A.R.M. 400 Exam Practice

¡Supera tus tareas y exámenes ahora con Quizwiz!

A corporate board of director's chair person is elected by A. The board of directors. B. The shareholders. C. Executive management. D. Proxies.

Cyber extortion is another name for A. Phishing. B. Bitcoin C. Ransomware. D. Social engineering.

Which one of the following statements is correct with respect to the role of a board of directors in risk oversight? A. Increasing pressure on boards of directors to provide greater enterprise-wide risk oversight comes from sources such as investors, rating agencies, and regulators. B. A 2012 survey of executives revealed that practically all boards have formally assigned risk oversight responsibility to a board committee. C. A board's risk management strategy and broad objectives typically have little effect in setting the tone for risk management across the entire organization. D. Financial services organizations are far less subject to regulatory pressure for increased transparency and risk oversight than are corporations in nonfinancial business sectors

Which one of the following stages of a strategic redeployment plan has the sole objective of preserving and enhancing stakeholders' trust and confidence in the organization? A. Alternate marketing stage B. Communication stage C. Contingency production stage D. Emergency stage

A data governance committee (DGC) A. Is cross-functional. B. Cleanses big data. C. Reports to risk management. D. Is comprised of IT architects.

A holistic approach that allows companies to better withstand short-term shocks and help ensure long-term business viability is known as A. Organizational resiliency. B. Business process management. C. Strategic redeployment plan. D. Preparedness planning

A privacy impact assessment (PIA) is A. A tool used to identify and assess privacy risks. B. An example of metadata that defines key data attributes. C. A collaborative tool that facilitates workflows. D. Proprietary software used to detect malware.

AMRM Insurance Company sells insurance in Virginia, North Carolina, South Carolina, and Georgia. The company has compiled a policyowner data base that can be used to send text messages when hurricanes approach. The company provides early warnings, storm updates from the National Weather Service, and hurricane safety measures. The company credits the system with reduced hurricane claims. The use of the texting system is an example of A. Preventive analytics. B. Artificial intelligence. C. Sensor networks. D. Experience rating.

After opening its third store, Shoehorn Shoes decided to purchase new inventory tracking software for all of its stores. Which one of the following external or internal environments does this decision relate to? A. Operations environment B. Physical environment C. Economic environment D. Product environment

All of the following are true regarding the composition of boards of directors, EXCEPT: A. Corporate boards are uniform in size with 13 directors. B. Boards include both inside directors and outside directors. C. Directors elect the chairman of the board. D. Outside directors serve on the compensation committee.

An analysis of an organization's external environments will help identify its A. Opportunities and threats. B. Culture and values. C. Strengths and weaknesses. D. Products and services.

An organization evaluates key stakeholders' attitude toward risk in order to A. Understand what risks are acceptable and to develop an effective enterprise-wide risk management program. B. Understand acceptable risks and gauge its ability to attract new shareholders. C. Understand acceptable risks and gauge its ability to raise capital. D. Understand the risk appetite in order to determine what information is disseminated.

An organization must meet the standard of care that it owes to others in order to ensure that A. Legal obligations are satisfied. B. Post-loss goals are in place. C. Operations are efficient. D. Contracts are not breached.

As a result of a risk assessment, Medford Factory identified several exposures that could interrupt its operations. Which one of the following would be categorized as an external exposure? A. A widespread power outage B. A fire breaking out in the warehouse C. A poorly designed product that needs to be recalled D. An IT server failure

Asking a question such as "How do you think this will work out?" can help a speaker do which one of the following? A. Request feedback and determine if the message has been understood B. Gain the support of executives and decision makers C. Build trust among a diverse group of individuals D. Deliver a message that recipients don't want to hear

Be-Ne-Lux Insurance is an insurer operating in Belgium, the Netherlands, and Luxembourg. Be-Ne-Lux is subject to the Solvency II standards. Company managers believed the company was adequately financed, however it was determined that the company did not have adequate assets based on the uncertainty of its operating performance. The standard that Be-Ne-Lux failed to meet is A. Risk-based capital. B. Basel II. C. Own risk and solvency assessment. D. Underwriting leverage.

Business process management (BPM) uses risk indicators. Which one of the following best defines the term "risk indicator"? A. It is a tool used to measure the level of uncertainty in an activity, project, or process. B. It is a measurement of how successfully an organization is avoiding risk. C. It is a basis used for gauging an organization's tolerance for risk. D. It sets a project's risk threshold based on the organization's overall risk tolerance.

Catastrophes such as recent earthquakes and the 2011 tsunami in Japan pointed out a need for many organizations to evaluate and manage their A. Supply-chain risk. B. Derivative risk. C. Compliance risk. D. Political risk.

Colossal Casualty Insurance Company decided to conduct an internal audit of the company's operations. As part of the internal audit, several fictitious claims were submitted to the claims department to see if the claims would be approved and paid. Which one of the Committee of Sponsoring Organizations of the Treadway Commission's (COSO's) components of internal control was examined by this internal audit test? A. Control environment. B. Information and communication. C. Monitoring activities. D. Risk assessment.

Data governance provides A. Definitions, standards and procedures for how data is used. B. The internal data entry processes needed to capture accounting transactions. C. A road map that details where data is located. D. A dynamic view of data without needing to move it between systems.

Donna's Dog Treats has been very successful in the Boston area and would like to expand to new cities. Donna knows that she cannot make this decision based on customer advice and blind faith. She has collected internal financial and operational data as well as external data from reliable sources. Donna has hired an analyst to review the data quality. The analyst is reviewing the data to see if it includes the demographics for each target city that Donna is considering. Which one of the following data-quality principles is being evaluated? A. Comprehensiveness B. Appropriateness C. Reasonableness D. Validity

During which stage of a strategic redeployment plan does the organization need to consider the supply chain, as well as the facilities and machinery that are available? A. Contingency production stage B. Alternative marketing stage C. Emergency stage D. Communication stage

Encrypting data to block its use if stolen is an example of a A. Software-based security solution. B. Cyber-threat inventory approach. C. Incident response plan. D. Hardware-based security solution.

Ensuring quality data requires a A. Systematic and purpose-driven review process. B. Business Analyst. C. Data governance committee

In many organizations, disaster recovery is considered a function of which one of the following departments? A. Information technology B. Facilities C. Customer service D. Accounting

In terms of data quality principles, validity is defined as A. The accuracy of data within predefined and accepted parameters or values. B. The process of tracing data from its source to its destination. C. The true value of data relative to the business information being analyzed. D. The extent that each dataset contains all elements necessary for business needs.

Internal data entry processes that capture accounting transactions, customer data or other operational transactions are called A. Data capture. B. Data quality. C. Data integration. D. Data governance.

It is necessary to assess the risk appetite of a business supplier prior to doing business because understanding the risk appetite allows the organization to A. Ascertain whether the relationship is a good fit. B. Negotiate better prices and delivery times. C. Better control its production. D. Leverage its payments to the supplier to the organization's advantage

Karen Williams, a retired chief financial officer of a bank, was invited to join the board of directors of ABC Property and Liability Insurance Company. She was asked to serve on the Audit Committee and the Risk Committee of the ABC board. Which of the following statements is true regarding Karen's service on the ABC board of directors? A. The entire board retains oversight responsibility over risks that are assigned to Karen's Audit Committee. B. The work of Karen's Risk Committee is limited to a review of the insurance company's underwriting results and the company's investment portfolio. C. Karen's Audit Committee takes precedence over the board of directors with regard to oversight responsibility. D. As a board member, Karen is expected to be a disinterested party, only questioning the management team when new corporate initiatives fail.

Key risk indicators (KRIs) can be established for various levels within an organization. Which one of the following levels of an organization usually has the most detailed KRIs? A. Department level B. Board of director level C. Business-unit level D. Senior management level

Malware is defined as A. Software designed to cause damage. B. Software technology used to encrypt data. C. A hardware-based security breach. D. A tool for managing data security.

Mathias Manufacturing (Mathias) suffered a major business disruption due to a fire at one of its locations. Management has set up a center of operations with the business intelligence information available to test various production scenarios. Mathias is in which one of the following stages of strategic redeployment planning? A. Alternative marketing stage B. Communication stage C. Emergency stage D. Contingency production stage

One of the strategic objectives for Cromley Insurance Group is customer satisfaction. Which one of the following is a critical success factor (CSF) that would help refine this strategic objective? A. High customer retention B. Reduce claim activity by 4 to 6% C. Increase retention ratio by 5% D. High profitability

Organizations are increasingly creating chief risk officer (CRO) positions. Which one of the following statements is correct with respect to CROs? A. The CRO's rank and importance to the board of directors are equal to those of the organization's other executive officers. B. Typically, a CRO analyzes, measures, and monitors risk; compiles reports; and facilitates risk workshops without the need for staff. C. CROs' roles are relatively standardized from industry to industry; they focus primarily on measuring and controlling risk. D. A 2012 survey indicated that, in companies with annual revenue greater than $20 billion, fewer than 20% had created a CRO position.

Organizations use key risk indicators (KRIs) to plan for and respond to risk. Which one of the following statements is correct with respect to KRIs? A. A KRI can reveal an upward trend in the level of a risk that, if it continues, will exceed the designated risk threshold for that risk. B. KRIs are effective internal indicators of changes such as budget variances; however they are not effective external indicators. C. An organization's risk criteria, predefined tolerance ranges that measure variances from expected outcomes, are based on risk thresholds. D. Risk criteria relating to an organization's strategic risks generally do not serve as the bases for KRIs, which tend to be operational in focus.

Parker International tends to communicate only the information that stakeholders need to complete their tasks and achieve goals. The management style at Parker International is A. Directive. B. Delegating. C. Responsive. D. Supportive.

Risk can be classified as diversifiable or nondiversifiable. Which one of the following statements is true with respect to this type of risk classification? A. Diversifiable risks tend not to be correlated so they can be managed through diversification or spread of risk. B. Systemic risks are generally diversifiable. C. Private insurance tends to concentrate on nondiversifiable risks; government insurance is often suitable for diversifiable risks. D. Inflation, unemployment and natural disasters, such as hurricanes, are examples of diversifiable risk.

