ARM 400 Practice Exams - all chapters!!!!
Business Process Management (BPM)
A systematic, iterative plan to analyze and improve business processes through life-cycle phases to achieve long-term goals and client satisfaction.
Which one of the following is true regarding internal audit involvement with enterprise risk management (ERM) efforts?
Internal audit is increasingly asked to evaluate organizational risks, including strategic, financial and hazard risks
A data governance committee (DGC)
Is cross-functional
Karen Williams, a retired chief financial officer of a bank, was invited to join the board of directors of ABC Property and Liability Insurance Company. She was asked to serve on the Audit Committee and the risk committee of the ABC board. Which of the following statements is true regarding Karen's service on the ABC board of directors?
The entire board of directors retains oversight responsibility over risks that are assigned to Karen's Audit Committee
Five steps of BPM Life Cycle
1) Design/redesign processes 2) Model scenarios 3) Execute process changes 4) Monitor results 5) Optimize processes
Which one of the following is a data governance committee (DGC) responsibility?
A data governance committee ensures there are few conflicts or redundancies in data standards and practices.
The fees paid to external auditors to verify the corporation's financial statements are an example of
A monitoring cost
The fees paid to external auditors to verify the corporations financial statements are an example of
A monitoring cost
Evidence based regulation
A regulatory approach that collects and uses objective performance data to set, evaluate, and improve policies
risk-based regulation
A risk management approach to allocating resources to address risks in a way that will achieve the greatest good
One advantage that a national organization would derive from creating risk centers is that it
Allows for participation by operational managers who may contribute to the risk analysis
Mathias Manufacturing suffered a major business disruption due to a fire at one of its locations. Management has set up a center of operations with the business intelligence information available to test various production scenarios. Mathias is in which one of the following stages of strategic redeployment planning?
Alternative marketing stage
Risk Tolerance
Amount of risk an organization is able to bear given its financial capacity
The importance of strong control environments with independent oversight have become increasingly important
As organizations become more complex
Which one of the following best describes why the Institute for Internal Auditors (IIA) has designed standards assessing the need for internal audit to evaluate the effectiveness of risk management?
Audits are conducted under diverse legal and cultural environments. Requiring an auditor to validate particular points ensures that auditors and their activities meet their responsibilities
To gain a competitive advantage, maintain profitability, and satisfy customers an organization must
Be able to trust its data.
In addition to metal detector, many airports have installed a second type of scanning technology for baggage and cargo. The checked bags and cargo pass through a portal with scanners programmed to detect and test for explosive trace fumes. These scanners, which detect explosives based on air samples, are an example of what type of sensor used for risk assessment and control?
Biochemical sensors
Which one of the following categories of agency costs is assumed by managers?
Bonding costs
It is necessary to define functions that should be performed by internal audit rather than the enterprise risk management (ERM) team because
Clarification of functions helps avoid redundancy and foster a strong working relationship
Management controls
Coordinate resource allocation, motivate performance, and measure outcomes — capital budgeting, expense variance reviews, balanced scorecards
Which one of the following plans calls for action before, during, and after catastrophes with a focus on saving lives, reducing property losses, and conserving resources during recovery?
Crisis management plan
Encouraging the expression of feelings as well as facts and following up with employees on the problems they report are two ways that managers and supervisors can
Cultivate two-way communication
Under the General Data Protection Regulation (GDPR), a data controller's role is to
Define how and for what purpose personal data should be processed
Internal data entry processes that capture accounting transactions, customer data or other operational transactions are called
Data capture
In terms of data governance, IT employees hold the role of
Data custodians
Key risk indicators (KRIs) can be established for various levels within an organization. Which one of the following levels of an organization usually has the most detailed KRIs?
Department level
Which one of the following is a basic process in any data security program?
Develop and enforce stronger password protocols.
Which one of the following best describes how internal audit supports enterprise risk management (ERM)?
ERM implements risk management activities and internal audit assesses the results
Which one of the following stages of a redeployment plan is designed to protect people, physical assets, and reputation?
Emergency stage
Which one of the following provides a measure of the maximum potential damage associated with an occurrence?
Exposure
T or F? Business process management is successfully completed when a process (or process improvement) is deemed to be a total success
False. Regardless of whether a process is a total success, the five-step BPM life cycle is not complete. In fact, one of the major benefits of the BPM life cycle is that it promotes continual improvement
An organization's goals and objectives are met by establishing and attaining measurable standards for the many activities it pursues. Which of the following statements is correct with respect to those standards?
For each key performance indicator (KPI), there is a tolerance level for how much deviation from the standard established in the KPI will be acceptable
The Federal Sentencing Guidelines require a senior manager to have responsibility for the organization's entire compliance program. The individual selected is typically from which one of the following functions of the organization?
