ARM 400
Encrypting data is an example of
. A data security program.
Ensuring quality data requires a
. Systematic and purpose-driven review process.
Which one of the following statements is true regarding the roles of a risk champion and a chief risk officer?
A chief risk officer is more likely to have a dedicated staff to assist with the responsibilities of his or her job.
Which one of the following is a critical component to achieving true operational resiliency?
A culture of openness and trust
An independent auditor has been given the task of evaluating internal controls at Westside Company (Westside). The auditor has determined that Westside's board of directors has endorsed a framework requiring management to have documented internal reporting controls to ensure efficient operations, accuracy of financial statements, and compliance with regulations. The framework is applied at the entity and divisional levels, but not the operating unit or functional levels. The program is new so it has not yet been monitored. The auditor is likely to report that
A. The selected method does not align with the Committee of Sponsoring Organizations of the Treadway Commission's (COSO) Internal Control—Integrated Framework because it must also be applied at the operating unit and functional levels and it must be monitored.
Many banks are using technology to search for and detect cyber-security threats locally and in the cloud. This application of technology, in which machines learn from humans, illustrates the use of
Artificial intelligence.
Mutual Fund Company (MFC) offers a wide array of mutual fund options to investors. Each mutual fund has a different fund objective and set of investment guidelines that apply to the fund. While MFC gives considerable freedom to its fund portfolio managers, they are required to abide by the fund's investment guidelines. To monitor compliance, MFC developed a computer algorithm. The computer algorithm continuously monitors each fund's compliance with investment guidelines. If a fund manager violates the investment guidelines, the computer immediately notifies MFC's internal control director, and corrective action is taken. MFC's use of the computer algorithm to monitor investment compliance and to provide notification when corrective action is necessary illustrates use of
Artificial intelligence.
Which one of the following is the first step that should be taken by the senior manager who is responsible for the organization's compliance program?
Assemble a task force from all major functions within the organization
To gain a competitive advantage, maintain profitability, and satisfy customers an organization must
Be able to trust its data
Which one of the following is an example of an internal key risk indicator (KRI) that a contractor might monitor?
Budget variances
The Committee of Sponsoring Organizations of the Treadway Commission's (COSO's) Internal Control—Integrated Framework provides
Common standards designed to increase effectiveness and efficiency of operations and reliability of financial reporting while ensuring compliance with applicable laws and regulations.
Donna's Dog Treats has been very successful in the Boston area and would like to expand to new cities. Donna knows that she cannot make this decision based on customer advice and blind faith. She has collected internal financial and operational data as well as external data from reliable sources. Donna has hired an analyst to review the data quality. The analyst is reviewing the data to see if it includes the demographics for each target city that Donna is considering. Which one of the following data-quality principles is being evaluated?
Comprehensiveness
Autonomous Vehicle Applications (AVA) is a start-up company that develops safety technologies that can be sold to companies that are producing autonomous vehicles. One technology AVA is developing allows an autonomous vehicle to detect, extract, and analyze images; and then to respond to the images. For example, the technology would detect a presence in a crosswalk, extract the image, and a computer would analyze the image. When the image was determined to be a human being, the vehicle would slow down or stop until the crosswalk was clear. This technology, which is designed to capture and analyze images, and to act on the recognition of the image; is called
Computer Vision
One corporate governance issue is accountability of directors. One method to increase accountability of directors is to
Conduct regular meetings of outside directors without management being present.
The emerging technologies applied to risk assessment and control link the physical domain to the virtual domain. Together, these domains linked by the emerging technologies create a
Connected ecosystem.
Colossal Casualty Insurance Company decided to conduct an internal audit of the company's operations. As part of the internal audit, several fictitious claims were submitted to the claims department to see if the claims would be approved and paid. Which one of the Committee of Sponsoring Organizations of the Treadway Commission's (COSO's) components of internal control was examined by this internal audit test?
Control environment
All of the following are true regarding the composition of boards of directors, EXCEPT
Corporate boards are uniform in size with 13 directors.
Which one of the following is a basic process in any data security program?
Develop and enforce stronger password protocols
When communicating a decision up the organization's chain of command, consulting with outside experts can help a risk management professional do which one of the following?
Enhance stakeholders' confidence in the process
All of the following are mechanisms to align manager and shareholder interests, EXCEPT:
Expansion and growth
Which one of the following statements is correct regarding risk owners?
Generally, the stakeholder who is most affected by or creates a risk should be its risk owner.
The main advantage of a formal internal communication system is that
Individuals know to whom to report.
Metadata contains
Information about data as well as rules about that data
In many organizations, disaster recovery is considered a function of which one of the following departments?
Information technology
The fundamental purpose of a risk management framework is to
Integrate risk management throughout the organization
The Federal Sentencing Guidelines require a senior manager to have responsibility for the organization's entire compliance program. The individual selected is typically from which one of the following functions of the organization?
