. Rejected applications are automatically forwarded to a human underwriter who reviews them. The use of this technology has reduced the company's expense ratio by two and a half percent, and reduced the time it takes to issue a policy. ABC Insurance Company's use of computers to evaluate applications electronically is an application of

A. Corporations must fairly and accurately report on the financial condition of the firm to all stakeholders. B. Restaurant employees must wash their hands every time they use the restroom. C. Investors having material influence over the management of a publicly traded company must publicly disclose that control to all stakeholders in the firm. D. Insurance companies must retain sufficient capital to ensure that policyholder obligations are met. - -correct ans- -B. Restaurant employees must wash their hands every time they use the restroom. The board of directors must use a thorough understanding of the organization's overall risk philosophy to determine the amount of risk the organization is willing to seek or accept in the pursuit of long-term objectives. This amount of risk is called the organization's A. Probable maximum loss. B. Risk appetite. C. Retention level. D. Maximum possible loss. - -correct ans- -B. Risk appetite. Sims Cinnamon Rolls and Donuts creates confectionery masterpieces for business conventions. Knowing how much a warm cinnamon roll or fresh donut means to a conventioneer just arriving from out of town, Sims' decides to implement a standard that 100% of its orders be delivered 60 minutes before the start of each convention. This is an example of which of the following kinds of compliance requirements? A. External and Voluntary B. External and Mandatory C. Internal and Mandatory D. Internal and Voluntary - -correct ans- -D. Internal and Voluntary

Malware is defined as A. A hardware-based security breach. B. A tool for managing data security. C. Software technology used to encrypt data. D. Software designed to cause damage. - -correct ans- -D. Software designed to cause damage. Which one of the following best describes why many purchasers require an ISO 9001 certification prior to buying a business? A. To ensure that internal standards and controls are in place. B. To obligate the seller to perform audits for conformance prior to the sale. C. To have an outside audit company attest to its conclusive audit. D. To transfer liability should the financial statements prove erroneous. - -correct ans- -A. To ensure that internal standards and controls are in place. Preventive controls assist the overall control environment of an organization by A. Comparing different sets of data and investigating any differences. B. Reducing risk of unauthorized actions. C. Addressing reconciliation of accounting errors. D. Detecting errors or inconsistencies after they occur. - -correct ans- -B. Reducing risk of unauthorized actions. There are four major objectives of a compliance program. Which one of the following would not be considered an objective?

A. Processes are modeled to identify the organization's response to what-if scenarios. B. Processes are designed or redesigned by considering workflows and affected personnel. C. Processes are tracked so that statistics on their performance can be gathered. D. Critical processes that support achievement of the organization's goals are selected for analysis. - -correct ans- -B. Processes are designed or redesigned by considering workflows and affected personnel. Which one of the following disruptions would most likely pose an immediate threat to an organization's reputation? A. Global financial crisis B. Widespread power outage C. Data breach D. Forest fire - -correct ans- -C. Data breach Lucy is a chef at a restaurant. She is growing tired of working such long hours and not reaping the financial benefits. Lucy has been saving money with the goal of opening her own restaurant. She recently talked to a financial advisor about the options market as a way to grow her savings quickly. The financial advisor explained that it is a risky choice, but could potentially allow her to reach her goal of owning a restaurant in the near future. Lucy has decided to invest her savings in the options market. Which one of the following types of risk attitude does Lucy exhibit? A. Risk managed B. Risk optimizing C. Risk seeking D. Risk obsessed - -correct ans- -C. Risk seeking The Auditing Standard No. 5 (AS 5) calls for a specific fraud assessment because

A. The failure to prevent or detect fraudulent misstatements is higher than the risk of failing to prevent or detect other types of errors. B. Of the financial scandals of the late twentieth century; there is now an obligation to detect fraud. C. Failure to detect fraud through regular transactions in an organization remains the highest risk. D. Fraud within an organization remains the most serious threat to the economic well-being of society. - -correct ans- -A. The failure to prevent or detect fraudulent misstatements is higher than the risk of failing to prevent or detect other types of errors. Which one of the following data governance tools allows the data governance committee to look at data relationships and interdependencies across the organization? A. Enterprise data models B. Internal coding procedures C. Project management programs D. External compliance guidelines - -correct ans- -A. Enterprise data models Based on Basel III principles, which one of the following groups should take the lead in establishing a strong risk management culture? A. Senior management B. Board of directors C. Risk managers D. Employees - -correct ans- -B. Board of directors Risk management professionals must collaborate with data analysts during which two steps of the risk management process?