Internal audit
A speaker imparts information in verbal communications by
Having good listening skills and expressing facts and emotions through words and sometimes visual displays
One of the strategic objectives for Cromley Insurance Group is customer satisfaction. Which one of the following is a critical success factor (CSF) that would help refine this strategic objective?
High customer retention
Which one of the following should be part of an organization's standard operating procedures (SOPs) concerning external stakeholder communications?
Instructions regarding what types of information can and cannot be released
The fundamental purpose of a risk management framework is to
Integrate risk management throughout the organization
Sims Cinnamon Rolls and Donuts creates confectionery masterpieces for business conventions. Knowing how much a warm cinnamon roll or fresh donut means to a conventioneer just arriving from out of town, Sims' decides to implement a standard that 100% of its orders be delivered 60 minutes before the start of each convention. This is an example of which of the following kinds of compliance requirements?
Internal and voluntary
A risk-based auditing approach is deemed to be a top-down approach because
It involves identifying and analyzing material risks to the achievement of the organization's objectives and then determining how the risks should be managed
Which one of the following best describes if it is within the scope of duties for an internal auditor to assist the company's enterprise risk management (ERM) program?
It is within the scope. Assisting with the management of key risks, including effectiveness of controls lend support to the ERM program
Which one of the following answers the question, "What shows we are a success?"
Key performance indicator
Which one of the following measures the progress an organization has made toward attaining it's goals within a specific amount of time?
Key performance indicator
An organization must meet the standard of care that it owes to others in order to ensure that
Legal obligations are satisfied
As a market force to help align manager and shareholder interests, takeover threats are
Less likely now than in the past because of statutory changes
Which one of the following uses infrared light to detect nearby objects?
Lidar
Mid-State Packing Company, a meat processing company, is the largest private sector employer in Metro City. First National Bank of Metro City loans money to Mid-State Packaging Company and to many of the employees of Mid-State. The problem with First National Bank of Metro City loaning money to both the business and many employees of the business is that
Loan defaults are likely to be highly correlated
An auditor identifies risks under the risk-based approach by
Looking at each objective and it's controls identifying risks by asking, "What might go wrong?"
The managers and executives at Oakes Corporation feel pressure to improve quarterly financial results because they have become the laughingstock of their competitive niche. They wish to change this and restore the excellent light in which competitors once viewed them. Such concerns of the past of Oakes leadership reflect concern for
Management reputation
Which one of the following statements about standards - risk management, Solvency II, and Basel II and III - is true?
Many risk management standards, such as ISO 31000, are voluntary
Which one of the following statements regarding the structure and role of a board of directors is true?
Members of the board elect a director to be chairman of the board
Which one of the following provides the frame of reference needed so data can be used appropriately for analysis and decision-making?
Metadata
One of the categories of agency costs associated with managing the relationship between management and shareholders is
Monitoring costs
There are four major objectives of a compliance program. Which one of the following would not be considered an objective?
Notifying the United States Sentencing Commission of all reported incidents
While corporate governance is concerned with separating ownership and control, it is also concerned with separating control from
Oversight
One of the key department players in compliance program implementation is Internal Audit. As such, the main responsibility of Internal Audit involves which of the following?
Oversight of financial compliance
SIR's use of drones, video, real-term video scanning, and computer analysis illustrates which one of the following?
Preventative analytics
Which one of the following statements is true with regard to preventative analytics?
Preventative analytics uses smart products and data analytics to identify root loss causes and their implications.
Rules based or principles based: Corporations must fairly and accurately report on the financial condition of the firm to all stakeholders
Principles based
Rules based or principles based: Restaurant managers must ensure that employees maintain high standards of hygiene
Principles based
When comparing principles-based regulation with rules-based regulation, which one of the following statements is correct?
Principles-based regulation responds more quickly to a changing environment
An organization has established a key performance indicator to "reduce employee injuries by 6%." Which one of the following would indicate a low risk tolerance for this KPI?
Reduce employee injuries by 5 to 6%
Which one of the following risk management objectives is critical for a manufacturer seeking new capital from investors, stockholders, and creditors?
Reduce the deterrent effects of hazard risks
Preventative controls assist the overall control environment of an organization by
Reducing risk of unauthorized actions
Which one of the following is an example of a compliance requirement that is internal and mandatory?
Requiring all employees working in the foundry to wear hearing protection
Which one of the following terms refers to information used as a basis for measuring the significance of a risk?
Risk criteria
In accordance with the Three Lines of Defense Model, how does risk management act as the second line of defense?
Risk management supports and monitors operational management's implementation of risk management practices
Which one of the following best describes how internal audit compliments a risk management initiative?