Internal audit
Which one of the following is true regarding internal audit involvement with enterprise risk management (ERM) efforts?
Internal audit is increasingly asked to evaluate organizational risks, including strategic, financial and hazard risks.
Which one of the following best describes if it is within the scope of duties for an internal auditor to assist the company's enterprise risk management (ERM) program?
It is within the scope. Assisting with the management of key risks, including effectiveness of controls lend support to the ERM program.
An organization must meet the standard of care that it owes to others in order to ensure that
Legal obligations are satisfied
Which one of the following uses infrared light to detect nearby objects?
Lidar
An auditor identifies risks under the risk-based approach by
Looking at each objective and its controls identifying risks by asking, "What might go wrong?"
A municipal water plant installed water flow sensors and water pressure sensors on the water pipes leaving the plant. The sensors make sure water is flowing properly and that there are no leaks or clogs which could produce a loss. These types of sensors are
Mechanical Sensors
Which one of the following provides the frame of reference needed so data can be used appropriately for analysis and decision-making?
Metadata
After opening its third store, Shoehorn Shoes decided to purchase new inventory tracking software for all of its stores. Which one of the following external or internal environments does this decision relate to?
Operations environment
A holistic approach that allows companies to better withstand short-term shocks and help ensure long-term business viability is known as
Organizational resiliency.
It's not cost effective to use human assets to inspect tracks, bridges, and trestles. Instead, SIR has started to use drones. A drone can fly low over tracks and above/below bridges and trestles. The drones record video that is transmitted to corporate headquarters where it is simultaneously scanned for derailment hazards. In the past six months, the drones detected a track blockage caused by a rock slide and damage to tracks in a remote area cause by an earthquake. SIR dispatched work crews to make the tracks once again passable, and no derailments occurred. SIR's use of drones, video, real-term video scanning, and computer analysis illustrates which one of the following?
Preventative analytics
Which one of the following statements is true with regard to preventive analytics?
Preventive analytics uses smart products and data analytics to identify root loss causes and their implications.
The business process management (BPM) life cycle incorporates five steps. Which one of the following best describes the first step in the BPM process?
Processes are designed or redesigned by considering workflows and affected personnel.
Sound risk management decisions are predicated on
Quality data.
Which one of the following is an example of a compliance requirement that is internal and mandatory?
Requiring all employees working in the foundry to wear hearing protection
Examples of Principles-Based Regulations include all of the following, EXCEPT:
Restaurant employees must wash their hands every time they use the restroom.
Be-Ne-Lux Insurance is an insurer operating in Belgium, the Netherlands, and Luxembourg. Be-Ne-Lux is subject to the Solvency II standards. Company managers believed the company was adequately financed, however it was determined that the company did not have adequate assets based on the uncertainty of its operating performance. The standard that Be-Ne-Lux failed to meet is
Risk Based Capital
In accordance with the Three Lines of Defense Model, how does risk management act as the second line of defense?
Risk management supports and monitors operational management's implementation of risk management practices.
Which one of the following regulatory approaches provides an organization with more certainty and greater predictability?
Rules Based
Which one of the following continuity strategy models involves maintaining two or more active sites that are geographically dispersed?
Split operations model
Company G is a manufacturer of high profile golf equipment. The risk management professional for Company G is concerned about loss of business related to product design. Failing to respond to changing customer demand and preferences in the design of golf clubs could cost Company G significant market share. Categorized according to the quadrants of risk, this exposure to loss is classified as
Strategic Risk
Which one of the following statements is correct regarding the personal data and privacy positions of the European Union (EU) and the U.S.?
The EU has one all-encompassing data protection framework and the U.S. has several more targeted privacy laws.
A corporate board of director's chair person is elected by
The board of directors.
Which one of the following statements is correct regarding an organization's code of ethics?
The code of ethics should include principles and concepts that are dynamic enough to remain relevant in a rapidly changing business environment.
Which one of the following best describes an effective way to construct internal controls?
The controls should be linear and create checks and balances.
Which one of the following statements is true regarding separation of ownership and control in corporations?
The incentive for managers and non-management board members to pursue their own interests at the expense of shareholders gives rise to agency costs.
All of the following are true regarding the Federal Sentencing Guidelines, EXCEPT:
They are mandatory
Some best practices models call for the formation of a risk committee with a risk management focus at the organization's executive management level. Which one of the following statements best describes one of the responsibilities of an executive-level risk committee?
To approve the organization's risk management strategies, including their design and implementation.
Which of the following statements best describes the risk governance role and responsibility of a corporate board of directors?
To set the organization's risk appetite and to stay informed of the most significant risks to the organization and management's responses.
Aligning risks with the organization's risk appetite defines
Tolerable uncertainty