Risk managers today differ from traditional risk managers in which one of the following ways? A. They attempt to minimize threats and optimize opportunities. B. They struggle with data that is too large to capture, store, and analyze. C. They attempt to identify a loss's predominant cause. D. They generally look backward for risk factors.

Rufus owns 1500 shares in the ARM Corporation. Recently, ARM has shouldered significant liabilities due to pollution problems. Generally, Rufus' liability as a shareholder would be limited to which one of the following? A. The value of their shares B. Treble damages C. The amount of assets they have D. The amount of insurance coverage they have

Samuel was recently hired as a risk management professional for Parker Property Management. He has been asked by senior management to review the organization's current insurance policies to make sure that the organization is adequately protected, and also see if there are any opportunities to save on the premiums. Samuel must do which one of the following through internal communication before he will be able to complete this task? A. Determine the organization's risk appetite B. Identify all of the risks that the organization faces C. Earn the confidence of the organization's board of directors D. Become familiar with industry regulations

Senior management of CAZ Company decides to cut its involvement with the local youth association and no longer allow its employees to work with kids during business hours. Additionally, they will no longer fund the Youth House. Which one of the following best describes how this action may affect its risk management profile? A. Corporation may increase its external social risk by negating any goodwill the community has for the company. B. Corporation may increase its financial exposure by not having tax credits to offset its profits or losses. C. Corporation may decrease its external political risk by removing itself from any community involvement. D. Corporation may decrease its operations environment as the staff will have more time to devote to the company.

Shelton Manufacturing recently signed a contract with a new customer which will require them to increase production by 20 percent. The organization has decided to form a risk center to identify and assess the risks involved with this new contract, and manage them efficiently. Which one of the following individuals should be the risk owner? A. Production manager B. Sales manager C. Senior manager D. New customer

Solvency II is a regulatory standard that should reduce the likelihood of insolvency, market disruption, and consumer loss in which one of the following industries? A. Insurance B. Automobile C. Banking D. Health care

Southwest Interstate Railroad (SIR) is concerned about the number derailments in recent years. It's not cost effective to use human assets to inspect tracks, bridges, and trestles. Instead, SIR has started to use drones. A drone can fly low over tracks and above/below bridges and trestles. The drones record video that is transmitted to corporate headquarters where it is simultaneously scanned for derailment hazards. In the past six months, the drones detected a track blockage caused by a rock slide and damage to tracks in a remote area cause by an earthquake. SIR dispatched work crews to make the tracks once again passable, and no derailments occurred. SIR's use of drones, video, real-term video scanning, and computer analysis illustrates which one of the following? A. Preventative analytics B. Risk management information systems C. Insurtech D. Big data analytics

The Chief Compliance Officer's responsibilities include all of the following, EXCEPT: A. Being the legal expert on employment laws B. Promoting education of compliance requirements C. Monitoring compliance programs D. Acting as a liaison for compliance issues

The Federal Sentencing Guidelines require a senior manager to have responsibility for the organization's entire compliance program. The individual selected is typically from which one of the following functions of the organization? A. Internal audit B. Operations C. Human development D. Legal

The White Canary is a restaurant that serves breakfast and lunch. It has two locations in New Orleans. One weekend, the head cook and two servers at one location called out sick for work. While the manager and other employees worked hard to keep the restaurant running on Saturday, they were not successful. The same thing happened on Sunday, and the customers were very unhappy. Almost immediately, customer complaints about long waits, poor service, and food quality started appearing on social media. The employees returned to work on Monday, but both locations saw business drop off over the following weeks. The White Canary could have managed this reputational risk better by doing which one of the following? A. The White Canary could have better managed the reputational risk by quickly recognizing the risk on Saturday and rapidly making decisions to get other employees in for Sunday. B. The White Canary could have better managed the reputational risk making the leadership decision to close the restaurant for the weekend. C. The White Canary could have better managed the reputational risk by encouraging customers to go to their other location which is 15 minutes away. D. The White Canary could have better managed the reputational risk by treating their employees better.

The data quality principle of reasonability refers to A. The materiality or relevance of data. B. The comprehensive nature of data. C. The systematic process of tracing data. D. The appropriateness of current data.

The emerging technologies applied to risk assessment and control link the physical domain to the virtual domain. Together, these domains linked by the emerging technologies create a A. Connected ecosystem. B. Risk management information system. C. Smart system. D. Risk management matrix.

The importance of strong control environments with independent oversight have become increasingly important A. As organizations became more complex. B. Because international trade is dependent upon consistent accounting processes. C. As business complied with the provisions of the Sarbanes Oxley Act. D. Because the Federation of European Risk Management Associations (FERMA) made it a requirement for international trade.

The opening day finally arrived for a local amusement park that advertised its new roller coaster for months. The crowds were bigger than normal that day as folks lined up to try the new thrill ride. Everything was going well for the first few hours until around mid-day the ride all of a sudden screeched to a halt in the middle of a run. Fortunately the delay was only 15 minutes and the coaster was on flat track at the time and not a loop. However some technical issues prevented the ride from continuing that day and it had to be shut down. As a result, many patrons were upset and disappointed with the outcome. Knowing that successfully managing reputational risk involves quickly recognizing the risk to reputation, rapidly making important decisions to manage the risk and relying on leadership and culture for a favorable outcome, all of the following fit this criteria, EXCEPT: A. Reminding patrons that their attendance comes with an assumption of risk and no guarantees. B. Publishing a press release on the root cause and corrective action taken to avoid future incidents. C. Contacting the local news channel and speaking honestly about what happened and that the issue was resolved and should not occur again. D. Providing vouchers that give free ice cream cones to all patrons in the park that day.

To gain a competitive advantage, maintain profitability, and satisfy customers an organization must A. Be able to trust its data. B. Pay attention to the marketplace. C. Adopt current accounting rules. D. Have an effective risk management program.

Tom is the Chief Underwriting Officer (CUO) of a large commercial insurance carrier and has been tasked with updating the current compliance program. The internal audit results for the past few years have been poor and highlight a need for immediate correction in certain functional areas. Instead of modifying the current program, Tom decides to start from scratch and build a new, ground-up program. What is a fundamental component Tom should be implementing to ensure his company's compliance program is effective? A. Use due diligence to prevent and detect criminal behavior. B. Reference the U.S. Sentencing Commission's Guidelines manual for ideas. C. Consult with his CUO peers at competitor firms who have had success in this area. D. Conduct his own internal audit to see the laws the employees are following.

When interviewing a risk owner, which one of the following questions should be asked? A. What steps have been taken to ensure continuity of business in the event of a natural disaster? B. How does the risk owner view the position from a time perspective and resources perspective? C. What organizational directions are inhibiting increased production in the particular area reviewed? D. What written documentation is available for the interviewer to critique and disseminate to stakeholders?

Which of the following statements best describes the risk governance role and responsibility of a corporate board of directors? A. To set the organization's risk appetite and to stay informed of the most significant risks to the organization and management's responses. B. To convert strategy into operational objectives and to identify and assess the impact of risks on the achievement of the objectives. C. To establish risk management policies, to define risk management roles and responsibilities, and to set risk management implementation goals.

Which one of the following best describes if it is within the scope of duties for an internal auditor to assist the company's enterprise risk management (ERM) program? A. It is within the scope. Assisting with the management of key risks, including effectiveness of controls lend support to the ERM program. B. It is not within the scope. Assisting with review of key risks, identification and evaluating risks compromises the overall functions of internal audit. C. It is not within the scope. Assisting the ERM program is outside of the functions of internal audit and can compromise the objectivity of internal audit. D. It is within the scope. Assisting with implementation of new controls and providing feedback on controls will lend support to the ERM program.

Which one of the following continuity strategy models involves maintaining two or more active sites that are geographically dispersed? A. Split operations model B. Prioritization model C. Risk transfer model D. Active back-up model

Which one of the following defines individual risk? A. Individual risk varies according to the type of business. B. Individual risk may be categorized as operational. C. Individual risk is defined by the data governance committee. D. Individual risk is reputational in nature.

Which one of the following is an internal source that can often provide information regarding risks that aren't obvious? A. Internal auditing B. Production manager C. Board of directors D. Human resources

Which one of the following measures the progress an organization has made toward attaining its goals within a specific amount of time? A. Key performance indicator B. Risk tolerance level C. Critical success factor D. Key risk indicator

Which one of the following provides a measure of the maximum potential damage associated with an occurrence? A. Exposure B. Duration C. Underwriting risk D. Maximum probable loss

Which one of the following provides the frame of reference needed so data can be used appropriately for analysis and decision-making? A. Metadata B. Data lineage C. Data custodian D. Data virtualization

Which one of the following risk management objectives is critical for a manufacturer seeking new capital from investors, stockholders, and creditors? A. Reduce the deterrent effects of hazard risks B. Eliminate downside risk C. Social responsibility D. Anticipate and recognize emerging risks

Which one of the following standards was developed in response to the financial crisis that began in 2007? A. Basel III B. ISO 31000 C. Capital Adequacy Framework D. Solvency II

Which one of the following statements is true regarding separation of ownership and control in corporations? A. The incentive for managers and non-management board members to pursue their own interests at the expense of shareholders gives rise to agency costs. B. Corporate governance is not concerned with the separation of ownership and control. C. Shareholders retain decision-making authority while managers control business operations. D. Limited liability of shareholders impedes the separation of ownership and control in corporations.

Which one of the following statements is true regarding the basic measures that apply to risk management? A. Consequences measure the degree to which an occurrence could positively or negatively affect an organization. B. Hedging is a risk management strategy that can reduce the risk of correlation. C. Risk increases as volatility decreases. D. Longer time horizons are generally less risky that shorter ones.

