ARM 400 Practice Exams - all chapters!!!!

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Business Process Management (BPM)

A systematic, iterative plan to analyze and improve business processes through life-cycle phases to achieve long-term goals and client satisfaction.

Which one of the following is true regarding internal audit involvement with enterprise risk management (ERM) efforts?

Internal audit is increasingly asked to evaluate organizational risks, including strategic, financial and hazard risks

A data governance committee (DGC)

Is cross-functional

Karen Williams, a retired chief financial officer of a bank, was invited to join the board of directors of ABC Property and Liability Insurance Company. She was asked to serve on the Audit Committee and the risk committee of the ABC board. Which of the following statements is true regarding Karen's service on the ABC board of directors?

The entire board of directors retains oversight responsibility over risks that are assigned to Karen's Audit Committee

Five steps of BPM Life Cycle

1) Design/redesign processes 2) Model scenarios 3) Execute process changes 4) Monitor results 5) Optimize processes

Which one of the following is a data governance committee (DGC) responsibility?

A data governance committee ensures there are few conflicts or redundancies in data standards and practices.

The fees paid to external auditors to verify the corporation's financial statements are an example of

A monitoring cost

The fees paid to external auditors to verify the corporations financial statements are an example of

A monitoring cost

Evidence based regulation

A regulatory approach that collects and uses objective performance data to set, evaluate, and improve policies

risk-based regulation

A risk management approach to allocating resources to address risks in a way that will achieve the greatest good

One advantage that a national organization would derive from creating risk centers is that it

Allows for participation by operational managers who may contribute to the risk analysis

Mathias Manufacturing suffered a major business disruption due to a fire at one of its locations. Management has set up a center of operations with the business intelligence information available to test various production scenarios. Mathias is in which one of the following stages of strategic redeployment planning?

Alternative marketing stage

Risk Tolerance

Amount of risk an organization is able to bear given its financial capacity

The importance of strong control environments with independent oversight have become increasingly important

As organizations become more complex

Which one of the following best describes why the Institute for Internal Auditors (IIA) has designed standards assessing the need for internal audit to evaluate the effectiveness of risk management?

Audits are conducted under diverse legal and cultural environments. Requiring an auditor to validate particular points ensures that auditors and their activities meet their responsibilities

To gain a competitive advantage, maintain profitability, and satisfy customers an organization must

Be able to trust its data.

In addition to metal detector, many airports have installed a second type of scanning technology for baggage and cargo. The checked bags and cargo pass through a portal with scanners programmed to detect and test for explosive trace fumes. These scanners, which detect explosives based on air samples, are an example of what type of sensor used for risk assessment and control?

Biochemical sensors

Which one of the following categories of agency costs is assumed by managers?

Bonding costs

It is necessary to define functions that should be performed by internal audit rather than the enterprise risk management (ERM) team because

Clarification of functions helps avoid redundancy and foster a strong working relationship

Management controls

Coordinate resource allocation, motivate performance, and measure outcomes — capital budgeting, expense variance reviews, balanced scorecards

Which one of the following plans calls for action before, during, and after catastrophes with a focus on saving lives, reducing property losses, and conserving resources during recovery?

Crisis management plan

Encouraging the expression of feelings as well as facts and following up with employees on the problems they report are two ways that managers and supervisors can

Cultivate two-way communication

Under the General Data Protection Regulation (GDPR), a data controller's role is to

Define how and for what purpose personal data should be processed

Internal data entry processes that capture accounting transactions, customer data or other operational transactions are called

Data capture

In terms of data governance, IT employees hold the role of

Data custodians

Key risk indicators (KRIs) can be established for various levels within an organization. Which one of the following levels of an organization usually has the most detailed KRIs?

Department level

Which one of the following is a basic process in any data security program?

Develop and enforce stronger password protocols.

Which one of the following best describes how internal audit supports enterprise risk management (ERM)?