D. Internal audit is the first line of defense providing the original risk assessment, control environment as well as maintaining effective internal controls. - -correct ans- -A. Internal audit is the third line of defense providing assurance to the board and senior management on organizational effectiveness of risk management and assessment efforts. Company G is a manufacturer of high profile golf equipment. The risk management professional for Company G is concerned about loss of business related to product design. Failing to respond to changing customer demand and preferences in the design of golf clubs could cost Company G significant market share. Categorized according to the quadrants of risk, this exposure to loss is classified as A. An operational risk. B. A financial risk. C. A strategic risk. D. A hazard risk. - -correct ans- -C. A strategic risk. Which one of the following is an element of a data security program? A. Installing agile project management. B. Storing data back-ups off site. C. Implementing a data governance program. D. Increasing the overall efficiency of data systems. - -correct ans- -B. Storing data back-ups off site. Parker International sets realistic goals for employees, and provides mentorships and educational opportunities to help them succeed. The company also provides profit sharing and employee wellness incentives. Which one of the following key resiliency traits does Parker International demonstrate? A. Clear company objectives

B. A culture of openness and trust C. Strong relationships with vendors and customers D. Valued employees - -correct ans- -D. Valued employees Which one of the following statements about the use of drones is true? A. Space and weight limitations prevent drones from being equipped with sensors and cameras. B. Drones may be equipped with cameras that relay data in real-time. C. The reliance on humans to operate drones severely limits their application for commercial uses. D. The use of drones is limited to military applications. - -correct ans- -B. Drones may be equipped with cameras that relay data in real-time. Disaster recovery planning arose from the increasing use of and dependency on A. Technology. B. International travel. C. High-rise construction. D. Global financial institutions. - -correct ans- -A. Technology. The fundamental purpose of a risk management framework is to A. Reduce the cost of risk. B. Integrate risk management throughout the organization. C. Define and eliminate potential losses. D. Maximize profits for all stakeholders. - -correct ans- -B. Integrate risk management throughout the organization.

What are the 6 phases of the intelligence cycle? - -correct ans- -planning and direction, collection, processing and exploitation, analysis and production, dissemination and integration, and mission evaluation and feedback This level of intelligence supports the formation of strategy, policy, military plans and operations at the National and Theater levels - -correct ans- -Strategic Intelligence _________ _________ supports the planning and execution of campaigns and major operations

  • -correct ans- -Operational Intelligence __________ __________supports the execution of battles and engagements. - -correct ans- - Tactical Intelligence What are the 7 military intelligence disciplines? - -correct ans- -HUMINT, GEOINT, SIGINT, TECHINT, MASINT, OSINT, All Source Intel _______________ is the collection of information from people. - -correct ans- -HUMINT What is the oldest intel discipline? - -correct ans- -HUMINT Purpose is to detect, ID, assess, counter, exploit, and neutralize foreign intelligence and security services. - -correct ans- -Counter Intelligence The technical, geographic, and intelligence information derived through the interpretation and analysis of imagery and collateral materials. (subcatagory of GEOINT) - -correct ans- -IMINT What are the three sources of IMINT? - -correct ans- -National, Civil, and Commercial Of the three sources of IMINT, which two are unclassified? - -correct ans- -Civil and Commercial

________ provides intelligence products that describe, assess, and visually depict physical features and geographically referenced activities on earth. - -correct ans- -GEOINT __________ provides intelligence to the CDR based upon intercepted communications and provides transmission location data. - -correct ans- -SIGINT The 3 subcatagories of SIGINT are_____, ______, and ______. - -correct ans- - COMINT(communication intel), ELINT(electronic intelligence), and FISINT (foreign instrumentation signals) What is TECHINT? - -correct ans- -Intelligence derived fromt the collection and analysis of threat and foreign military equipment and associated material. What are the two elements of culture which are observable? - -correct ans- -Behaviors and Norms ____ forces a culture to rapidly change their norms. - -correct ans- -war Charging a weapon is an example of a _________ ____. - -correct ans- -non-verbal cue When using a translator_______ is the filter most needed to understand the translated message.

  • -correct ans- -context ________ is the element of culture that the following statement demonstrates: "I will never leave a fallen comrade behind". - -correct ans- -Values