Which one of the following statements is true regarding the business process management (BPM) life cycle model? A. The model is driven by the collaboration of human and technological input. B. The model is designed to review one business process at a time. C. The model is primarily used by organizations in the manufacturing sector. D. The model is ineffective unless all five steps are completed on a continuous basis.

Which one of the following statements is true with regard to preventive analytics? A. Preventive analytics uses smart products and data analytics to identify root loss causes and their implications. B. Preventative analytics uses human assets to analyze data collected by smart products. C. Preventive analytics is backward-looking, basing corrective prescriptions on the organization's past loss history. D. Preventive analytics involves data collection at discrete points in time, such as 10 AM or 4 PM each day, and comparison of these values at discrete points in time.

Which one of the following terms refers to information used as a basis for measuring the significance of a risk? A. Risk criteria B. Risk tolerance C. Risk appetite D. Risk threshold

A municipal water plant installed water flow sensors and water pressure sensors on the water pipes leaving the plant. The sensors make sure water is flowing properly and that there are no leaks or clogs which could produce a loss. These types of sensors are A. Thermal sensors. B. Mechanical sensors. C. Biochemical sensors. D. Radiant sensors.

Aligning risks with the organization's risk appetite defines A. Social responsibility. B. Tolerable uncertainty. C. Compliance. D. Value at risk.

All of the following are true regarding the Federal Sentencing Guidelines, EXCEPT: A. They can be used by federal courts. B. They are mandatory. C. They require an organization to have written standards and procedures. D. They establish minimum components for an effective compliance program.

As a market force to help align manager and shareholder interests, takeover threats are A. Only effective for directors and officers and have no effect on managers. B. Less likely now than in the past because of statutory changes. C. Only effective when the employment market for managers is increasing. D. Easily and quickly implemented and are highly effective.

Autonomous Vehicle Applications (AVA) is a start-up company that develops safety technologies that can be sold to companies that are producing autonomous vehicles. One technology AVA is developing allows an autonomous vehicle to detect, extract, and analyze images; and then to respond to the images. For example, the technology would detect a presence in a crosswalk, extract the image, and a computer would analyze the image. When the image was determined to be a human being, the vehicle would slow down or stop until the crosswalk was clear. This technology, which is designed to capture and analyze images, and to act on the recognition of the image; is called A. Visual acuity. B. Computer vision. C. Accelerometer technology. D. Transducer technology.

Based on Basel III principles, which one of the following groups should take the lead in establishing a strong risk management culture? A. Employees B. Board of directors C. Senior management D. Risk managers

Cheryl Babson works in internal control at Software Company. She contacted company security and asked them to immediately go to the office of a software engineer and to detain him. As part of the internal control process, Cheryl had scanning software installed at the company that randomly searched all e-mails and text messages sent from on-site, searching for key words. The scanning software detected the words: "gun," "bomb," "revenge," and "kill" in communications sent from the engineer's office. Company security found a loaded assault rifle, two loaded handguns, and a pipe bomb in the engineer's office. He confessed to planning a workplace attack at the company cafeteria later that day. The emerging technology Cheryl deployed is called A. Blockchain Technology. B. Natural language processing. C. Computer simulation. D. Radio frequency identification.

Corporate governance is evolving towards the separation of oversight and control for boards of directors. This separation may be accomplished by A. Requiring a company executive to chair each board committee. B. Requiring the majority of the directors to be outside directors. C. Requiring the audit committee to be comprised of inside directors. D. Using company-appointed board members rather than shareholder-elected board members.

Corporations do not always internalize the costs of their decisions. Some costs are not borne by the corporation but are a result of their decisions. One example of this is A. Corporate philanthropy. B. Pollution costs. C. Payments to offshore subsidiaries. D. Corporate compliance costs.

Developing a risk-based audit plan requires a risk assessment. Under the model of the Committee of Sponsoring Organizations of the Treadway Commission (COSO) Internal Control—Integrated Framework, which one of the following explains how risk assessment is addressed? A. It expands the risk assessment concept by comparing it to competitor audits. B. It expands the risk assessment concept by identifying five interrelated components of internal control. C. It is narrower and it provides concrete steps which are recommended and differ by industry. D. It is essentially the same as the traditional model, but is codified in steps that are reported.

Humongous Corporation has announced that it seeks strategic growth through acquisition. It is carefully eyeing a smaller company, Tiny Corporation. Tiny Corporation is aware of such scrutiny and interest. Within Tiny Corporation, a market force that can help align interests of its corporate decision makers and shareholders is which one of the following? A. Regulatory action B. Takeover threats C. Merger opportunities

In accordance with the Three Lines of Defense Model, how does risk management act as the second line of defense? A. Risk management alerts internal audit of potential threats within a department and works with internal audit to neutralize the threat. B. Risk management supports and monitors operational management's implementation of risk management practices. C. Risk management provides oversight to the operational management's assessment of risk and internal controls. D. Risk management has authority to initiate activity demanding an external audit should a risk be deemed imminent.

Last year, three Metro City firemen died responding to a fire at a chemical plant, when they were overcome by toxic fumes. In response, Metro City is purchasing advanced first responder gear. It includes special flame retardant suits with chemical and explosive fume sensors, air quality sensors, and heat sensors. Responders will also wear special watches that will track a responder's pulse, respiration, and blood pressure; and helmets that include video cameras. All of these sensors will feed data to a computer in real-time. The computer will analyze the data and issue threat levels and evacuation orders, if necessary. The protective gear Metro City will purchase and the data transmission and analysis capability illustrate the use of A. Insurtech. B. Smart products. C. Risk management information systems. D. Catastrophe modeling.

Mutual Fund Company (MFC) offers a wide array of mutual fund options to investors. Each mutual fund has a different fund objective and set of investment guidelines that apply to the fund. While MFC gives considerable freedom to its fund portfolio managers, they are required to abide by the fund's investment guidelines. To monitor compliance, MFC developed a computer algorithm. The computer algorithm continuously monitors each fund's compliance with investment guidelines. If a fund manager violates the investment guidelines, the computer immediately notifies MFC's internal control director, and corrective action is taken. MFC's use of the computer algorithm to monitor investment compliance and to provide notification when corrective action is necessary illustrates use of A. Mechanical sensors. B. Artificial intelligence. C. Computer vision. D. Transducer technology.

North American Furnishings is using business process management to help it identify risks that threaten its processes. Which one of the following risks would be considered an internal risk? A. The loss of available materials due to tornadoes B. The loss of skilled craftspeople due to retirement C. The drop in demand due to rising interest rates D. The rise in the cost of materials due to new forestry regulations

One of the categories of agency costs associated with managing the relationship between management and shareholders is A. Implementation costs. B. Monitoring costs. C. Acquisition costs. D. Commission costs.

Organizations use key risk indicators (KRIs) to plan for and respond to A. Failure. B. Risk. C. Questions. D. Emergencies.

Sean recently started a small consulting practice. Sean is the only employee of the business and the sole generator of revenue. Sean is very concerned that in the event that he becomes disabled due to an accident or disease there will be no revenue coming into the business. Which one of the following goals best identify Sean's concerns? A. Legality and profitability B. Tolerable uncertainty and earnings stability C. Social responsibility and earnings stability D. Economy of operations and survival

Successful organizations have goals and objectives. A financial or nonfinancial measurement that defines how successfully an organization is progressing toward its long-term goals is referred to as A. An objective gauge (OG). B. A key performance indicator (KPI). C. A critical success factor (CSF). D. An operating standard (OS).

The Auditing Standard No. 5 (AS 5) calls for a specific fraud assessment because A. Of the financial scandals of the late twentieth century; there is now an obligation to detect fraud. B. The failure to prevent or detect fraudulent misstatements is higher than the risk of failing to prevent or detect other types of errors. C. Failure to detect fraud through regular transactions in an organization remains the highest risk. D. Fraud within an organization remains the most serious threat to the economic well-being of society.

The Committee of Sponsoring Organizations of the Treadway Commission's (COSO's) Internal Control—Integrated Framework provides A. Guidance on assessing risk and evaluating internal controls to government agencies but not to other organizations. B. Common standards designed to increase effectiveness and efficiency of operations and reliability of financial reporting while ensuring compliance with applicable laws and regulations. C. International standards to help ensure that organizations meet the needs of customers and stakeholders while also complying with statutory and regulatory requirements. D. Not a system of controls, but a framework for auditors to provide independent, objective, and reasonable assurances that management has adopted a system of controls that is effective and functioning as intended.

The fundamental purpose of a risk management framework is to A. Maximize profits for all stakeholders. B. Integrate risk management throughout the organization. C. Define and eliminate potential losses. D. Reduce the cost of risk.

The relationship between which two basic measures is critical for risk management in assessing risk and deciding whether and how to manage it? A. Exposure and time horizon B. Likelihood and consequences C. Correlation and likelihood D. Volatility and time horizon

The traditional definition of risk management reflects the traditional concept of risk as A. Both positive and negative. B. Negative. C. Uncontrollable. D. Strategic.

There are two types of associated risk for data privacy, individual and general risk. General data privacy risk A. Varies by the type of business or industry. B. Can be categorized operational or reputational. C. Is of specific concern to the European Union. D. Involves legal and regulatory requirements.

Which of the following risk management program goals is an essential goal for all public entities? A. Earning stability B. Continuity of operations C. Growth D. Survival

Which one of the following best describes how the modern approach to internal auditing differs from the traditional approach? A. The modern approach uses a systems-based technique, evaluating current controls and threats to the organization, and considers the materiality of risks, but does not consider an organization's business objectives. B. The modern approach uses many systems-based techniques, determines activity based on the organization's business objectives, materiality of the risk and key threats to achieving business objectives rather than evaluating current controls. C. The traditional approach confines itself to review of current system controls, compliance with those controls and any potential to bypass those controls rather than the materiality of the risk. D. The traditional approach uses systems-based controls, determines materiality of potential risks to the organization's achievement of its objectives rather than reviewing adherence to regulations.