ERM implements risk management activities and internal audit assesses the results

Which one of the following stages of a redeployment plan is designed to protect people, physical assets, and reputation?

Emergency stage

Which one of the following provides a measure of the maximum potential damage associated with an occurrence?

Exposure

T or F? Business process management is successfully completed when a process (or process improvement) is deemed to be a total success

False. Regardless of whether a process is a total success, the five-step BPM life cycle is not complete. In fact, one of the major benefits of the BPM life cycle is that it promotes continual improvement

An organization's goals and objectives are met by establishing and attaining measurable standards for the many activities it pursues. Which of the following statements is correct with respect to those standards?

For each key performance indicator (KPI), there is a tolerance level for how much deviation from the standard established in the KPI will be acceptable

The Federal Sentencing Guidelines require a senior manager to have responsibility for the organization's entire compliance program. The individual selected is typically from which one of the following functions of the organization?

Internal audit

A speaker imparts information in verbal communications by

Having good listening skills and expressing facts and emotions through words and sometimes visual displays

One of the strategic objectives for Cromley Insurance Group is customer satisfaction. Which one of the following is a critical success factor (CSF) that would help refine this strategic objective?

High customer retention

Which one of the following should be part of an organization's standard operating procedures (SOPs) concerning external stakeholder communications?

Instructions regarding what types of information can and cannot be released

The fundamental purpose of a risk management framework is to

Integrate risk management throughout the organization

Sims Cinnamon Rolls and Donuts creates confectionery masterpieces for business conventions. Knowing how much a warm cinnamon roll or fresh donut means to a conventioneer just arriving from out of town, Sims' decides to implement a standard that 100% of its orders be delivered 60 minutes before the start of each convention. This is an example of which of the following kinds of compliance requirements?

Internal and voluntary

A risk-based auditing approach is deemed to be a top-down approach because

It involves identifying and analyzing material risks to the achievement of the organization's objectives and then determining how the risks should be managed

Which one of the following best describes if it is within the scope of duties for an internal auditor to assist the company's enterprise risk management (ERM) program?

It is within the scope. Assisting with the management of key risks, including effectiveness of controls lend support to the ERM program

Which one of the following answers the question, "What shows we are a success?"

Key performance indicator

Which one of the following measures the progress an organization has made toward attaining it's goals within a specific amount of time?

Key performance indicator

An organization must meet the standard of care that it owes to others in order to ensure that

Legal obligations are satisfied

As a market force to help align manager and shareholder interests, takeover threats are

Less likely now than in the past because of statutory changes

Which one of the following uses infrared light to detect nearby objects?

Lidar

Mid-State Packing Company, a meat processing company, is the largest private sector employer in Metro City. First National Bank of Metro City loans money to Mid-State Packaging Company and to many of the employees of Mid-State. The problem with First National Bank of Metro City loaning money to both the business and many employees of the business is that

Loan defaults are likely to be highly correlated

An auditor identifies risks under the risk-based approach by

Looking at each objective and it's controls identifying risks by asking, "What might go wrong?"

The managers and executives at Oakes Corporation feel pressure to improve quarterly financial results because they have become the laughingstock of their competitive niche. They wish to change this and restore the excellent light in which competitors once viewed them. Such concerns of the past of Oakes leadership reflect concern for

Management reputation

Which one of the following statements about standards - risk management, Solvency II, and Basel II and III - is true?

Many risk management standards, such as ISO 31000, are voluntary

Which one of the following statements regarding the structure and role of a board of directors is true?

Members of the board elect a director to be chairman of the board

Which one of the following provides the frame of reference needed so data can be used appropriately for analysis and decision-making?

Metadata

One of the categories of agency costs associated with managing the relationship between management and shareholders is

Monitoring costs

There are four major objectives of a compliance program. Which one of the following would not be considered an objective?

