Gleim test one

An internal audit manager requested information detailing the amount and type of training that the IT department's staff received during the last year. According to COSO, the training records would provide documentation for which of the following principles?A.Exercising oversight of the development and performance of internal control.B.Developing general control activities over technology to support the achievement of objectives.C.Demonstrating a commitment to retain competent individuals in alignment with objectives.D.Holding individuals responsible for their internal control responsibilities in the pursuit of objectives.

Answer (C) is correct.A principle related to the control environment component of the COSO internal control framework is the organization demonstrates a commitment to attract, develop, and retain competent individuals in alignment with objectives. Methods of demonstrating this commitment include training records. Therefore, training records provide documentation that an organization complies with this principle.

According to COSO, a risk profile is a view of the relationship betweenA.Risk capacity and risk appetite.B.Inherent risk and target residual risk.C.Risk and performance.D.Tolerance and risk appetite.

Answer (C) is correct.A risk profile is a composite view of (1) the types, severity, and interdependencies of risks related to a specific strategy or business objective and (2) their effect on performance.

A chemical company was revealed to be involved in the illegal disposal of chemical waste after its private information was stolen in a cyber attack. Which of the following threat actors is most likely behind the cyber attack?A.Hacktivists.B.Company insiders.C.Organized criminals.D.Nation-states and spies.

.Answer (A) is correct.Hacktivists fulfill social or political purposes using the private information of an entity. Stealing and revealing information about the illegal act of a chemical company that is causing environmental damage is likely to be for social or political purposes

Which of the following most likely would not be considered an inherent limitation of the potential effectiveness of an entity's internal control?A.Incompatible duties.B.Faulty judgment.C.Management override.D.Collusion among employees.

.Answer (A) is correct.Internal control has inherent limitations. The performance of incompatible duties, however, is a failure to assign different people the functions of authorization, recording, and asset custody, not an inherent limitation of internal control. Segregation of duties is a category of control activities

Which of the following statements about internal control is correct?A.The establishment and maintenance of internal control are important responsibilities of the internal auditor.B.The cost-benefit relationship is a primary criterion that should be considered in designing internal control.C.Exceptionally effective internal control is enough for the auditor to eliminate substantive procedures on a significant account balance.D.Internal control should provide reasonable assurance that collusion among employees cannot occur.

.Answer (B) is correct.Internal control reflects the quantitative and qualitative estimates and judgments of management in evaluating the cost-benefit relationship. The cost of internal control should not exceed its benefits. Although the cost-benefit relationship is a primary criterion in designing controls, precise measurement of costs and benefits is usually impossible

Which of the following is not a political risk of investing in a foreign country?A.Rebellions could result in destruction of property.B.A foreign customer might default on its debtC.Foreign-exchange controls could limit the repatriation of profits.D.Assets could be expropriated.

.Answer (B) is correct.Political risks include (1) the threat of expropriation of the firm's assets, (2) destruction of assets in rebellions in third-world nations, and (3) limitations on the repatriation of profits (or even initial investments). Default by a foreign customer is not a political risk, but a risk of doing business either locally or internationally.

The performance component of the COSO ERM framework addresses an entity'sA.Ability to leverage technology.B.Risk identification, assessment, and prioritization methodsC.Performance targets and tolerances.D.Performance results and consideration of risks.

.Answer (B) is correct.The performance component addresses (1) risk identification, assessment, and prioritization; (2) risk responses; and (3) the development of a portfolio view of risk.

Which of the following represents an example of an inherent limitation of internal controls?A.Customer credit checks are not performed.B.Shipping documents are not matched to sales invoices.C.The CEO can override a control and request a check with no purchase orderD.Bank reconciliations are not performed on a timely basis.

.Answer (C) is correct.Inherent limitations may exist and should be considered by the auditor. Human judgment can be faulty, controls can be circumvented by collusion, and management may inappropriately override controls. Thus, the CEO's requesting a check with no purchase order is possible because of an inherent limitation. It is an override of the internal control by management.

Which of the following members of an organization has ultimate ownership responsibility of enterprise risk management (ERM), provides leadership and direction to senior managers, and monitors the entity's overall risk activities in relation to its risk appetite?A.Chief executive officer.B.Internal auditors.C.Chief financial officer.D.Chief risk officer.

Answer (A) is correct.The chief executive officer (CEO) sets the tone at the top of the organization and has ultimate responsibility for ownership of the ERM. The CEO will influence the composition and conduct of the board, provide leadership and direction to senior managers, and monitor the entity's overall risk activities in relation to its risk appetite. If any problems arise with the organization's risk appetite, the CEO will also take any measures to adjust the alignment to better suit the organization.

From the viewpoint of the investor, which of the following securities provides the least risk?A.Subordinated debenture.B.Mortgage bond..C.Income bond.D.Debentures.

Answer (B) is correct.A mortgage bond is secured with specific fixed assets, usually real property. Thus, under the rights enumerated in the bond indenture, creditors will be able to receive payments from liquidation of the property in case of default. In a bankruptcy proceeding, these amounts are paid before any transfers are made to other creditors. Hence, mortgage bonds are less risky than the others listed

Company management completes event identification and assesses the severity of risk. Management then acts to alter the severity of risk. According to COSO, which of the following types of risk does this situation represent?A.Inherent risk.B.Actual residual risk.C.Event risk.D.Detection risk.

Answer (B) is correct.Actual residual risk is the risk that remains after management acts to alter its severity. It should not exceed target residual risk.

Which of the following statements about internal control is true?A.The establishment and maintenance of internal control are important responsibilities of the internal auditor.B.A limitation of internal control is that management makes judgments about the extent of controls it implements.C.Properly maintained internal control reasonably ensures that collusion among employees cannot occur.D.Exceptionally effective internal control is enough for the auditor to eliminate substantive procedures on a significant account balance.