Risk managers identify, assess and prioritize risks. Internal audit develops a risk-based auditing plan that addresses material risks to an organization
Mechanisms that can be used to align a corporations managerial and shareholders interests include all of the following, EXCEPT
Risk-averse behavior
Be-Ne-Lux Insurance is an insurer operating in Belgium, the Netherlands, and Luxembourg. Be-Ne-Lux is subject to the Solvency II standards. Company managers believed the company was adequately financed, however it was determined that the company did not have adequate assets based on the uncertainty of its operating performance. The standard that Be-Ne-Lux failed to meet is
Risk-based capital
Rules based or principles based: Senior management must sign a corporation's financial statements to certify that they are a fair and accurate depiction of the financial condition of the firm
Riules based
Rules based or principles based: Restaurant employees must wash their hands every they use the restroom
Rules based
Though various parties incur costs in monitoring corporate decision-makers, most monitoring costs are shouldered by which one of the following?
Shareholders
Twice a year, Medford Factory gives employees a day off to work in the community where the factory is located. The employees prepare and serve a holiday meal for members of the community, and they clean the neighborhood park in the spring. This practice is based on Medford Factory's
Social responsibility
As a category of agency costs, bonding costs include
Stock options and restricted stock
Key risk indicators (KRIs) help organizations identify issues that can lead to losses. Effective KRIs are based on a company's
Strategic objectives
Ensuring quality data requires a
Systematic and purpose-driven review process
Regarding diversifiable and nondiversifiable risk, which one of the following statements is accurate?
Systemic risks are generally nondiversifiable.
Humongous Corporation has announced that it seeks strategic growth through acquisition. It is carefully eyeing a smaller company, Tiny Corporation. Tiny Corporation is aware of such scrutiny and interest. Within Tiny Corporation, a market force that can help align interests of its corporate decision makers and shareholders is which one of the following?
Takeover threats
Which one of the following best describes an effective way to construct internal controls?
The controls should be linear and create checks and balances
According to the law of large numbers, as the number of exposure units insured increases,
The relative accuracy of predictions about future losses increases
The focus of risk quadrants is different from the focus of risk classifications in general. While the classifications of risk focus on some aspect of the risk itself, the four quadrants of risk focus on
The source of risk and who has traditionally managed it
Which one of the following is a main characteristic of effective key risk indicators (KRIs)?
They are based on quantifiable information
All of the following are true regarding the Federal Sentencing Guidelines, EXCEPT
They are mandatory
Which one of the following best describes why many purchasers require an ISO 9001 certification prior to buying a business?
To ensure that internal standards and controls are in place
A KPI answers the question
What shows that we are a success
A CSF answers the question
What will make our organization a success
Which one of the following is an example of a data governance tool?
external policy
Which one of the following defines the duties of a data steward?
A data steward is an experienced business analyst
The data quality principle of reasonability refers to
The materiality or relevance of data
Which one of the following statements is true regarding the roles of a risk champion and a chief risk officer?
A chief risk officer is more likely to have a dedicated staff to assist with the responsibilities of his or her job.
The service representatives for Tauton Insurance will be eligible for a bonus only if the customer retention rate is increased by 5%. This is an example of which of the following standards?
A corrective measure linked with an identified tolerance level
Which one of the following is a data governance committee (DGC) responsibility?
A data governance committee ensures there are few conflicts or redundancies in data standards and practices
Which one of the following organizational policies or practices is based on a code of ethics?
A disclosure requirement regarding any potential conflict of interest an accountant might have in working with specific clients
Carbon manufacturing company just hired a new chief risk officer and one of his first tasks was to recommend updated key risk indicators to the chief executive officer. The CEO was especially interested in KRIs measuring the company's profitability. One area of measurement that the new CRO might want to use is
Aged accounts receivable
Many banks are using technology to search for and detect cyber-security threats locally and in the cloud. This application of technology, in which machines learn from humans, illustrates the use of
Artificial intelligence
One internal control integrated framework consists of five essential components: the control environment, risk assessment, control activities, information and communication, and monitoring activities. When these components are applied across the organization, they create a "cube." This framework is the
Committee of Sponsoring Organizations of the Treadway Commission's (COSO's) framework
COSO's Internal Control - Integrated Framework provides
Common standards designed to increase effectiveness and efficiency of operations and reliability of financial reporting while ensuring compliance with applicable laws and regulations
The Committee of Sponsoring Organizations of the Treadway Commission (COSO) describes internal control as consisting of five essential components, one of which is risk assessment. This component
Considers management's efforts to identify and analyze risks relevant to achieving predetermined objectives
Colossal Casualty Insurance Company decided to conduct an internal audit of the company's operations. As part of the internal audit, several fictitious claims were submitted to the claims department to see if the claims would be approved and paid m. Which one of the COSO components of internal control was examined by this internal audit test?
Control environment
Which one of the following data governance tools allows the data governance committee to look at data relationships and interdependencies across the organization?