Notifying the United States Sentencing Commission of all reported incidents

While corporate governance is concerned with separating ownership and control, it is also concerned with separating control from

Oversight

One of the key department players in compliance program implementation is Internal Audit. As such, the main responsibility of Internal Audit involves which of the following?

Oversight of financial compliance

SIR's use of drones, video, real-term video scanning, and computer analysis illustrates which one of the following?

Preventative analytics

Which one of the following statements is true with regard to preventative analytics?

Preventative analytics uses smart products and data analytics to identify root loss causes and their implications.

Rules based or principles based: Corporations must fairly and accurately report on the financial condition of the firm to all stakeholders

Principles based

Rules based or principles based: Restaurant managers must ensure that employees maintain high standards of hygiene

Principles based

When comparing principles-based regulation with rules-based regulation, which one of the following statements is correct?

Principles-based regulation responds more quickly to a changing environment

An organization has established a key performance indicator to "reduce employee injuries by 6%." Which one of the following would indicate a low risk tolerance for this KPI?

Reduce employee injuries by 5 to 6%

Which one of the following risk management objectives is critical for a manufacturer seeking new capital from investors, stockholders, and creditors?

Reduce the deterrent effects of hazard risks

Preventative controls assist the overall control environment of an organization by

Reducing risk of unauthorized actions

Which one of the following is an example of a compliance requirement that is internal and mandatory?

Requiring all employees working in the foundry to wear hearing protection

Which one of the following terms refers to information used as a basis for measuring the significance of a risk?

Risk criteria

In accordance with the Three Lines of Defense Model, how does risk management act as the second line of defense?

Risk management supports and monitors operational management's implementation of risk management practices

Which one of the following best describes how internal audit compliments a risk management initiative?

Risk managers identify, assess and prioritize risks. Internal audit develops a risk-based auditing plan that addresses material risks to an organization

Mechanisms that can be used to align a corporations managerial and shareholders interests include all of the following, EXCEPT

Risk-averse behavior

Be-Ne-Lux Insurance is an insurer operating in Belgium, the Netherlands, and Luxembourg. Be-Ne-Lux is subject to the Solvency II standards. Company managers believed the company was adequately financed, however it was determined that the company did not have adequate assets based on the uncertainty of its operating performance. The standard that Be-Ne-Lux failed to meet is

Risk-based capital

Rules based or principles based: Senior management must sign a corporation's financial statements to certify that they are a fair and accurate depiction of the financial condition of the firm

Riules based

Rules based or principles based: Restaurant employees must wash their hands every they use the restroom

Rules based

Though various parties incur costs in monitoring corporate decision-makers, most monitoring costs are shouldered by which one of the following?

Shareholders

Twice a year, Medford Factory gives employees a day off to work in the community where the factory is located. The employees prepare and serve a holiday meal for members of the community, and they clean the neighborhood park in the spring. This practice is based on Medford Factory's

Social responsibility

As a category of agency costs, bonding costs include

Stock options and restricted stock

Key risk indicators (KRIs) help organizations identify issues that can lead to losses. Effective KRIs are based on a company's

Strategic objectives

Ensuring quality data requires a

Systematic and purpose-driven review process

Regarding diversifiable and nondiversifiable risk, which one of the following statements is accurate?

Systemic risks are generally nondiversifiable.

Humongous Corporation has announced that it seeks strategic growth through acquisition. It is carefully eyeing a smaller company, Tiny Corporation. Tiny Corporation is aware of such scrutiny and interest. Within Tiny Corporation, a market force that can help align interests of its corporate decision makers and shareholders is which one of the following?

Takeover threats

Which one of the following best describes an effective way to construct internal controls?

The controls should be linear and create checks and balances

According to the law of large numbers, as the number of exposure units insured increases,

The relative accuracy of predictions about future losses increases

The focus of risk quadrants is different from the focus of risk classifications in general. While the classifications of risk focus on some aspect of the risk itself, the four quadrants of risk focus on

The source of risk and who has traditionally managed it

Which one of the following is a main characteristic of effective key risk indicators (KRIs)?