Answer (B) is correct.Because of inherent limitations, internal control, no matter how effective, can provide only reasonable assurance about achieving the entity's objectives. For example, when management designs and implements controls, it makes judgments about the nature and extent of (1) controls it implements and (2) the risks it assumes (AU-C 315).

Which of the following is not a performance result that indicates deviation from a target or tolerance?A.Improperly assessed risks.B.Operational disruption risk.C.Unidentified cyber risks.D.Opportunities to accept more risk.

Answer (B) is correct.Cyber risk refers to the risk of financial loss, operational disruption, and reputational damage from the failure of digital technology. Performance results that deviate from a target or tolerance may indicate (1) unidentified cyber risks, (2) improperly assessed risks, (3) new risks, (4) opportunities to accept more risk, and (5) the need to revise a target performance or tolerance.

An investment manager has been asked to prepare an analysis to show the difference between the interest rates on U.S. Treasury bonds and corporate bonds of equal maturity and marketability. What type of interest rate premium is being analyzed? A.Inflation premium.B.Default risk premium.C.Liquidity premium.D.Maturity premium.

Answer (B) is correct.Default risk is the risk that the borrower will default and not be able to repay principal or interest. This risk may be determined by the borrower's industry, products, customer loyalty, operation of business, or degree of leverage, etc. Since the borrower of U.S. Treasury bonds and the borrower of corporate bonds are different, the difference in interest rates is mainly due to default risk premium.

According to the COSO, benefits of effective enterprise risk management include each of the following exceptA.Improving resource deployment.B.Decreasing inherent risk appetite.C.Increasing the range of opportunities.D.Enhancing enterprise resilience.

Answer (B) is correct.Effective enterprise risk management can increase the range of opportunities, identify and manage risk entity-wide, increase positive outcomes and advantages while reducing negative surprises, reduce performance variability, improve resource deployment, and enhance enterprise resilience. However, risk appetite consists of the amount and types of risk the organization is willing to accept in pursuit of value. Each organization considers its mission, vision, culture, prior strategies, and risk capacity to set its risk appetite. Decreasing inherent risk appetite is therefore not a benefit of effective enterprise risk management.

A firm has adopted ERM practices and has begun to establish operating structures for day-to-day operations. This activity is consistent with a principle of which component of ERM?A.Information, communication, and reporting.B.Governance and culture..C.Strategy and objective-setting.D.Review and revision.

Answer (B) is correct.Establishing operating structures is one of five principles related to the governance and culture component of ERM. These structures describe how the entity is organized and carries out its day-to-day operations. They generally align with the entity's legal structure and management structure

According to COSO, the proper tone at the top helps a company to do each of the following, exceptA.Navigate gray areas where no specific compliance rules or guidelines exist.B.Adhere to fiscal budgets and goals as outlined by the internal audit committee and board of directors.C.Promote a willingness to seek assistance and report problems before it is too late for corrective action.D.Create a compliance-supporting culture that is committed to enterprise risk management.

Answer (B) is correct.Through words and actions, those at the top (the board of directors and management) communicate their attitudes toward integrity and ethical values. Tone at the top does not help a company adhere to fiscal budgets and goals as outlined by the internal audit committee and board of directors. Adherence to the budget is more closely linked to control activities.

One type of risk to which investment securities are subject can be offset through portfolio diversification. This type of risk is referred to asA.Liquidity risk.B.Company unique risk.C.Undiversifiable risk.D.Market risk.

Answer (B) is correct.Unsystematic risk, also called company or diversifiable risk, is the risk inherent in a particular investment security. Because individual securities are affected by the particular strengths and weaknesses of the issuer, this risk can be offset through portfolio diversification.

When choosing a communication channel to manage cyber risks, which of the following is not a factor considered?A.Nature.B.Cost.C.Sensitivity.D.Urgency.

Answer (B) is correct.While the cost of a communication channel is a constraint to choosing the channel, it is generally not a determinant factor.

Which of the following is not a principle related to the review and revision component of the COSO ERM framework?A.The organization reviews entity performance results and considers risk.B.The organization pursues improvement of ERM.C.The organization develops and evaluates its portfolio view of risk.D.The organization identifies and assesses changes that may substantially affect strategy and business objectives.

Answer (C) is correct."The organization develops and evaluates its portfolio view of risk" is one of the five principles related to the performance component of the COSO ERM framework. The three principles related to the review and revision component of the COSO ERM framework are the organization (1) identifies and assesses changes that may substantially affect strategy and business objectives, (2) reviews entity performance results and considers risk, and (3) pursues improvement of ERM.

A manufacturer actively monitors a foreign country's political events whenever a supply chain disruption occurs within the country that exceeds 90 days. According to the COSO Enterprise Risk Management principles, the manufacturer is following which of the following risk-response strategies?A.Reduce.B.Avoid.C.Accept.Answer (C) is correct.Acceptance is a risk response in which no action is taken to alter the severity of the risk. The manufacturer actively monitors the foreign country's political events while taking no action to alleviate the effects of them. Therefore, the company is following an acceptance strategy.D.Share.

Answer (C) is correct.Acceptance is a risk response in which no action is taken to alter the severity of the risk. The manufacturer actively monitors the foreign country's political events while taking no action to alleviate the effects of them. Therefore, the company is following an acceptance strategy.

Even though a company implements an enterprise risk management program, it still is likely to have risk. This risk is consideredA.Uninsurable risks.B.Tolerable risks.C.Actual residual risks.D.Inherent risks.

Answer (C) is correct.Actual residual risk is the risk that remains after management has taken actions to alter the original (inherent) risk. By implementing an enterprise risk management program, management has taken action to alter the inherent risk. The risk that remains after the program's implementation is residual risk.