Which one of the following best describes why many purchasers require an ISO 9001 certification prior to buying a business? A. To have an outside audit company attest to its conclusive audit. B. To ensure that internal standards and controls are in place. C. To transfer liability should the financial statements prove erroneous. D. To obligate the seller to perform audits for conformance prior to the sale.

Which one of the following best explains how a risk-managed organization views a proposed new product line? A. It determines the rewards of a new alternative and may underemphasize the impacts, variances and negative effects. B. It weighs the risk-reward relationship while realistically evaluating potential outcomes and consequences. C. It attempts to join with another organization for a joint venture taking little of the actual risk on itself. D. It seeks methods of transferring the potential risks or avoids the risk totally.

Which one of the following best explains how the role of the internal auditor changed with the passage of the Sarbanes-Oxley Act of 2002? A. The internal auditor must adapt to the ever changing environment of risk control through the use of electronic reconciliation programs. B. The internal auditor must adopt a stakeholder orientation by anticipating, monitoring and assessing business and operational risk. C. The internal auditor must adopt the attitude of an external auditor, carefully reviewing and critiquing the finances of an organization. D. The internal auditor must be able to recognize current fraud risks as well computer theft of intellectual property.

Which one of the following defines the duties of a data steward? A. A data steward measures data compliance. B. A data steward is an experienced business analyst. C. A data steward provides technological support. D. A data steward is a project manager.

Which one of the following groups in an organization are often in the best position to anticipate possible risks from vendors or customers? A. Information technology consultants B. Front-line workers C. Upper management D. Human resources staff

Which one of the following is a data governance committee (DGC) responsibility? A. A data governance committee is charged with monitoring the volume of big data within an organization. B. A data governance committee ensures there are few conflicts or redundancies in data standards and practices. C. A data governance committee plays a key role in project management for data projects. D. A data governance committee both retrieves and prepares metadata for use by an organization.

Which one of the following is an example of a principles-based traffic control regulation? A. Driver and passengers must wear a safety belt when the car is in motion B. Driver must maintain a reasonable following distance appropriate to speed and conditions C. Driver must maintain liability insurance that meets the state minimum financial responsibility limit D. Driver must drive at a speed within the posted speed limit

Which one of the following is the first step that should be taken by the senior manager who is responsible for the organization's compliance program? A. Establish incentives and disciplinary actions to enforce the program B. Assemble a task force from all major functions within the organization C. Train all employees on how to report compliance violations to the federal government D. Review all employee files for any relevant history of illegal behavior

Which one of the following is the term used for a person—usually a manager—who advocates for and supports a specific aspect of the risk management process in an organization? A. Risk manager B. Risk champion C. Chief risk officer (CRO) D. Internal auditor

Which one of the following plans calls for action before, during, and after catastrophes with a focus on saving lives, reducing property losses, and conserving resources during recovery? A. Disaster recovery plan B. Crisis management plan C. Emergency response plan D. Risk management plan

Which one of the following regulatory approaches allocates resources based on the concept of achieving the greatest potential good while simultaneously minimizing the overall costs? A. Performance-based regulation B. Risk-based regulation C. Evidence-based regulation D. Rules-based regulation

Which one of the following should be part of an organization's standard operating procedures (SOPs) concerning external stakeholder communications? A. Instructions to always use written communication, rather than verbal or nonverbal communication B. Instructions regarding what types of information can and cannot be released C. Instructions requiring the use of formal, rather than informal communication D. Instructions to avoid the use of social media

Which one of the following statements is correct regarding risk owners? A. Generally, external stakeholders should not be considered to be risk owners. B. Generally, the stakeholder who is most affected by or creates a risk should be its risk owner. C. The risk owner is usually a member of the senior management team. D. The risk owner should be given full authority to make decisions without management involvement.

Which one of the following statements is true regarding the roles of a risk champion and a chief risk officer? A. A chief risk officer usually has less influence on corporate decision making than a risk champion. B. A chief risk officer is more likely to have a dedicated staff to assist with the responsibilities of his or her job. C. A risk champion is a member of the board of directors who has been selected to concentrate his or her efforts on assessing the risks faced by an organization. D. A chief risk officer reports to a risk champion, who in turn interacts with the company executives and the board of directors.

Which one of the following statements is true with regard to the application of emerging technologies such as artificial intelligence and machine learning to internal auditing of an organization? A. There should be no improvement given that the same practices are subject to internal audit with or without the application of emerging technology. B. Deviations from desired practices and procedures will be more quickly identified by emerging technologies, and auditors can focus on designing and implementing new systems. C. While the application of such technologies may be beneficial, the cost of implementation makes the use of emerging technologies unrealistic. D. Although such techniques are applicable to the risk management function, they are not applicable to internal audit.

Which one of the following statements regarding corporate governance and risk oversight is true? A. Nonfinancial organizations are subject to greater regulatory pressure for transparency and astute risk management than financial organizations. B. Some board of directors delegate risk oversight tasks to board committees, such as the audit committee, risk committee, and compensation committee. C. Board oversight should be limited to past history and current conditions, and should avoid consideration of uncertain future events. D. Corporate governance and risk oversight have no impact on the value of the organization.

Which one of the following statements regarding the structure and role of a board of directors is true? A. The board of directors must be comprised of ten directors, with an equal number of inside and outside directors. B. Members of the board elect a director to be chairman of the board. C. The board is responsible for the day-to-day decisions at a corporation. D. Members of the board are appointed by the president of the company.

A big-box store recently moved into a small town where mom and pop shops flourished for years. Knowing there could be some negative backlash from the long time loyal residents, the big-box store's executives went through the framework of managing their reputational risk to try to lessen any perceived negativity. The executives believed there are four key steps in handling reputational risk that are measuring, monitoring, managing and mitigating. Understanding that each step is critical to the overall process, The Chief Financial Officer wants to focus his attention and resources on mitigating reputational damage as he believes that is the most important step in the overall process. As such, what would be an example of mitigating reputational damage? A. Screen opinions of employees, customers, vendors, shareholders, analysts and activists. B. Publish a list of reputation drivers such as quality, leadership and workplace environment and rank them. C. Hiring a crisis-management firm to promote the big-box's corporate social responsibility program and respond if a disaster occurs. D. Watch social media and public opinion from the local populace.

A speaker imparts information in verbal communications by A. Using appropriate facial expressions and gestures while other parties express their opinions and concerns. B. Expressing facts and emotions quickly, inviting written questions for discussion at a future session. C. Having good listening skills and expressing facts and emotions through words and sometimes visual displays. D. Listening and verbally responding with anecdotes of prior meetings, leveraging humor as opposed to facts for discussion.

A vehicle manufacturer found that the exhaust system in certain models was not working properly. Some exhaust gases were releasing into the vehicle body. Rather than recalling the vehicles, they were shipped to South American markets. The manufacturer A. Is socially responsible because it shipped the vehicles out of the country thereby avoiding any US casualties. B. Is socially responsible because it does not force any individual to buy the vehicle. C. Has ignored its social responsibility as well as the risks involved with these actions. D. Has decided to transfer the risk to South American markets avoiding financial penalties.

According to the law of large numbers, as the number of exposure units insured increases, A. Fewer losses are expected to occur. B. The size of the average loss declines. C. The relative accuracy of predictions about future losses increases. D. The probability of an underwriting loss increases.

An independent auditor has been given the task of evaluating internal controls at Westside Company (Westside). The auditor has determined that Westside's board of directors has endorsed a framework requiring management to have documented internal reporting controls to ensure efficient operations, accuracy of financial statements, and compliance with regulations. The framework is applied at the entity and divisional levels, but not the operating unit or functional levels. The program is new so it has not yet been monitored. The auditor is likely to report that A. The selected method does not align with the Committee of Sponsoring Organizations of the Treadway Commission's (COSO) Internal Control—Integrated Framework. It must also be applied at the operating unit level, but not the functional level. Regular monitoring must be implemented. B. The selected method aligns with the Committee of Sponsoring Organizations of the Treadway Commission's (COSO) Internal Control—Integrated Framework because it is applied at the entity level. Monitoring will be required after the framework has been in place for one year. C. The selected method does not align with the Committee of Sponsoring Organizations of the Treadway Commission's (COSO) Internal Control—Integrated Framework because it must also be applied at the operating unit and functional levels and it must be monitored. D. The selected method aligns with the Committee of Sponsoring Organizations of the Treadway Commission's (COSO) Internal Control—Integrated Framework because it is applied at the entity level. Monitoring is not a requirement.

An organization evaluates the social environment as part of its enterprise risk management (ERM) because A. Society is in a constant state of change. B. New sales or production methodology can affect consumers. C. Society norms and values influence how an organization manages its risks.

An organization has established a key performance indicator to "reduce employee injuries by 6%." Which one of the following would indicate a low risk tolerance for this KPI? A. Reduce employee injuries by 2% B. Reduce employee injuries by 4% C. Reduce employee injuries by 5 to 6% D. Employee injury rate remains unchanged

BD Company has made widgets for over 79 years using the same production techniques for fear of the huge costs from potential consumer lawsuits if production is changed and product quality suffers. With respect to its risk attitude, this organization would be classified as A. Risk seeking. B. Risk naïve. C. Risk avoiding. D. Risk optimizing.