They are based on quantifiable information

All of the following are true regarding the Federal Sentencing Guidelines, EXCEPT

They are mandatory

Which one of the following best describes why many purchasers require an ISO 9001 certification prior to buying a business?

To ensure that internal standards and controls are in place

A KPI answers the question

What shows that we are a success

A CSF answers the question

What will make our organization a success

Which one of the following is an example of a data governance tool?

external policy

Which one of the following defines the duties of a data steward?

A data steward is an experienced business analyst

The data quality principle of reasonability refers to

The materiality or relevance of data

Which one of the following statements is true regarding the roles of a risk champion and a chief risk officer?

A chief risk officer is more likely to have a dedicated staff to assist with the responsibilities of his or her job.

The service representatives for Tauton Insurance will be eligible for a bonus only if the customer retention rate is increased by 5%. This is an example of which of the following standards?

A corrective measure linked with an identified tolerance level

Which one of the following is a data governance committee (DGC) responsibility?

A data governance committee ensures there are few conflicts or redundancies in data standards and practices

Which one of the following organizational policies or practices is based on a code of ethics?

A disclosure requirement regarding any potential conflict of interest an accountant might have in working with specific clients

Carbon manufacturing company just hired a new chief risk officer and one of his first tasks was to recommend updated key risk indicators to the chief executive officer. The CEO was especially interested in KRIs measuring the company's profitability. One area of measurement that the new CRO might want to use is

Aged accounts receivable

Many banks are using technology to search for and detect cyber-security threats locally and in the cloud. This application of technology, in which machines learn from humans, illustrates the use of

Artificial intelligence

One internal control integrated framework consists of five essential components: the control environment, risk assessment, control activities, information and communication, and monitoring activities. When these components are applied across the organization, they create a "cube." This framework is the

Committee of Sponsoring Organizations of the Treadway Commission's (COSO's) framework

COSO's Internal Control - Integrated Framework provides

Common standards designed to increase effectiveness and efficiency of operations and reliability of financial reporting while ensuring compliance with applicable laws and regulations

The Committee of Sponsoring Organizations of the Treadway Commission (COSO) describes internal control as consisting of five essential components, one of which is risk assessment. This component

Considers management's efforts to identify and analyze risks relevant to achieving predetermined objectives

Colossal Casualty Insurance Company decided to conduct an internal audit of the company's operations. As part of the internal audit, several fictitious claims were submitted to the claims department to see if the claims would be approved and paid m. Which one of the COSO components of internal control was examined by this internal audit test?

Control environment

Which one of the following data governance tools allows the data governance committee to look at data relationships and interdependencies across the organization?

Enterprise data models

All of the following are mechanisms to align manager and shareholder interests, EXCEPT

Expansion and growth

For an organization, a key performance indicator (KPI) measures the performance of a specific activity at a predetermined level or amount. Which one of the following is an example of a KRI based on a ratio?

Inventory turnover

Which one of the following types of risk is best handled at the risk center level?

Minor risks that do not have consequences outside the unit are best managed at the risk center level

Julian was having a conversation with Tania, one of his employees. At this point, Julian said, "What I hear you say is that you would like to take on more responsibility. Is that correct?" Which one of the following elements of active listening was Julian illustrating?

Response

Examples of Principles-Based Regulations include all of the following, EXCEPT

Restaurant employees must wash their hands every time they use the restroom

Before speaking with a group or individual, the speaker should think about what he or she wants the other person(s) to do as a result of the conversation. Which one of the following steps in the communication process does the speaker complete by doing this?

Set a clear communication objective

Which one of the following is a tool that can be used by fraud investigators to compare documents and analyze notes?

Text mining

Organizations are increasingly creating chief risk officer (CRO) positions. Which one of the following statements is correct with respect to CROs?