Which of the following factors most likely would heighten an auditor's concern about the risk of fraudulent external financial reporting?A.Financial management's participation in the initial selection of accounting principles.B.Low growth and profitability as compared with other entities in the same industry.C.An overly complex organizational structure involving unusual lines of authority.D.Large amounts of liquid assets that are easily convertible into cash.

Answer (C) is correct.Certain risk factors are related to misstatements arising from fraudulent external financial reporting. One of the risk factors relating to the opportunity to commit fraud is an overly complex organizational structure involving numerous or unusual legal entities or managerial lines of authority.

According to the COSO ERM framework, the characteristic of risk that reflects its nature and scope isA.Persistence.B.Severity.C.Complexity.D.Velocity.

Answer (C) is correct.Complexity is the nature and scope of a risk. Interdependence of risks ordinarily increases their complexity.

A company implements an enterprise resource planning application to help improve its financial and operational reporting while gaining other efficiencies related to sales and inventory management. For the implementation, the company hires an individual specializing in preparing the company for the changes through documenting new policies and procedures and developing new training. This is an example ofA.An economic event.B.Segregation of duties.C.Change management.Answer (C) is correct.Hiring a specialized individual to help with the transition into a new enterprise resource planning application is a way to help manage the change. Thus, this is an example of change management.D.A social event.

Answer (C) is correct.Hiring a specialized individual to help with the transition into a new enterprise resource planning application is a way to help manage the change. Thus, this is an example of change management.

A retail company is developing a cyber risk management program. In analyzing its business context, which of the following IT-related factors should be considered?A.Incidents of system failures in the previous year.B.The need for developing a new transaction system.C.Competence of employees to handle current needs.D.The capacity of the systems and the need for expansion.

Answer (D) is correct.In a cyber risk management program, the organization must analyze the business context and its effects on the risk profile. This involves analyzing the IT-related factors that influence the organization's strategy and business objectives, both in the present and future. The current capacity of the system as well as the need to expand such capacity to satisfy future needs should be taken into account.

Limitations of ERM may arise from all of the following exceptA.Collusion.B.Faulty human judgment.C.Cost-benefit considerations.D.Failure to achieve objectives.

Answer (D) is correct.Limitations of ERM arise from the possibility of (1) faulty human judgment, (2) cost-benefit considerations, (3) simple errors or mistakes, (4) collusion, and (5) management override of ERM decisions. The failure to achieve objectives is a risk of poor enterprise risk management.

Mat Co. estimated its materials handling costs at two activity levels as follows:Kilos HandledCost80,000$160,00060,000132,000What is Mat's estimated cost for handling 75,000 kilos?A.$165,000B.$150,000C.$157,500D.$153,000

Answer (D) is correct.The high-low method estimates variable cost by dividing the difference in costs incurred at the highest and lowest observed levels of activity by the difference in activity. Once the variable cost is found, the fixed portion is determinable. Hence, unit variable handling cost is $1.40 [($160,000 - $132,000) ÷ (80,000 kilos - 60,000 kilos)], the fixed cost is $48,000 [$132,000 - (60,000 kilos × $1.40)], and the cost of handling 75,000 kilos is $153,000 [$48,000 + (75,000 kilos × $1.40)].

Which of the following is a true statement regarding the management working group in an enterprise risk management (ERM) program?A.The management working group directly measures the performance of staff in carrying out the ERM initiatives.B.The management working group should have in-depth knowledge of the organization's overall objectives and strategies.C.The management working group primarily consists of middle and front-line managers.D.The management working group supports the risk management leader across the whole organization.

Answer (D) is correct.The management working group consists of management from different levels and supports the risk management leader across the whole organization. Responsibilities of the group include building the ERM program, defining criteria for performance measurement, and establishing processes for reporting.

Which component of the COSO ERM framework involves assigning value to information, technology, and systems?A.Governance and culture.B.Information, communication, and reporting.C.Review and revision.D.Performance.

Answer (D) is correct.The performance component relates to cyber risk management practices that support the organization's decisions in pursuit of value. The practices consist of identifying, assessing, prioritizing, responding to, and developing a portfolio view of cyber risks. When identifying cyber risks, the organization should identify what information, technology, and systems are valuable to the achievement of strategies and business objectives.

A company's new time clock process requires hourly employees to select an identification number and then choose the clock-in or clock-out button. A video camera captures an image of the employee using the system. Which of the following exposures can the new system be expected to change the least?A.Inaccurate accounting of employees' hours.B.Fraudulent reporting of employees' own hours.C.Recording of other employees' hours.D.Errors in employees' overtime computation.

Answer (D) is correct.This internal control process is responsible for verifying that the correct employee enters the proper amount of time (s)he worked. This function is not responsible for applying pay rates to the amount of hours worked and therefore would not change any errors in overtime computations.

A senior executive of an international organization who wishes to demonstrate the importance of the security of company information to all team members shouldA.Review and accept the information security risk assessments in a staff meeting.B.Allocate additional budget resources for external audit services.C.Refer to the organization's U.S. human resources policies on privacy in a company newsletter.D.Visibly participate in a global information security campaign.

Answer (D) is correct.Through words and actions, management communicates its attitude toward integrity and ethical values. In this way, management sets the tone at the top. By visibly participating in a global information security campaign, management's commitment to the security of company information is evident to all team members.

Which of the following is an inherent limitation of internal control?A.Employee peer review.B.Segregation of duties.C.Judgmental sampling.D.Collusion.

Answer (D) is correct.Two or more people may collude, or management may override internal control.

The function of the chief risk officer (CRO) is most effective when the CROA.Monitors risk as the risk management leader.B.Shares the management of risk with line management.C.Shares the management of risk with the chief audit executive.D.Manages risk as a member of senior management.