Before speaking with a group or individual, the speaker should think about what he or she wants the other person(s) to do as a result of the conversation. Which one of the following steps in the communication process does the speaker complete by doing this? A. Deliver a message the recipient(s) want to hear B. Set aside judgement C. Set a clear communication objective D. Analyze your audience

Bo's Diving Adventures (BDA) is one of the largest recreational SCUBA diving businesses in the world. While enjoying much success in the diving aspect of its business, it has had its challenges adhering to the different government and industry regulations over the years. The board of directors decided to hire a Chief Compliance Officer (CCO) to remedy this issue and ensure that each diving excursion the company charts is in full compliance with all regulations regardless of destination. After a week on the job the new CCO has discovered that the number one non-compliance issue over the past few years could be rectified with better internal training. As such, the BEST move the CCO should make would be which of the following? A. Make a phone call to the National Diving Control Board and refute the non-compliance citations. B. Replace the current head of Human Resources for allowing the non-compliance issues to fester. C. Sit down with the head of Human Resources and outline a comprehensive training program for all employees which address the non-compliance issues. D. Approach the board of directors to cease all diving excursions until each employee is better trained

Carla, the risk manager, was asked by senior management to deliver a presentation on cyber risk at an all employees meeting. Even though she was only allotted 30 minutes for her presentation, Carla felt that cyber risk was a very real risk for the corporation and she wanted employees to leave with some fear of it. She wanted to provide employees with as much technical information as possible, and familiarize them with all of the important jargon. Less than 20 minutes into her presentation, Carla could tell that many of the employees were not paying any attention to her presentation. Which one of the following steps in the communication process had Carla failed to consider? A. Pay attention to your body language B. Ask for feedback C. Analyze your audience D. Set a clear communication objective

Clear-Rite Company specializes in the clean-up of hazardous chemical spills. Workers performing clean-up operations must use safety suits to prevent exposure to the chemicals. The suits include pulse and respiration monitors, body temperature sensors, and chemical sensors. The monitors and sensors report data to a mobile operations center which is deployed to each clean-up site. The pulse and respiration monitors and the sensors that are part of the protective gear are called A. Magnetometers. B. Drone technologies. C. Wearable technologies. D. Accelerometers.

Corporate governance is defined as A. The reporting chain of command within an organization. B. A diagram of reporting relationships and levels of authority within an organization. C. The mechanisms and procedures that determine how corporations are run. D. A body of law that specifies how corporations are legally formed and chartered.

Delaney is a new manager with a company that runs surf shops along the east coast. Recently, she reprimanded a long-term employee for purchasing new surf board products from a supplier much farther inland than their other suppliers incurring higher delivery costs. She counseled the employee to look for the lowest price and sent him to a seminar on using supply chains to your advantage. She explained the company's objective to be the lowest price on the island with the best products. The employee was also given an opportunity to respond to the reprimand with a copy of his response to the Human Resources Department. What mistake did Delaney make in dealing with this employee? A. If you send an employee to an educational seminar, it sends a bad message to other employees and shows improvement is needed in your job performance. B. By including Human Resources, the employee will feel they are being unfairly treated and unwilling to offer ideas or feedback. C. The employee is being discouraged from creating relationships with suppliers that may be needed if a large scale event disrupts local suppliers in their supply chain. D. Employees should not be expected to adhere to corporate objectives that do not apply to their specific location.

During the international financial crisis of 2008-2009, banking regulators in the U.S., Europe, and Asia developed bank stress tests to identify financial institutions that posed a significant threat to the national and international economy. These capital adequacy measures were applied only to those large financial institutions that posed the most significant threat. Which one of the following types of regulation would these stress tests be best classified as? A. Rules-based regulation B. Evidence-based regulation C. Risk-based regulation. D. Compliance-based regulation

Emerging technologies such as artificial intelligence and machine learning are being applied by some businesses as part of their internal audit and control process. A key benefit of such applications is A. Reduced labor costs in the risk management department. B. Gaining an historical perspective on inefficient and ineffective internal control measures. C. Detection of fraud and inefficient practices in real time. D. Greater ability to quantify losses.

Hardware Store has been able to control its prices and inventory since it has no competitors. A new highway currently being constructed is going to allow increased competition for Hardware Store. According to the quadrants of risk, this risk of increased competition falls into the category of A. Hazard risk. B. Financial risk. C. Strategic risk. D. Operational risk.

In addition to metal detectors, many airports have installed a second type of scanning technology for checked baggage and cargo. The checked bags and cargo pass through a portal with scanners programmed to detect and test for explosive trace fumes. These scanners, which detect explosives based on air samples, are an example of what type of sensor used for risk assessment and control? A. Radiant sensors. B. Thermal sensors. C. Biochemical sensors. D. Mechanical sensors.

In an effort to grow its personal lines book, an insurer decides to offer discounts on homeowners and personal auto insurance to the employees of its largest business lines account. Which one of the following risk measures is most likely to increase as a result of this marketing decision? A. Volatility B. Time horizon C. Correlation D. Consequences

Key risk indicators (KRIs) help organizations identify issues that can lead to losses. Effective KRIs are based on a company's A. Organizational structure. B. Product or industry. C. Strategic objectives. D. Sales volume.

Key risk indicators (KRIs) help organizations identify issues that can lead to losses. Effective KRIs are based on a company's A. Product or industry. B. Organizational structure. C. Strategic objectives. D. Sales volume.

Many auto manufacturers have automated a portion of their assembly lines by introducing a smart product. The smart product performs repetitive tasks, such as making the same weld on each vehicle frame as it passes the smart product. These smart products, which can be fixed or mobile, reduce repetitive motion injuries that humans might suffer. They can also be used to perform dangerous tasks and in heavy-lifting jobs. These smart products are called A. Wearables. B. Automated sensors. C. Robots. D. Drones.

Many banks are using technology to search for and detect cyber-security threats locally and in the cloud. This application of technology, in which machines learn from humans, illustrates the use of A. Machine learning. B. Data analytics. C. Artificial intelligence. D. Risk management information systems.

Many organizations treat business continuity management (BCM) and risk management as complementary endeavors. While risk management protects tangible property from loss, A. BCM concentrates on pure risk. B. BCM focuses on reducing the likelihood of the occurrence. C. BCM deals primarily with consequences of operational disruption. D. BCM protects the human exposure.

Max is a new investor and the only stocks he owns are his 1,500 shares of Large Corporation. Large operates in a volatile high-tech sector. Max could readily trim his risk of owning shares by A. Concentrating his investments in one sector. B. Diversifying his insurance coverage. C. Diversifying his investment across many corporations. D. Concentrating his investments in one company.

Metadata contains A. Accounting ledger entries as well as big data. B. Both material limitations and sampling methodology. C. Information about data as well as rules about that data. D. A combination of structured and unstructured data.

North American Furnishings has been in business for 18 years. The organization's primary objectives are profitability and bottom-line results. It always sets aggressive goals. North American Furnishings values its customer bases. Which one of the following types of corporate culture exists at North American Furnishings? A. Hierarchy B. Clan C. Market D. Adhocracy

One corporate governance issue is accountability of directors. One method to increase accountability of directors is to A. Include more inside directors. B. Decrease the independence of audit and compensation committees. C. Conduct regular meetings of outside directors without management being present. D. Ensure that the chief executive officer serves as board chairman.

One of the key department players in compliance program implementation is Internal Audit. As such, the main responsibility of Internal Audit involves which of the following? A. Compliance with employment laws B. Employee health and safety C. Oversight of financial compliance D. Product safety and environmental control

Organizations use key risk indicators (KRIs) to plan for and respond to risk. Which one of the following statements is correct with respect to KRIs? A. To best manage risk, an organization should have as many KRIs as possible. B. To be effective, KRIs should be detailed and specific. C. KRIs are based on quantifiable information and support management decisions. D. KRIs are usually only established for the executive level within an organization.

Pacific Grill has gotten its fresh seafood from Paul's Seafood for many years. The two companies have developed a long-term relationship of loyalty and trust. When a hurricane struck the area, Paul's Seafood's operations were completely destroyed. As a result, Pacific Grill was forced to operate with a limited menu until it could find a new supplier. Even though the restaurant was not damaged by the hurricane, it suffered a significant financial loss. Which one of the following steps regarding creating an adaptable organization did Pacific Grill neglect? A. Revisit short- and long-term plans B. Cultivate relationships with customers and vendors C. Make interim plans to insulate the organization from a sudden shock

Preventive controls assist the overall control environment of an organization by A. Detecting errors or inconsistencies after they occur. B. Addressing reconciliation of accounting errors. C. Reducing risk of unauthorized actions. D. Comparing different sets of data and investigating any differences.

Risk leadership structures and approaches vary significantly, based on an organization's size, culture, risk profile, and complexity. Which one of the following statements is correct with respect to risk champions? A. They use their judgment and experience to develop information about unquantifiable uncertainties and to detect vulnerabilities. B. They ensure the organization's compliance with regulatory and stakeholder requirements by creating a framework of standards and controls. C. They often report to an executive-level officer, facilitate risk discussions, compile risk information, and develop and support enterprise risk management processes.

Risk management professionals must collaborate with data analysts during which two steps of the risk management process? A. Treat risks and monitor risk treatments B. Scan the environment and analyze risks C. Analyze risks and monitor risk treatments D. Identify risks and treat risks

Some best practices models call for the formation of a risk committee with a risk management focus at the organization's executive management level. Which one of the following statements best describes one of the responsibilities of an executive-level risk committee? A. To monitor the organization's compliance with established risk limits and how noncompliance is addressed B. To oversee exposures of the organization's critical risks and advise the board on risk strategy. C. To approve the organization's risk management strategies, including their design and implementation. D. To assist the board in establishing the organization's risk appetite and risk tolerance levels

Successful organizations have goals and objectives. A financial or nonfinancial measurement that defines how successfully an organization is progressing toward its long-term goals is referred to as A. An objective gauge (OG). B. A critical success factor (CSF). C. A key performance indicator (KPI). D. An operating standard (OS).

The Committee of Sponsoring Organizations of the Treadway Commission (COSO) describes internal control as consisting of five essential components, one of which is risk assessment. This component A. Sets the tone for internal control by providing resources, discipline, and structure. B. Should be included in the audit as an internal control to minimize unforeseen events. C. Considers management's efforts to identify and analyze risks relevant to achieving predetermined objectives. D. Verifies adherence to control results and assists in identifying other procedures that the entity may wish to adopt.

The board of directors must use a thorough understanding of the organization's overall risk philosophy to determine the amount of risk the organization is willing to seek or accept in the pursuit of long-term objectives. This amount of risk is called the organization's A. Probable maximum loss. B. Retention level. C. Risk appetite. D. Maximum possible loss.