The CROs rank and importance to the board of directors are equal to those of the organizations other executive officers

Which one of the following statements is correct regarding the personal data and privacy positions of the European Union (EU) and the U.S.?

The EU has one all-encompassing data protection framework and the U.S. has several more targeted privacy laws

Which one of the following statements is correct regarding an organizations code of ethics?

The code of ethics should include principles and concepts that are dynamic enough to remain relevant in a rapidly changing business environment

The emerging technologies applied to risk assessment and control link the physical domain to the virtual domain. Together, these domains linked by the emerging technologies create a

connected ecosystem

The Auditing Standard No. 5 (AS 5) calls for a specific fraud assessment because

The failure to prevent or detect fraudulent misstatements is higher than the risk of failing to prevent or detect other types of errors

The auditing standard no. 5 calls for a specific fraud assessment because

The failure to prevent or detect fraudulent misstatements is higher than the risk of failing to prevent or detect other types of errors

Which one of the following statements is true regarding separation of ownership and control in corporations?

The incentive for managers and non-management board members to pursue their own interests at the expense of shareholders gives rise to agency costs

Which one of the following best explains how the role of the internal auditor changed with the passage of the Sarbanes-Oxley Act of 2002?

The internal auditor must adopt a stakeholder orientation by anticipating, monitoring, and assessing business and operational risk

Corporate governance is defined as

The mechanisms and procedures that determine how corporations are run

Which one of the following statements is true regarding the business process management (BPM) life cycle model?

The model is driven by the collaboration of human and technological input

Which one of the following best describes how the modern approach to internal auditing differs from the traditional approach?

The modern approach uses many systems-based techniques, determines activity based on the organization's business objectives, materiality of the risk and key threats to achieving business objectives rather than evaluating current controls

During the past year, International Toys has undertaken four capital projects. The company has renovated and refurbished one of its aging warehouse buildings. It has purchased the most recent version of its current order processing computer software. It has added two trucks to its fleet of delivery vehicles. Lastly, it has purchased a new production machine that will allow it to launch a new product line. Which one of the following company projects is the most speculative risk?

The new production machine

An independent auditor has been given the task of evaluating internal controls at Westside. The auditor has determined that Westside's board of directors has endorsed a framework requiring management to have documented internal reporting controls to ensure efficient operations, accuracy of financial statements, and compliance with regulations. The framework is applied at the entity and divisional levels, but not at the operating unit or functional levels. The program is new so it has not yet been monitored. The auditor is likely to report that

The selected method does not align with the Committee of Sponsoring Organizations of the Treadway Commission's (COSO) Internal Control - Integrated Framework because it must also be applied at the operating unit and functional levels and it must be monitored.

Some best practices models call for the formation of a risk committee with a risk management focus at the organization's executive management level. Which one of the following statements best describes one of the responsibilities of an executive-level risk committee?

To approve the organization's risk management strategies, including their design and implementation

Which of the following statements best describes the risk governance role and responsibility of a corporate board of directors?

To set the organizations risk appetite and to stay informed of the most significant risks to the organization and management's responses

Aligning risks with the organization's risk appetite defines

Tolerable uncertainty

An organization evaluates key stakeholders attitude toward risk in order to

Understand what risks are acceptable and to develop an effective enterprise-wide risk management program

An organization evaluates key stakeholders' attitude toward risk in order to

Understand what risks are acceptable and to develop an effective enterprise-wide risk management program

When interviewing a risk owner, which one of the following questions should be asked?

What steps have been taken to ensure continuity of business in the event of a natural disaster?

One example of a bonding cost, as it relates to separation of ownership and control in a corporation, is a manager's

Willingness to accept non-cash compensation that links the manager's compensation to the corporation's performance


Ensembles d'études connexes

Chapter 2: Exercise Pre-participation Health Screening

View Set

Goal Setting-How to Write a Smart Goal

View Set

Chapter 1, Chapter 5, Chapter 2, Chapter 4, Chapter 3

View Set