Answer (A) is correct.A CRO is a member of management assigned primary responsibility for enterprise risk management processes. The CRO is most effective when supported by a specific team with the necessary expertise and experience related to organization-wide risk. The CRO should have in-depth knowledge of the organization's overall strategic objectives and be delegated appropriate authority and allocated appropriate resources.

The business process includes which business activities?A.Operating processes.B.Corporate strategy.C.Internal control.D.The business model.

Answer (A) is correct.A business process is a set of related activities and tasks combined to achieve a desired outcome. Typically, it is a series of tasks that culminate in a product, service, or business goal. Business processes consist of the following business activities: (1) operating processes, (2) projects, and (3) management and support processes. Operating processes are the activities related to the business's core objectives. For service companies, operating processes are the activities that provide services to satisfy customers' needs. For manufacturing companies, operating processes are the activities that produce and sell products to customers.

According to COSO, the component of enterprise risk management (ERM) that best relates to continuous improvement isA.Review and revision.B.Information, communication, and reporting.C.Strategy and objective-setting.D.Monitoring.

Answer (A) is correct.A principle related to the review and revision component states that the organization must continually improve ERM at all levels even if actual performance aligns with target performance or tolerance.

The policies and procedures helping to ensure that management directives are executed and actions are taken to address risks to achievement of objectives are best described asA.Control activities.B.Monitoring activities.C.Risk assessments.D.Control environments.

Answer (A) is correct.The COSO model for internal control describes control activities as the policies and procedures helping to ensure that management directives are executed and actions are taken to address risks to achievement of objectives.

There are two staff members in the purchasing department of Mayflower Manufacturing Co., each of whom is authorized to prepare, authorize, and issue inventory purchase orders up to $3,000. However, no one is assigned to review purchase orders before they are sent to vendors. Which of the following best matches a resulting risk to a control activity designed to mitigate that risk?A.Risk of inventory shortages - a payables clerk matches invoices to purchase orders and receiving reports before amounts are paid.B.Risk of inventory obsolescence - a controller reviews exception reports of all inventory purchases with a price more than 10% above current average costing.C.Risk of inventory valuation errors - an inventory receiving clerk evaluates, documents, and reports to management unusual inventory movement.D.Risk of inventory valuation errors - an inventory clerk documents and tracks all inventory levels.

Answer (A) is correct.A risk of inventory shortages may result from diverted shipments (i.e., shipping inventory to an impermissible address), which can be mitigated by a control that requires invoices to be matched to receiving reports prepared by the receiving department.

A U.S. company currently has domestic operations only. It is considering an equal-size investment in either Canada or Britain. The data on expected rate of return and the risk associated with each of these proposed investments are given below.Proposed InvestmentExpected Rate of ReturnStandard DeviationBritish Investment22%10%Canadian Investment28%15%The expected rate of return on the company's current, domestic only, business is 20% with a standard deviation of 15%. Using the above data and the correlation coefficients, the company calculated the following portfolio risk and return (based on a ratio of 50% U.S. domestic operations and 50% international operations).Proposed InvestmentExpected Rate of ReturnStandard DeviationU.S. and Britain21%3%U.S. and Canada24%15%The company plans to select the optimal combination of countries based on risk and return for the domestic and international investments taken together. Because the company is new to the international business environment, it is relatively risk averse. Based on the above data, which one of the following alternatives provides the best risk-adjusted return to the firm?A.Undertake the British investment.B.Do not undertake either investment.C.Unable to determine based on data given.D.Undertake the Canadian investment.

Answer (A) is correct.A risk-averse company will select the investment with the lower risk per unit of return. Thus, by choosing to invest in Britain, the risk per unit of return is the lowest of all the options mentioned, and it is equal to 0.1428 = 3% ÷ 21%.

Fraud management programsA.Have tangible and intangible components.B.Conclude by responding to frauds.C.Reduce the likelihood of misstatements, omissions, or errors.D.Involve only senior management of a business.

Answer (A) is correct.An effective fraud management program includes tangible (e.g., company ethics policies and procedures) and intangible (e.g., fraud awareness) components.

When the risk identified involves a high probability of the occurrence of an adverse event and a low magnitude of loss, the businessA.Should develop action plans to lower the likelihood of loss.B.Should develop action plans to manage the risk event if it occurs.C.May ignore the risk.D.Must develop action plans to constantly monitor, assess, and manage the risk.

Answer (A) is correct.Businesses can function in the presence of risks with low significance and a high probability of an adverse event. But action plans should be developed to lower the chances that an adverse event will occur.

Beginning January 2, Year 1, a company deposited $50,000 in a savings account for 2 years. The account earns 10% interest, compounded annually. What amount of interest did the company earn during the 2-year period?A.$10,500B.$5,000C.$5,500D.$10,000

Answer (A) is correct.Compounding interest is the practice of adding interest to the carrying amount of the principal rather than paying it in cash. The amount of interest earned in Year 1 ($50,000 × 10% = $5,000) was added to the principal, which was then used to calculate the amount of interest earned in Year 2 [($50,000 + $5,000) × 10% = $5,500]. The total amount of interest earned during the 2-year period was thus $10,500 ($5,000 Year 1 + $5,500 Year 2). This amount also can be calculated as follows: [($50,000 × 1.1 × 1.1) - $50,000].

Which of the following control policies or procedures would be the least effective in mitigating the risk of inventory misappropriation?A.Periodic physical counts of inventory will be performed by the payroll clerk.B.The person responsible for maintaining custody of inventory has no other responsibilities.C.Different personnel will be responsible for recording and approving inventory transactions.D.Inventory records will be reconciled monthly.

Answer (A) is correct.Controls should be executed by persons with appropriate skills and experience. Although performing periodic physical counts of inventory is an effective control to mitigate inventory misappropriation, a payroll clerk will generally not possess the appropriate skills and experience to execute this control.