The business process management (BPM) life cycle incorporates five steps. Which one of the following best describes the first step in the BPM process? A. Critical processes that support achievement of the organization's goals are selected for analysis. B. Processes are modeled to identify the organization's response to what-if scenarios. C. Processes are designed or redesigned by considering workflows and affected personnel. D. Processes are tracked so that statistics on their performance can be gathered.

The difference between risk tech and insurtech is A. Insurtech applies to many different industries while risk tech is limited in focus to insurance, reinsurance, and nontraditional risk financing alternatives. B. Risk tech is applicable in personal risk management situations, which insurtech is designed for application in commercial business situations. C. Risk tech goes beyond insurtech by expanding its focus to making risk financing more efficient and preventing and mitigating losses in a variety of industries. D. Insurtech is a broader concept and incorporates risk tech as one of its underlying tenets.

The fees paid to external auditors to verify the corporation's financial statements are an example of A. A bonding cost. B. A fiduciary cost. C. A monitoring cost. D. An incentive alignment cost.

The individual responsible for ensuring compliance within an organization usually reports to which one of the following? A. Operations management B. General counsel C. Senior management D. Human resources

The main advantage of a formal internal communication system is that A. Employees do not have direct access to each other. B. Formal internal communications takes time which may resolve issues. C. Individuals know to whom to report. D. It is easily accessed.

Under the General Data Protection Regulation (GDPR), a data controller's role is to A. Represent the business aspects of data governance. B. Define the metrics used to measure an organization's overall data quality. C. Define how and for what purpose personal data should be processed. D. Manage the flow of data for the rest of the organization.

When comparing principles-based regulation with rules-based regulation, which one of the following statements is correct? A. Principles-based regulation requires less communication between the regulator and regulated entity. B. Principles-based regulation tends to use a one-size-fits-all approach. C. Principles-based regulation responds more quickly to a changing environment. D. Principles-based regulation emphasizes conformity rather than the outcome.

Which one of the following best describes how internal audit compliments a risk management initiative? A. Internal audit tests controls for risks identified by risk managers. Risk management and internal audit are similar in that they are both charged with protecting the assets of an organization. B. Internal audit tests the controls initiated by the risk management team. The risk management team reviews the results and responds to internal audit on the control assessment. C. Risk managers identify, assess and prioritize risks. Internal audit develops a risk-based auditing plan that addresses material risks to an organization. D. Risk managers identify, assess and prioritize risks with the assistance of internal audit. Internal audit requires that the controls for the risks are tested.

Which one of the following best describes how internal audit supports enterprise risk management (ERM)? A. ERM provides the assessments that internal audit uses to test the viability of controls. B. Internal audit implements the risk assessments provided by ERM. C. ERM implements risk management activities and internal audit assesses the results. D. Internal audit finds risks overlooked by ERM.

Which one of the following best describes why the Institute for Internal Auditors (IIA) has designed standards addressing the need for internal audit to evaluate the effectiveness of risk management? A. Audits are objective and independent of the politics of an organization. A pronouncement assists the auditor by defining review criteria. B. Audits may be self-serving to an organization depending on the experience level of an auditor. By indicating specific criteria, an auditor should be able to conduct a valid audit. C. Audits are conducted under diverse legal and cultural environments. Requiring an auditor to validate particular points ensures that auditors and their activities meet their responsibilities. D. Audits are conducted annually in many organizations. Requiring an auditor to validate the findings of prior years provides a comfort level to stakeholders.

Which one of the following best explains why the audience should be known for effective enterprise risk management (ERM) communication? A. Only technical communications need to address specific audiences; financial and legal communications should be worded for all audiences. B. Communications do not need to address specific audiences; all communications should be available for review by any stakeholder. C. The communication must address the level of technical, legal or financial understanding of the audience for the message to be received.

Which one of the following data capture tools has led to an explosion of risk management innovation by allowing smart products to transmit data to each other and to central hubs? A. Blockchain B. Cloud computing C. Internet of Things D. Artificial intelligence

Which one of the following data governance tools allows the data governance committee to look at data relationships and interdependencies across the organization? A. External compliance guidelines B. Internal coding procedures C. Enterprise data models D. Project management programs

Which one of the following describes the role of internal audit according to the Federation of European Risk Management Associations (FERMA) and the European Commission of Institutes of Internal Audit (ECIIA) model? A. Internal audit is the first line of defense providing the original risk assessment, control environment as well as maintaining effective internal controls. B. Internal audit is the second line of defense providing support for the implementation of controls, particularly with law and regulations. C. Internal audit is the third line of defense providing assurance to the board and senior management on organizational effectiveness of risk management and assessment efforts. D. Internal audit is the fourth line of defense providing oversight to the organization as a whole, reporting to the board and senior management on compliance by the various departments with regulations.

Which one of the following disruptions would most likely pose an immediate threat to an organization's reputation? A. Global financial crisis B. Forest fire C. Data breach D. Widespread power outage

Which one of the following is a basic process in any data security program? A. Establish metrics for timeliness of data refresh in systems. B. Perform random sampling of data for accuracy. C. Develop and enforce stronger password protocols. D. Establish a data governance committee (DGC).

Which one of the following is a critical component to achieving true operational resiliency? A. A long-term commitment to a single vendor B. A top management view of potential risks C. A culture of openness and trust D. A facilities based operation

Which one of the following is a main characteristic of effective key risk indicators (KRIs)? A. They define the boundaries of risk tolerance. B. They are lagging in nature. C. They are based on quantifiable information. D. They measure progress toward achieving objectives.

Which one of the following is an element of a data security program? A. Increasing the overall efficiency of data systems. B. Implementing a data governance program. C. Storing data back-ups off site. D. Installing agile project management.

Which one of the following is one of the five steps of the risk management process? A. Align and integrate B. Establish accountability C. Scan environment D. Allocate resources

Which one of the following is true regarding the communication stage of strategic redeployment? A. The key to effective communication in a time of disruption is to establish a good relationship with the news media immediately following a crisis. B. Communications to industry associations should be kept to a minimum in order to limit rumors from starting by competitors. C. The sole objective is to preserve or enhance stakeholders' trust and confidence in the organization. D. Transparency in management decisions should be avoided in order to prevent panic.

Which one of the following risk management objectives is critical for a manufacturer seeking new capital from investors, stockholders, and creditors? A. Anticipate and recognize emerging risks B. Social responsibility C. Reduce the deterrent effects of hazard risks D. Eliminate downside risk

Which one of the following statements about standards—risk management, Solvency II, and Basel II and III— is true? A. The Basel II and Basel III standards apply to all European corporations no matter the sector of the economy in which the corporation operates. B. The Solvency II standards were approved by the U.S. Congress and now must be satisfied by all U.S. insurers. C. Many risk management standards, such as ISO 31000, are voluntary. D. The Solvency II standards were promulgated to strengthen U.S. regulation and supervision of the banking sector.

Which one of the following statements about the use of drones is true? A. The use of drones is limited to military applications. B. Space and weight limitations prevent drones from being equipped with sensors and cameras. C. Drones may be equipped with cameras that relay data in real-time. D. The reliance on humans to operate drones severely limits their application for commercial uses.

Which one of the following statements is correct regarding a business continuity plan (BCP)? A. A BCP generally concentrates on one key function or process of an organization. B. The BCP concept involves eliminating the internal, external, and project exposures that could negatively impact operations. C. A BCP is about sustaining operations so an organization isn't irrevocably harmed by an uncontrollable risk. D. The BCP concept is used only with for-profit businesses.

Which one of the following statements is correct regarding an organization's code of ethics? A. The code of ethics should provide an organization with a set of parameters within which it should operate, with little room for interpretation. B. The code of ethics should provide a list of dos and don'ts that employees can use as a framework in making day-to-day decisions. C. The code of ethics should include principles and concepts that are dynamic enough to remain relevant in a rapidly changing business environment. D. The code of ethics should primarily consider the social and ethical needs of its external stakeholders.

Which one of the following statements is true regarding Basel III? A. Basel III is a voluntary standard for the insurers which encourages senior management to take the lead in establishing a strong risk management culture. B. Basel III was developed to reduce the likelihood of insurer insolvency, market disruption, and consumer loss. C. Basel III was developed to address both the risk of individual organizations and systemic risk in the banking sector. D. Basel III is a regulatory standard for banks of the European Union and the United Kingdom

Which one of the following steps in the Business Process Management (BPM) life cycle allows an organization to map out the most efficient process by using what-if analysis? A. Optimizes Processes B. Execute Process Changes C. Model Scenarios

Which one of the following steps of the risk management process requires the risk professional to carefully balance his or her own experience and that of the subject matter experts? A. Identifying risks B. Scanning the environment C. Treating risks

While board-level and executive-level risk committee characteristics differ significantly among organizations, they share some common general responsibilities. Which one of the following is a common general responsibility of executive-level risk committees? B. The executives that must serve on the committee are specified in the Dodd-Frank Act and must include a risk management expert. C. They provide the board with information about key risks and how they are managed (internal risk intelligence). D. They focus on the alignment of the organization's risk profile with its risk appetite and risk tolerance.

A business impact analysis (BIA) should identify the points in time when the interruption would have the greatest impact, what the operational impact would be, and A. Who should be on the recovery team. B. Whether the exposures are external, internal, or project. C. What continuity strategy to use. D. What the financial impact would be.

A risk management professional is identifying the organization's key stakeholders as part of the enterprise risk management program. Which one of the following would be considered an internal stakeholder? A. Unions B. Suppliers C. General public D. Stockholders

A risk-based auditing approach is deemed to be a top-down approach because A. It involves an external review of known potential threats to the organization and then developing an organizational response to those threats. B. It involves review of each department's dependence on financial controls, compliance with federal statutes and audit history. C. It involves review of the current financial controls and compliance to regulations as determined by external auditors. D. It involves identifying and analyzing material risks to the achievement of the organization's objectives and then determining how the risks should be managed.

