M2-Enterprise Risk Management Frameworks

Question 1

The ________ component of the enterprise risk management (ERM) framework includes foundational elements such as organizational structure, assignment of authority and responsibility, integrity and ethical values, risk management philosophy, commitment to competence and human resource standards, and similar issues that influence the tone of the organization.

Answer 1

Internal Environment (I in IS of IS EAR AIM)

Question 2

The ________ component of the enterprise risk management (ERM) framework includes key elements that relate to the policies and procedures that ensure appropriate responses to identified risks.

Answer 2

Control Activities (A in AIM of IS EAR AIM)

Control activities are the methods used to implement the response to risk. Sometimes the control activity is also, effectively, the risk response.

Question 3

The _________ component of the enterprise risk management (ERM) includes key elements that relate to the identification, capture and communication of information.

Answer 3

Information and Communication (I in AIM of IS EAR AIM)

Question 4

The _________ component of the enterprise risk management (ERM) includes key elements that relate to the ongoing management activities or separate evaluations of the ERM approach adopted by the entity.

Answer 4

Monitoring (M in AIM of IS EAR AIM)

Including addressing reporting deficiencies.

Question 5

A response to risk that involves the disposal of a business unit, product line, or geographical segment is called _______.

Answer 5

risk avoidance

Question 6

A response to risk that involves the diversification of product offerings rather than the elimination of product offerings is called ________.

Answer 6

Reduction

Question 7

Insuring against losses or entering into joint ventures to address risk is known as _______.

Answer 7

risk sharing

Question 8

Self insuring or simply tolerating full exposure to risk is known as ________.

Answer 8

Acceptance

Question 9

When management uses listings of potential events common to a specific industry as a means of identifying risks or opportunities, the method is known as ______.

Answer 9

Event Inventory

Question 10

Gathering management together to discuss or even brainstorm ideas in a structured manner is a ________.

Answer 10

Facilitated Workshop

Question 11

Sending out questionnaires to affected parties requesting opinions on potential events is the _________ approach

Answer 11

Questionaire/Survey

Question 12

A flow chart of activities used to identify potential risks is a ____________.

Answer 12

Process Flow Analysis.

Question 13

The _________ component of the enterprise risk management (ERM) includes key elements such as identifying the relevant events that may affect an organization and then determining whether the characteristics of the events are positive (opportunities) or negative (risks).

Answer 13

Event Identification (E in EAR of IS EAR AIM)

Question 14

Residual risk is the risk that remains after management responds to the risk. (true or false)

Answer 14

true

Question 15

Inherent risk is the risk to an entity in the absence of any actions management might take to alter either the risk’s likelihood or impact. (true or false)

Answer 15

true

Question 16

Risk assessments involve the determination of the likelihood and impact of events on the achievement of objectives. (true or false)

Answer 16

true

Question 17

The components of the enterprise risk management framework are the criteria used to evaluate its effectiveness. (true or false)

Answer 17

true

Question 18

The regular evaluation of employees for their competence in financial reporting is an important link between human resources policies and the achievement of financial reporting objectives. (true or false)

Answer 18

true

Question 19

ERM provides a framework in which to manage risk within an organization’s risk appetite to provide reasonable assurance regarding the achievement of entity objectives. (true or false)

Answer 19

true

The uncertainty of future events or risks addressed by ERM potentially limits the effectiveness of the framework.

The complexity of ERM can limit its effectiveness. ERM components are applied to each objective from the entity through the subsidiary level.

Like any control mechanism, the effectiveness of the framework is limited by the capabilities of the individuals responsible for implementation.

Question 20

The COSO identifies 4 stages of the change continuum beginning with 
CONTROL BASELINE, followed by 
CHANGE IDENTIFICATION, and
CHANGE MANAGEMENT, and concluding with 
CONTROL VALIDATION/UPDATE.

Change identification considers:

Answer 20

the risk assessment component of internal control and identifies changes in process or risk and verifies that the design of underlying controls remains effective.

Monitoring through the use of ongoing and separate evaluations should consider the ability to identify and address changes in the change identification stage of the monitoring for change continuum.

Question 21

The COSO identifies 4 stages of the change continuum beginning with 
CONTROL BASELINE, followed by 
CHANGE IDENTIFICATION, and
CHANGE MANAGEMENT, and concluding with 
CONTROL VALIDATION/UPDATE.

Change management contemplates:

Answer 21

the establishment of a new control baseline in response to changes that either occur or are implemented in response to revised needs.

Question 22

The COSO identifies 4 stages of the change continuum beginning with 
CONTROL BASELINE, followed by 
CHANGE IDENTIFICATION, and
CHANGE MANAGEMENT, and concluding with 
CONTROL VALIDATION/UPDATE.

Control Validation and Update contemplates:

Answer 22

confirmation of control effectiveness.

Ongoing procedures routinely revalidate and create a continuous baseline while separate evaluations provide periodic revalidation. The revalidation verifies or challenges of the baseline.

Question 23

Objectives related to strategy are typically:

Answer 23

Operations Objectives
Reporting Objectives
Compliance Objectives

Question 24

Strategic objectives support the mission and are implemented via various strategies and related objectives. (true or false)

Answer 24

true

Question 25

Events can only be identified after the organizational objectives are identified. Events will either favorably or unfavorably impact the achievement of objectives. Risks (negative events) are only identifiable within the context of the objectives that they might impede. (true or false)

Answer 25

true

Question 26

The manager of a given department has a greater understanding of the risks and challenges associated with that department than would any other member of executive leadership. As such the manager should be the individual tasked with devising and executing risk procedures for that department. (true or false)

Answer 26

true

Question 27

The 4 categories of ERM entity objectives include:

Answer 27

STRATEGIC
OPERATIONS (effective and efficient use of the entity’s resources)
REPORTING (reliability of reporting)
COMPLIANCE (Compliance with applicable laws and regulations)

Question 28

A commitment to ethical values and integrity is one of the most critical elements of the internal environment established as part of Enterprise Risk Management. (true or false)

Answer 28

True

Question 29

________ involves a company taking its own business metrics and processes and comparing them to those of other (similar) organizations that are considered the “best in class.” The goal would be to determine what a company needs to do to mirror those considered the best.

Answer 29

Benchmarking