Which of the following is most useful when risk is being prioritized?A.Expected value.B.Low- and high-degree loss exposures.C.Uncontrollable risks.D.Low- and high-probability exposures.

Answer (A) is correct.Expected value is the predicted value for a given investment. Expected value is derived by multiplying each possible outcome by the likelihood that each outcome will occur and summing the results. Through this analysis, investors can choose the scenario that is most likely to give them their desired outcome.

An adequate system of internal controls is most likely to detect a fraud perpetrated by aA.Single employee.B.Group of employees in collusion.C.Group of managers in collusion.D.Single manager.

Answer (A) is correct.Segregation of duties and other control processes serve to prevent or detect a fraud committed by an employee acting alone. One employee may not have the ability to engage in wrongdoing or may be subject to detection by other employees in the course of performing their assigned duties. However, collusion may circumvent controls. For example, comparison of recorded accountability for assets with the assets known to be held may fail to detect fraud if persons having custody of assets collude with record keepers.

Which of the following risk responses is not effective in managing cyber risks?A.Risk avoidance.B.Risk sharing.C.Risk reduction.D.Risk acceptance.

Answer (A) is correct.Since the business context of an organization and cyber risks are constantly evolving, responses that aim to avoid cyber risks are ineffective or nearly impossible to implement.

Roger Co. implemented activity-based costing in the current year. To select the appropriate driver for Cost Pool A, Roger performed regression analyses for two independent variables, Driver 1 and Driver 2, using monthly operating data. The monthly levels of Cost Pool A were the dependent variables in both regressions. Output results from the regression analyses were as follows:Driver 1Driver 2R squared 0.46 0.80Intercept$551.00$970.00X variable (slope) $0.55 $0.33At the budgeted production level for next month, the levels of Driver 1 and Driver 2 are expected to be 5,880 and 7,000, respectively. Based on this information, what is the budgeted amount for Cost Pool A for next month?A.$3,280B.$2,624C.$3,785D.$3,464

Answer (A) is correct.The coefficient of determination, also known as R squared, is a measure of fit between the independent and dependent variable(s).The closer the coefficient is to 1.0, the more useful the independent variable is in explaining or predicting the variation in the dependent variable. Accordingly, Driver 2 is more useful in predicting the cost behavior of Cost Pool A. Using the information provided, the regression equation for Driver 2 can be derived to be y = $0.33X + $970 X equals the expected production levels of Driver 2, and y equals the total expected cost. Given an expected monthly production level of 7,000 for Driver 2, the total expected costs are $3,280 [($0.33 × 7,000) + $970].

Russell, Inc., is evaluating four independent investment proposals. The expected returns and standard deviations for each of these proposals are presented below.InvestmentExpectedStandardProposalReturnsDeviationI16%10%II14%10%III20%11%IV22%15%Which one of the investment proposals has the least risk per unit of return?A.Investment III.B.Investment I.C.Investment II.D.Investment IV.

Answer (A) is correct.The coefficient of variation (CV) measures the risk per unit of return by dividing the standard deviation (σ) by the expected return. The investment with the lowest CV has the best risk-return tradeoff. The CVs of Russell's four investment proposals can thus be calculated as follows:StandardExpectedCoefficientDeviationReturnsof VariationInvestment I10%÷16%=62.5%Investment II10%÷14%=71.4%Investment III11%÷20%=55.0%Investment IV15%÷22%=68.2%

In theory, which of the following coefficients of correlation would eliminate unsystematic risk in an investment portfolio?A.-1.0.B.No theoretical coefficient exists for the elimination of risk in a portfolio context.C.0.0D.1.0

Answer (A) is correct.The correlation coefficient measures the degree to which any two variables, e.g., two stocks in a portfolio, are related. Perfect negative correlation (-1.0) means that the two variables always move in the opposite direction. Given perfect negative correlation, unsystematic risk is, in theory, eliminated

Listed below are four numbers. Which of these numbers represents the coefficient of correlation of a stock portfolio with the least unsystematic risk?A.-1.0B.0.0C.1.0D.100.0

Answer (A) is correct.The correlation coefficient measures the degree to which any two variables, e.g., two stocks in a portfolio, are related. Perfect negative correlation (-1.0) means that the two variables always move in the opposite direction. Given perfect negative correlation, unsystematic risk would, in theory, be eliminated.

Jackson Co. has the following information for the first 4 months of this year:MachineCleaningHoursExpenseJanuary2,100$ 900February2,6001,200March1,600 800April2,0001,000 Question2)Using the high-low method, what is Jackson's fixed cost?A.$160B.$640C.$320D.$1,040

Answer (A) is correct.The high-low method generates a regression equation using only the high-cost month and low-cost month. The variable cost per machine hour is therefore $.40 [($1,200 - $800) ÷ (2,600 hours - 1,600 hours)] for either the high-cost (February) or low-cost (March) month. The fixed costs are calculated as follows:Total cost in February$1,200Minus: Variable cost (2,600 hours × $.40)(1,040)Fixed cost$ 160

The following information pertains to a company's potential investment in security X:Maturity risk premium1%Liquidity risk premium3%Default risk premium2%Risk-free rate4%What is the company's required rate of return for the investment in this security?A.10%B.4%C.6%D.9%

Answer (A) is correct.The required rate of return is the return that takes into account all the investment risks that relate to a specific security. Thus, the required rate of return for the investment in security X is 10%.Risk-free rate4%Liquidity risk premium3%Maturity risk premium1%Default risk premium2%Required rate of return10%

The following information is available on market interest rates:The risk-free rate of interest2%Inflation premium1%Default risk premium3%Liquidity premium2%Maturity risk premium1%What is the market rate of interest on a 1-year U.S. Treasury bill?A.3%B.6%C.7%D.5%

Answer (A) is correct.The total return on a U.S. Treasury security consists of the risk-free rate of interest plus an inflation premium. In practice, the safest investment in the world has been U.S. Treasury Securities. While there is some risk in these investments, they have been regarded as the risk-free rate when used in a CAPM analysis. Therefore, the nominal rate of U.S. Treasuries is often used in practice as the risk-free rate in the CAPM analysis.