After opening its third store, Shoehorn Shoes decided to purchase new inventory tracking software for all of its stores. Which one of the following external or internal environments does this decision relate to? A. Economic environment B. Physical environment C. Product environment D. Operations environment

An auditor identifies risks under the risk-based approach by A. Reviewing the organization, department by department to determine if the controls overlap asking, "Is the redundancy needed?" B. Reviewing prior audits, comparing results and asking, and "Has the control environment changed?" C. Looking at each objective, testing each control by asking, "Does this seem appropriate?" D. Looking at each objective and its controls identifying risks by asking, "What might go wrong?"

An organization's goals and objectives are met by establishing and attaining measurable standards for the many activities it pursues. Which one of the following statements is correct with respect to those standards? A. A key performance indicator (KPI) answers the question, "What will make our organization a success?" B. Generally, an organization's risk tolerance has little impact on its critical success factors (CSFs) and key performance indicators (KPIs). C. Organizations with key performance indicators (KPIs) established for critical success factors (CSFs) will typically achieve organizational goals. D. For each key performance indicator (KPI), there is a tolerance level for how much deviation from the standard established in the KPI will be acceptable.

Business process management (BPM) focuses on coordinating all activities of an organization on which one of the following? A. Technology B. Profitability C. Regulatory requirements D. Client satisfaction

Carbon Manufacturing Company just hired a new chief risk officer (CRO) and one of his first tasks was to recommend updated key risk indicators (KRIs) to the chief executive officer (CEO). The CEO was especially interested in KRIs measuring the company's profitability. One area of measurement that the new CRO might want to use is A. Personnel changes. B. Customer invoices. C. Customer orders. D. Aged accounts receivable.

Carol has worked as a payroll clerk for a small organization for 20 years. Over the years she received only two small salary increases and began to embezzle funds from the company since she felt she was not adequately compensated for her job efforts. In terms of the quadrants of risk, Carol's theft risk can be classified as A. A strategic risk. B. A financial risk. C. Both a hazard risk and a financial risk. D. Both a hazard risk and an operational risk.

Corporate governance is defined as A. A body of law that specifies how corporations are legally formed and chartered. B. A diagram of reporting relationships and levels of authority within an organization. C. The reporting chain of command within an organization. D. The mechanisms and procedures that determine how corporations are run.

Corporate officers and boards of directors have the ultimate responsibility for ensuring that corporations meet or exceed legal and regulatory requirements. Which one of the following statements is correct with respect to the role of directors and officers? A. In part because of the 2008-2009 financial crisis, regulation now holds boards of directors fully accountable to their shareholders, the public, and other stakeholders. B. Directors and officers are generally not responsible for balancing the benefits and costs of strategic decisions about risk management. C. In general, corporate governance should seek to ensure that controls are in place to discourage risk taking. D. Directors and officers must instill a culture of integrity in which managers and employees strive to behave appropriately under all circumstances.

Data Entry Company (DEC) offers customers data entry services. A customer can hire DEC to enter survey data to be analyzed. Many DEC employees spend long hours entering data on a computer. DEC has experienced neck strain and wrist pain complaints from their employees, increasing the company's workers compensation costs. DEC investigated the complaints of its data-entry employees. DEC adopted curved keyboards for data entry, wrist-rests for those entering data, and uniform chair heights and display monitor heights to reduce neck strain claims. The science of designing work spaces based on the health concerns of those who will operate in the work space is called A. Big data. B. Accelerometer technology. C. Predictive analytics. D. Ergonomics.

Disaster recovery planning arose from the increasing use of and dependency on A. High-rise construction. B. International travel. C. Global financial institutions. D. Technology.

During the past year, International Toys has undertaken four capital projects. The company has renovated and refurbished one of its aging warehouse buildings. It has purchased the most recent version of its current order processing computer software. It has added two trucks to its fleet of delivery vehicles. Lastly, it has purchased a new production machine that will allow it to launch a new product line. Which one of the following company projects is the most speculative risk? A. The two new trucks B. The warehouse refurbishment C. The software upgrade D. The new production machine

Encrypting data is an example of A. An enterprise risk management program B. A regulatory compliance program. C. A data governance program. D. A data security program.

Examples of Principles-Based Regulations include all of the following, EXCEPT: management of a publicly traded company must publicly disclose that control to all stakeholders in the firm. B. Insurance companies must retain sufficient capital to ensure that policyholder obligations are met. C. Corporations must fairly and accurately report on the financial condition of the firm to all stakeholders. D. Restaurant employees must wash their hands every time they use the restroom.

For an organization, a key performance indicator (KPI) measures the performance of a specific activity at a predetermined level or amount. Which one of the following is an example of a KPI based on a ratio? A. Customer-focused website B. High employee morale C. Safe transport of customer goods D. Inventory turnover

Future-Com is a rapidly growing communication device company. It distributes its communication devices through a fleet of Future-Com trucks. In consultation with internal audit, the fleet of Future-Com delivery trucks was outfitted with sensors that monitor other traffic in proximity to Future-Com trucks. The sensors alert drivers if there's a stalled vehicle ahead, if a vehicle is beside the truck in an area hard to see, and if a vehicle is following too closely behind the truck. The sensors installed by Future-Com and the feedback they provide to the drivers illustrate the use of which of the following emerging technology? A. Artificial intelligence. B. Natural language processing. C. Radio frequency identification. D. Machine learning.

Green Corporation suffered severe losses due to tornados at its northern facility. The Board of Directors issued a statement that the current costs outweighed any sustainable profits in the near term. The risk manager can best assist the Board in its long term decision making by A. Following the directives of the board of directors preserving his/her position with the company. B. Offering a white paper on the merits of shutting down the facility, laying off the staff and shifting the work to other locations. C. Playing no role since the risk manger's focus is on preventing loss rather than reviewing senior management decisions. D. Providing data on the frequency of wind storms, and work with the risk center and risk owner at that location to find alternatives to protect the facility.

In an effort to reduce expenses, increase profitability, and reduce human errors; ABC Insurance Company decided to automate most of its personal lines underwriting function. The company now uses standardized application forms that are submitted electronically to one of the company's regional offices. At each regional office, a computer with a scanner reads the applications. The computer has been programmed with acceptable answers to the questions. If the answers on the application are all acceptable, the policy is automatically issued. Rejected applications are automatically forwarded to a human underwriter who reviews them. The use of this technology has reduced the company's expense ratio by two and a half percent, and reduced the time it takes to issue a policy. ABC Insurance Company's use of computers to evaluate applications electronically is an application of A. Radiant sensors. B. Actuator technology. C. Risk management information systems. D. Artificial intelligence.

In terms of data governance, IT employees hold the role of A. Rule developers. B. Data stewards. C. Compliance regulators. D. Data custodians.

It is necessary to define functions that should be performed by internal audit rather than the enterprise risk management (ERM) team because A. Internal audit and risk managers share responsibilities for governance and compliance for the organization. B. ERM is all encompassing and if not controlled will absorb internal audit functions. C. The Institute of Internal Auditors (IIA) guidelines are used to avoid confusion in an organization and clarify financial compliance issues. D. Clarification of functions helps avoid redundancy and foster a strong working relationship.

Jack is a regional sales manager. He is having a staff meeting to present the business plan and goals for the upcoming year. Jack will use a PowerPoint presentation to present some of the data visually. Which one of the following best describes Jack's method of communication? A. Informal written communication B. Formal nonverbal communication C. Informal verbal communication D. Formal verbal communication

Jean is the Risk Manager for a Fortune 1000 company. Her CFO has tasked her to analyze vulnerabilities in the firm's supply chain. The adequacy of suppliers to meet an organization's needs would be an example of which one of the following types of risk? A. Financial risk B. Strategic risk C. Operating risk D. Operational risk

Lucy is a chef at a restaurant. She is growing tired of working such long hours and not reaping the financial benefits. Lucy has been saving money with the goal of opening her own restaurant. She recently talked to a financial advisor about the options market as a way to grow her savings quickly. The financial advisor explained that it is a risky choice, but could potentially allow her to reach her goal of owning a restaurant in the near future. Lucy has decided to invest her savings in the options market. Which one of the following types of risk attitude does Lucy exhibit? A. Risk optimizing B. Risk managed C. Risk obsessed D. Risk seeking

Martin Pruitt was hired by Regional Bank Company (RBC) to strengthen the company's internal control efforts. Martin implemented a computer scanning program to detect fraud. The scanning program flagged a suspicious account. When Martin investigated the account, he learned that someone in the bank's technology department had created the account. When the bank credits monthly interest on depositor accounts, any fractional cents are rounded-down to the nearest cent. The technology department official programmed the system so that any fractional cents lost due to rounding were deposited to the account owned by the technology department official. The scanning program Martin Pruitt implemented used computers to learn from the data analyzed. This application of emerging technology illustrates the use of A. Risk management information systems. B. Artificial intelligence. C. Computer simulation. D. Machine learning.

One advantage that a national organization would derive from creating risk centers is that it A. May allow risks to be managed on a small scale thereby relieving the organization from focusing attention on it. B. Allows more independence for the risk centers so that they are not burdened with procedures. C. May segregate risks to protect the larger organization if the risk center fails. D. Allows for participation by operational managers who may contribute to the risk analysis.

One enterprise risk management (ERM) approach to categorizing risks involves dividing risks into four risk quadrants. The risks categorized as hazard risks are A. Speculative risks that fall outside the operational risk category. B. Fundamental to an organization's existence and business plans. C. Traditionally handled by the treasury function. D. Traditionally managed by risk management professionals.

One internal control integrated framework consists of five essential components: the control environment, risk assessment, control activities, information and communication, and monitoring activities. When these components are applied across the organization, they create a "cube." This framework is the A. Financial Accounting Standards Board's (FASB's) Internal Control Standard. B. International Organization for Standardization's (ISO's) framework. C. Institute of International Auditors (IIA) International Standards for the Practice of International Auditing. D. Committee of Sponsoring Organizations of the Treadway Commission's (COSO's) framework.