Enterprise data models
All of the following are mechanisms to align manager and shareholder interests, EXCEPT
Expansion and growth
For an organization, a key performance indicator (KPI) measures the performance of a specific activity at a predetermined level or amount. Which one of the following is an example of a KRI based on a ratio?
Inventory turnover
Which one of the following types of risk is best handled at the risk center level?
Minor risks that do not have consequences outside the unit are best managed at the risk center level
Julian was having a conversation with Tania, one of his employees. At this point, Julian said, "What I hear you say is that you would like to take on more responsibility. Is that correct?" Which one of the following elements of active listening was Julian illustrating?
Response
Examples of Principles-Based Regulations include all of the following, EXCEPT
Restaurant employees must wash their hands every time they use the restroom
Before speaking with a group or individual, the speaker should think about what he or she wants the other person(s) to do as a result of the conversation. Which one of the following steps in the communication process does the speaker complete by doing this?
Set a clear communication objective
Which one of the following is a tool that can be used by fraud investigators to compare documents and analyze notes?
Text mining
Organizations are increasingly creating chief risk officer (CRO) positions. Which one of the following statements is correct with respect to CROs?
The CROs rank and importance to the board of directors are equal to those of the organizations other executive officers
Which one of the following statements is correct regarding the personal data and privacy positions of the European Union (EU) and the U.S.?
The EU has one all-encompassing data protection framework and the U.S. has several more targeted privacy laws
Which one of the following statements is correct regarding an organizations code of ethics?
The code of ethics should include principles and concepts that are dynamic enough to remain relevant in a rapidly changing business environment
The emerging technologies applied to risk assessment and control link the physical domain to the virtual domain. Together, these domains linked by the emerging technologies create a
connected ecosystem
The Auditing Standard No. 5 (AS 5) calls for a specific fraud assessment because
The failure to prevent or detect fraudulent misstatements is higher than the risk of failing to prevent or detect other types of errors
The auditing standard no. 5 calls for a specific fraud assessment because
The failure to prevent or detect fraudulent misstatements is higher than the risk of failing to prevent or detect other types of errors
Which one of the following statements is true regarding separation of ownership and control in corporations?
The incentive for managers and non-management board members to pursue their own interests at the expense of shareholders gives rise to agency costs
Which one of the following best explains how the role of the internal auditor changed with the passage of the Sarbanes-Oxley Act of 2002?
The internal auditor must adopt a stakeholder orientation by anticipating, monitoring, and assessing business and operational risk
Corporate governance is defined as
The mechanisms and procedures that determine how corporations are run
Which one of the following statements is true regarding the business process management (BPM) life cycle model?
The model is driven by the collaboration of human and technological input
Which one of the following best describes how the modern approach to internal auditing differs from the traditional approach?
The modern approach uses many systems-based techniques, determines activity based on the organization's business objectives, materiality of the risk and key threats to achieving business objectives rather than evaluating current controls
During the past year, International Toys has undertaken four capital projects. The company has renovated and refurbished one of its aging warehouse buildings. It has purchased the most recent version of its current order processing computer software. It has added two trucks to its fleet of delivery vehicles. Lastly, it has purchased a new production machine that will allow it to launch a new product line. Which one of the following company projects is the most speculative risk?
The new production machine
An independent auditor has been given the task of evaluating internal controls at Westside. The auditor has determined that Westside's board of directors has endorsed a framework requiring management to have documented internal reporting controls to ensure efficient operations, accuracy of financial statements, and compliance with regulations. The framework is applied at the entity and divisional levels, but not at the operating unit or functional levels. The program is new so it has not yet been monitored. The auditor is likely to report that
The selected method does not align with the Committee of Sponsoring Organizations of the Treadway Commission's (COSO) Internal Control - Integrated Framework because it must also be applied at the operating unit and functional levels and it must be monitored.
Some best practices models call for the formation of a risk committee with a risk management focus at the organization's executive management level. Which one of the following statements best describes one of the responsibilities of an executive-level risk committee?
To approve the organization's risk management strategies, including their design and implementation
Which of the following statements best describes the risk governance role and responsibility of a corporate board of directors?
To set the organizations risk appetite and to stay informed of the most significant risks to the organization and management's responses
Aligning risks with the organization's risk appetite defines
Tolerable uncertainty
An organization evaluates key stakeholders attitude toward risk in order to
Understand what risks are acceptable and to develop an effective enterprise-wide risk management program
An organization evaluates key stakeholders' attitude toward risk in order to
Understand what risks are acceptable and to develop an effective enterprise-wide risk management program
When interviewing a risk owner, which one of the following questions should be asked?
What steps have been taken to ensure continuity of business in the event of a natural disaster?
One example of a bonding cost, as it relates to separation of ownership and control in a corporation, is a manager's
Willingness to accept non-cash compensation that links the manager's compensation to the corporation's performance