Upon receipt of purchased goods, receiving department personnel match the quantity received with the packing slip quantity and mark the retail price on the goods based on a master price list. The annotated packing slip is then forwarded to inventory control and goods are automatically moved to the retail sales area. The most significant control strength of this activity isA.Using a master price list for marking the sale price.B.Immediately pricing goods for retail sale.C.Automatically moving goods to the retail sales area.D.Matching quantity received with the packing slip.

Answer (A) is correct.Use of the master price list ensures that the correct retail price is marked.

What coefficient of correlation results from the following data? X Y 1 10 2 8 3 6 4 4 5 2 A. 0 B. -1 C. Cannot be determined from the data given. D. +1

Answer (B) is correct. The coefficient of correlation (in standard notation, r) measures the strength of the linear relationship. The magnitude of r is independent of the scales of measurement of X and Y. Its range is -1.0 to 1.0. A value of -1.0 indicates a perfectly inverse linear relationship between X and Y. A value of zero indicates no linear relationship between X and Y. A value of +1.0 indicates a perfectly direct relationship between X and Y. As X increases by 1, Y consistently decreases by 2. Hence, a perfectly inverse relationship exists, and r must be equal to -1.0.

In preparing the annual profit plan for the coming year, Wilkens Company wants to determine the cost behavior pattern of the maintenance costs. Wilkens has decided to use linear regression by employing the equation y = a + bx for maintenance costs. The prior year's data regarding maintenance hours and costs, and the results of the regression analysis, are given below and in the opposite column.Average cost per hour$9.00a684.65b7.2884Standard error of a49.515Standard error of b.12126Standard error of the estimate34.469r2.99724 Hours ofActivity MaintenanceCosts January 480 $ 4,200 February 320 3,000 March 400 3,600 April 300 2,820 May 500 4,350 June 310 2,960 July 320 3,030 August 520 4,470 September 490 4,260 October 470 4,050 November 350 3,300 December 340 3,160 Sum 4,800 $43,200 Average 400 $ 3,600 Question66)If Wilkens Company uses the high-low method of analysis, the equation for the relationship between hours of activity and maintenance cost would beA.y = 400 + 9.0xB.y = 570 + 7.5xC.y = 570 + 9.0xD.y = 3,600 + 400x

Answer (B) is correct.First, determine the months with the highest (520 hours in August) and lowest (300 hours in April) levels of activity.HoursDollarsAugust520$ 4,470April3002,820Difference220$ 1,650As the hours increased by 220, cost increased by $1,650, which is $7.50 ($1,650 ÷ 220) per hour. Thus, at 300 hours of activity, the total variable costs are $2,250 ($7.50 × 300 hours). Since the total cost was $2,820, the $570 ($2,820 - $2,250) above the variable costs must be fixed costs. Substituting into the standard regression equation of y = a + bx gives y = $570 + $7.50x.

An entity is examining potential investments and notes that 1-year maturity yields are higher than those for 10-year maturities. Which of the following explanations for this occurrence is best?A.The short-term investments carry a more immediate default risk premium resulting in higher rates of return.B.Investors are expecting reduced inflation in the future as reflected in the lower long-term returns.C.The short-term investments have higher liquidity and therefore carry a higher rate of interest.D.The long-term instruments provide a longer stream of investment income and therefore carry a lower rate of return.

Answer (B) is correct.Inflation risk is the risk that purchasing power will be lost while the loan is at the borrower's disposal. If inflation is expected to be lower in the future, investors are willing to accept a lower yield because overall purchasing power will be increased in later periods due to expected reduced inflation.

According to COSO, a primary purpose of monitoring internal control is to verify that the internal control system remains adequate to address changes inA.Technology.B.Risks.C.The law.D.Operating procedures.

Answer (B) is correct.Monitoring assesses the quality of internal control performance over time to ensure that controls continue to effectively manage existing risks.

If a CPA's client expected a high inflation rate in the future, the CPA would suggest to the client which of the following types of investments?A.Treasury bonds.B.Precious metals.C.Common stock.D.Corporate bonds.

Answer (B) is correct.Normally, precious metals are considered a risky investment because their prices are highly volatile. During periods of high inflation, however, currency loses purchasing power rapidly, and precious metals may offer a safe haven to investors.

During its most recent risk assessment, Capital Investment Group discovered that the spreadsheets it uses to support certain amounts on its financial statements were highly susceptible to error. Which of the following would contribute in mitigating this risk?Input data is reconciled to source documentationThe potential for fraud is consideredChanges to formulas are tested against a manual calculationA.I and II.B.Both I and III.C.I, II, and III.D.Both II and III.

Answer (B) is correct.Reconciling input data to source documentation ensures that data inputted on the spreadsheets is accurate. Additionally, testing changes to spreadsheet formulas against a manual calculation ensures that calculated results are accurate. Thus, the effect of both these control activities is a mitigation of the identified risk (i.e., error in data on the spreadsheets).

Management considers risk appetite for all of the following reasons exceptA.Implementing risk responses.B.Setting risk capacity. C.Aligning with business objectives.D.Aligning with development of strategy.

Answer (B) is correct.Risk appetite consists of the types and amount of risk the entity is willing to accept in pursuit of value. Among other things, risk appetite should be considered inAligning with development of strategy.Aligning with business objectives.Prioritizing risks.Implementing risk responses. Risk capacity is the maximum amount of risk an entity is able to assume. Management considers risk capacity in setting risk appetite.