One of the key department players in compliance program implementation is Internal Audit. As such, the main responsibility of Internal Audit involves which of the following? A. Compliance with employment laws B. Employee health and safety C. Product safety and environmental control D. Oversight of financial compliance

One of the strategic objectives for Cromley Insurance Group is customer satisfaction. Which one of the following is a critical success factor (CSF) that would help refine this strategic objective? A. High profitability B. Increase retention ratio by 5% C. Reduce claim activity by 4 to 6% D. High customer retention

Paragon Coffee Company has 15 locations throughout California. It serves a wide variety of imported coffee and a small selection of baked goods. Within a period of 24 hours, over 30 individuals arrived at local hospitals suffering from severe stomach pain and nausea. It was quickly discovered that they had all consumed products from Paragon Coffee Company in the prior days. The managers at two of the locations were notified of the concern by the hospitals, and immediately contacted the corporate office per corporate guidelines. Which one of the following should be the first priority as Paragon Coffee Company begins to deal with this crisis? A. Protecting the company assets B. Controlling communication from hospitals and customers C. Determining the supplier that is responsible D. Protecting people

Precision Electronic Components manufactures circuit boards, microchips, and other electronic products. Given the precision necessary for their products, the manufacturing environment must be controlled. Temperature, humidity, static electricity and other factors must be monitored. After losing several batches of products due to human monitoring failures and imprecise adjustments, the company moved to a system of sensors. The sensors monitor and regulate temperature, humidity, static electricity, and other factors. The sensors transmit data to and from each other, and the manufacturing environment is continuously adjusted to assure production is successful. The network of sensors transmitting data and the autonomous corrective actions without human interaction is called A. Sensitivity analysis. B. Computer-directed manufacturing. C. Web-based manufacturing. D. The Internet of Things.

Sims Cinnamon Rolls and Donuts creates confectionery masterpieces for business conventions. Knowing how much a warm cinnamon roll or fresh donut means to a conventioneer just arriving from out of town, Sims' decides to implement a standard that 100% of its orders be delivered 60 minutes before the start of each convention. This is an example of which of the following kinds of compliance requirements? A. External and Mandatory B. External and Voluntary C. Internal and Mandatory D. Internal and Voluntary

Take Your Order (TYO) is a company that specializes in taking product orders for vendors. The manufacturer of a product can run a television or internet ad for a product with a toll-free number. Customer calls for the products are routed to TYO, where one hundred operators are available to receive the calls. Each operator is assigned a cubicle with a computer terminal, video display monitor, and a telephone. TYO experienced high workers compensation claims from its operators, claiming neck strain, eye strain, and wrist pain. In an effort to reduce such injuries, TYO evaluated each operator's work area. The height of chairs and video monitors were adjusted, curved computer keyboards and wrist-rests were provided, and the telephones were replaced with audio headsets. Workers compensation costs dropped significantly. The science of designing work spaces based on interaction between people and the equipment in the work space is called A. Smart systems. B. Artificial intelligence. C. Data analytics. D. Ergonomics.

The Sarbanes-Oxley Compliance (SOX) category involves all of the following compliance levels, EXCEPT: A. External B. Mandatory C. Internal D. Voluntary

The development and implementation of a business continuity plan entails seven steps. Which one of the following steps involves assessing what events may occur, when they will occur, and how they could affect achievement of key objectives? A. Understanding the business B. Developing a continuity plan C. Performing a risk assessment D. Conducting a business impact analysis

The owners of West Coast Inn have identified a number of external risks to their business that are uncontrollable. They have decided to a business continuity plan in order to minimize the negative effects of the risks on its operations. West Coast Inn's plan will use a combination of a contingency model and a risk-transfer model. Which one of the following activities would be part of the risk-transfer model? A. Contracting with a nearby inn to be backup for each other's customers B. Purchasing a generator to help maintain operations C. Maintaining a separate site in a neighboring town D. Purchasing business interruption insurance

The service representatives for Tauton Insurance will be eligible for a bonus only if the customer retention rate is increased by 5%. This is an example of which one of the following standards? A. A critical success factor derived from a strategic objective B. A severe risk tolerance level C. A key performance indicator based on financial ratios D. A corrective measure linked with an identified tolerance level

There are four major objectives of a compliance program. Which one of the following would not be considered an objective? A. Provide assurance to key stakeholders that the firm is in compliance with all laws, regulations and policies B. Receive benefits from external sources for having an effective compliance program such as regulatory approval C. Create a culture that encourages compliance and oversight within the firm D. Notifying the United States Sentencing Commission of all reported incidents

When communicating a decision up the organization's chain of command, consulting with outside experts can help a risk management professional do which one of the following? A. Seek feedback from stakeholders B. Stay focused on the organization's objectives C. Define the organization's risk appetite D. Enhance stakeholders' confidence in the process

Which one of the following answers the question, "What shows we are a success?" A. Risk tolerance level B. Strategic objective C. Critical success factor D. Key performance indicator

Which one of the following bases of organizational culture are exhibited through the organization's goals and the manner in which it pursues its goals? A. Beliefs B. Assumptions C. Behavior D. Values

Which one of the following best describes an effective way to construct internal controls? A. The controls should be system based with oversight by one or two individuals. B. The controls should be quantitative and include segregation and transfer options. C. The controls should lend themselves to true risk management concerns. D. The controls should be linear and create checks and balances.

Which one of the following best explains how most smart products potentially improve risk management? A. They measure worker fatigue. B. They scan and inspect structures for unsafe conditions. C. They assess risks in dangerous areas. D. They generate big data to which advanced analytics can be applied.

Which one of the following functions of a data management program would allow accounting transactions to automatically update an organization's financial statements? A. Data governance B. Data access C. Data preparation D. Data integration

Which one of the following is a positive risk for a start-up business? A. Inability to obtain raw materials B. Fire damaging the production facility C. Distribution inefficiencies D. Attracting investor interest

Which one of the following is an example of a compliance requirement that is internal and mandatory? A. Requiring that all full-time employees have workers compensation insurance B. Requiring employees to conserve energy by turning off the lights at the end of the day C. Requiring all employees to consider car-pooling with other employees D. Requiring all employees working in the foundry to wear hearing protection

Which one of the following is an example of a data governance tool? A. Metadata B. Risk Management C. Data integration D. External Policy

Which one of the following is an example of an external key risk indicator (KRI) that a manufacturer might monitor? A. Amount of budget variances B. Number of employee injuries C. Age of accounts payable D. Cost of raw materials

Which one of the following is an example of an internal key risk indicator (KRI) that a contractor might monitor? A. Cost of lumber B. Interest rates C. Availability of skilled labor D. Budget variances

Which one of the following is true regarding internal audit involvement with enterprise risk management (ERM) efforts? A. Internal audit is not becoming more involved with ERM efforts because internal audit must remain independent and objective. B. Internal audit is responsible for the organization's compliance with all governance issues, including ERM compliance. C. Internal audit is responsible for reviewing controls in an organization which includes ERM programs. D. Internal audit is increasingly asked to evaluate organizational risks, including strategic, financial and hazard risks.

Which one of the following is true regarding social responsibilities and governance? A. Governance is based on organizational beliefs while social responsibilities are a set of parameters within which governments and organizations operate. B. Social responsibilities vary widely from organization to organization, while governance does not vary widely from organization to organization. C. In general, organizations have similar philosophies in their approach to compliance and social responsibilities. D. Social responsibilities are based on organizational beliefs while governance is a set of parameters within which governments and organizations operate.

Which one of the following organizational policies or practices is based on a code of ethics? A. An annual compliance audit of each field underwriting office that is conducted by the home office staff B. The designation of 2 workdays a year for employees to participate in local civic and volunteer activities C. A company policy that offers a 10 percent discount to teachers and members of the military D. A disclosure requirement regarding any potential conflict of interest an accountant might have in working with specific clients

Which one of the following regulatory approaches provides an organization with more certainty and greater predictability? A. Principles-based B. Risk-based C. Evidence-based D. Rules-based

Which one of the following statements is correct regarding the personal data and privacy positions of the European Union (EU) and the U.S.? A. Class-action lawsuits over privacy are commonplace in the EU, but rare in the U.S. B. The U.S. has a stronger cultural expectation of privacy than the EU. C. U.S. companies are required to comply with the EU's General Data Protection Regulation (GDPR) only if they have employees in the EU. D. The EU has one all-encompassing data protection framework and the U.S. has several more targeted privacy laws.

Which one of the following uses infrared light to detect nearby objects? A. Wearables B. Drones C. Robots D. Lidar

While corporate governance is concerned with separating ownership and control, it is also concerned with separating control from A. Management. B. Shareholding. C. Compliance. D. Oversight.

While risk management and internal audit have a shared goal of managing organizational risks, risk management and internal audit have traditionally been separate. Which one of the following roles is the responsibility of internal audit? A. Designing the organization's risk management plan B. Determining the appropriate risk treatment measures to apply to the various risks facing the organization C. Working with business managers to establish internal risk management controls D. Checking the internal risk controls to ensure they are in place and working

A.R.M. 400 Exam Practice

Conjuntos de estudio relacionados

[TieuGia] PSM I Course_FULL_v2.0

Political Science 1000 - Final Exam

Quiz: How Information is Created

Business Finance Exam 2 (5,6,7,8)

ISQS Test 1

AP Euro Ch 27 Practice Questions

informatics final

Systems Analysis and Design Unit 4

Networking Exam 3

SGU Antimicrobials

CMW Script

Management 3000H Exam #1 Possible Questions

NCLEX-PN Safety and Infection Control

Bio Chapter 8 Study

Chapter 4

Business Exam #1

Homework #3

Profit

Chem 25 Chapter 2-3

NUR 2420 Maternal Nursing Chapter 18: Nursing Management of the Newborn