Which of the following is used to directly evaluate cybersecurity strategies?A.Performance targets.B.Security models.C.Risk appetite.D.Security control frameworks.

Answer (B) is correct.Security models are approaches to evaluating the strategies that help establish and assess the cyber risk management program.

The risk to which all investment securities are subject is known asA.Diversifiable risk.B.Systematic risk..C.Credit risk.D.Unsystematic risk.

Answer (B) is correct.Systematic risk, also called market risk, is the risk faced by all firms. Changes in the economy as a whole, such as the business cycle, affect all players in the market. For this reason, systematic risk is sometimes referred to as undiversifiable risk. Because all investment securities are affected, this risk cannot be offset through portfolio diversification

Which of the following is a business risk?A.Country risk.B.Reporting risk.C.Liquidity risk.D.Credit risk.

Answer (B) is correct.The four general types of business risk are (1) strategic risks, (2) compliance risks, (3) reporting risks, and (4) operational risks. External reporting risks include those related to financial statements, tax filings, and valuations. Internal reporting risks include those related to internal control, budgeting, and key performance indicators (KPIs).

Which of the following factors would not be relevant when determining the risk premium on a specific security?A.Relative seniority.B.Earnings per share.C.Length of maturity.D.Relative liquidity.

Answer (B) is correct.The greater the risk of the investment, the higher the rate of return required by the investor. For each type of investment risk, the investor requires an additional risk premium that compensates him or her for bearing that risk. The earnings per share of the security is not a factor that can increase or decrease the riskiness of an investment and therefore would not be relevant when determining the risk premium on a specific security.

The internal auditor who works in enterprise risk management (ERM) may perform each of the following activities exceptA.Identifying improvement opportunities.B.Auditing ERM.C.Setting the risk appetite of the organization.D.Evaluating the design of the overall entity.

Answer (C) is correct.Internal auditing performs an assurance function (the third line of management accountability). The entity's assurance function (1) audits (reviews) ERM practices, (2) identifies issues and improvements, (3) makes recommendations, and (4) informs the board and executives of matters needing resolution. The third line's independence and objectivity should be enabled by reporting directly to the board. The third line also should be able to evaluate, and make recommendations to improve, the design and operating effectiveness of the overall entity. However, the first line of accountability determines the entity's risk appetite. Risk appetite consists of the types and amount of risk the organization is willing to accept in pursuit of value. Subject to board approval, management sets the risk appetite.

Which of the following terms describes the type of business activity that indirectly creates value for the business's customers?A.Projects.B.Operating processes.C.Management and support processes.D.Reporting processes.

Answer (C) is correct.Management and support processes are the activities that supervise and support the business. These processes are required for the success of the business, but they do not directly create customer value

According to COSO, the use of ongoing and separate evaluations to identify and address changes in internal control effectiveness can best be accomplished in which of the following stages of the monitoring-for-change continuum?A.Control revalidation/update.B.Change management.C.Change identification.D.Control baseline.

Answer (C) is correct.Of the four steps in the monitoring-for-change continuum described in the 2009 COSO document Guidance on Monitoring Internal Control Systems, change identification is the one in which separate and ongoing evaluations can best be accomplished.

A company sells medical devices used in cardiac surgery. All its products after packaging are sent out for gamma irradiation for sterilization. While conducting an enterprise risk management evaluation, the company's CFO determined that the company faced an operation risk from having only one supplier for this service. There were additional concerns that the company faced the risk that gamma irradiation could be subject to adverse regulatory or consumer perception changes. The CFO started the processes of qualifying another vendor to supply gamma irradiation services to minimize the supplier risk. The remaining risk is best described asA.Open supplier risk.B.Political risk.C.Residual risk.D.Inherent risk.

Answer (C) is correct.Residual risk is the risk of an activity that is remaining after the effects of any risk responses have been taken.

When risk is evaluated, which of the following risk responses is generally considered a sharing response?A.Reallocating capital among operating units.B.Rebalancing the asset portfolio to reduce exposure to certain types of losses.C.Entering into syndication agreements..D.Diversifying product offerings.

Answer (C) is correct.Risk sharing is action taken to reduce the severity of the risk by transferring a portion of the risk to another party. Examples include insurance, hedging, joint ventures, and outsourcing. A syndication agreement is a contract between the arranger and the other participants that shares risk among all parties

Due to 50% store growth year after year, monitoring internal controls at a national retail chain has come under tremendous pressure. According to COSO, which of the following responses would be appropriate under the circumstances to help restore effective monitoring?A.Decreasing the size of the corporate internal audit activities.B.Having all the managers sign the corporate compliance policy on an annual basis.C.Shifting most of the monitoring responsibility to store managers and district managers.D.Consolidating the data in the operational reports reviewed by the chief internal auditor.

Answer (C) is correct.Store managers and district managers are geographically closer to the stores and can frequently visit stores to conduct monitoring activities. Therefore, effective monitoring of internal controls can be restored by changing the evaluators.

According to the COSO ERM framework, which of following best describes the difference between strategy and business objectives?A.Strategy is the organization's core purpose, and business objectives are what the organization aspires to achieve over time.B.Business objectives are broader in scope than strategy.C.Business objectives are the steps to achieve strategy.D.Strategy is the plan to achieve business objectives.

Answer (C) is correct.Strategy is the plan to achieve the entity's mission and vision and apply its core values. Business objectives are the measurable steps taken to achieve the entity's strategy.

Of the following reasons to establish internal control, which is the most comprehensive?A.Safeguard the resources of the organization.B.Ensure the accuracy, reliability, and timeliness of information.C.Provide reasonable assurance that the objectives of the organization are achieved.D.Encourage compliance with organizational objectives.

Answer (C) is correct.The COSO model broadly defines internal control as a "process, effected by an entity's board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories: (1) effectiveness and efficiency of operations, (2) reliability of financial reporting, and (3) compliance with applicable laws and regulations."

Overhead costs have not been established for the new product, but monthly data on total production and overhead cost for the past 24 months have been analyzed using simple linear regression. The results below were derived from the simple regression and provide the basis for overhead cost estimates for the new product: Dependent variable (y) -- Factory overhead costs Independent variable (x) -- Direct labor hours Computed values: y intercept $40,000 Coefficient of independent variable $2.10 Coefficient of correlation 0.953 Standard error of estimate $2,840 Standard error of regression coefficient 0.42 Mean value of independent variable $18,000 Coefficient of determination 0.908 Question36)What percentage of the variation in Alpha's overhead costs is explained by the independent variable?A.48.8%B.95.3%C.90.8%D.42%

Answer (C) is correct.The coefficient of determination (r2) is the square of the coefficient of correlation (r). The coefficient of determination may be interpreted as the percent of variation in the dependent variable "explained" by the variation in the independent variable. Here, r = 0.953, and r2 = 0.908. Thus, 90.8% of the variation in overhead costs can be explained by direct labor hours.

An accountant has been retained by a company as an investment advisor for its employees. Research of historical rates of return yields the following information: Type of Investment MeanReturn StandardDeviation Common stocks 12% 20% Long-term corporate bonds 6% 8% Intermediate-term government bonds 5% 5% U.S. Treasury bills 4% 3% Which of the following investments has the optimal risk-return tradeoff if a return's standard deviation is an accurate assessment of investment risk? A.Long-term corporate bonds.B.Intermediate-term government bonds.C.U.S. Treasury bills.D.Common stocks.

Answer (C) is correct.The coefficient of variation (standard deviation ÷ expected rate of return) is useful when the rates of return and standard deviation of two investments differ. It measures the risk per unit of return. The lower the ratio, the better the risk-return tradeoff. The coefficient of variation for U.S. Treasury bills is .75 (.03 ÷ .04). This is the lowest ratio of the four securities, providing the optimal risk-return tradeoff.

The components of enterprise risk management (ERM) should be present and functioning. What does "present" mean?Components exist in the design of ERM.Components exist in the implementation of ERM.Components continue to operate to achieve strategy and business objectives.A.II only.B.I, II, and III.C.I and II..D.I only.

Answer (C) is correct.The components and principles of ERM, and their related controls, should be present and functioning to help the entity achieve its strategy and business objective. "Present" means such components, principles, and controls exist in the design and implementation of ERM

Which of the following components of control contribute most to a strong control environment?A.Controls are assessed through ongoing activities and evaluations.B.Duties are clearly defined and separated.C.Management adheres to control policies.D.Policy manuals provide a clear understanding of internal controls.

Answer (C) is correct.The control environment is the foundation for all other control components. It provides discipline and structure, sets the tone of the organization, and influences the control consciousness of employees. Management is primarily responsible for establishing and maintaining control. Thus, by adhering to internal control policies, management sets the tone for the importance of internal controls and builds a strong control environment.

The cyber risk management team is notA.Responsible to report to the board of directors.B.Led by chief information executives.C.Responsible for managing cyber risks at all levels of the entity..D.Composed of managers from different departments.

Answer (C) is correct.The cyber risk management team is responsible for managing cyber risks at the entity level, not at all levels of the entity. Department-level cyber risks are managed by departmental managers

Which of the following is closely related to traditional risk management instead of enterprise risk management (ERM)?A.Multiple-level view of risk.B.Financial performance.C.Emphasis on specific functions..D.Rapid response to opportunities.

Answer (C) is correct.The enterprise risk management approach set forth by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) attempts to approach an organization as a whole instead of focusing on any specific area or risk

According to COSO's ERM framework, which of the following is an essential element of the governance and culture component?A.Information systems.B.Reports on risk and culture.C.Risk responses.D.Human capital.

Answer (D) is correct.A principle within the governance and culture component is that the organization attract, develop, and retain capable individuals.

For an enterprise wide risk management program to be most effective, it should be led by which of the following?A.A management committee.B.The chief audit executive.C.Audit committee members.D.A centralized coordinator.

Answer (D) is correct.An enterprise risk management (ERM) program is most effective when led by a centralized coordinator, such as a risk officer (referred to as a risk management leader). This person facilitates ERM by working with other managers in establishing effective risk management in their areas of responsibility.

An employee obtains a blank check, makes it payable to a fictitious company, and then cashes it. Each of the following internal control procedures should prevent this threat to the expenditure cycle, exceptA.Positive pay with the bank.B.Restricted access to blank checks.C.Requiring electronic funds transfer transactions.D.Bank reconciliations.

Answer (D) is correct.Bank reconciliations detect fictitious payments after they are made rather than prevent their occurrence.

According to COSO, which of the following is a compliance objective?A.To maintain adequate staffing to keep overtime expense within budget.B.To maintain material price variances within published guidelines.C.To maintain accounting principles that conform to GAAP.D.To maintain a safe level of carbon dioxide emissions during production.

Answer (D) is correct.Compliance objectives relate to adherence to laws and regulations. Maintaining a safe level of carbon dioxide emissions during production is an example.

The premise of enterprise resource management (ERM) is that an organization exists to provide value for itsA.Employees.B.Shareholders.C.Customers.D.Stakeholders.

Answer (D) is correct.ERM is based on the premise that every organization exists to provide value for its stakeholders. Accordingly, ERM is defined as the culture, capabilities, and practices, integrated with strategy-setting and performance, that organizations rely on to manage risk in creating, preserving, and realizing value.

Each of the following is a method to evaluate internal controls based on the framework set by the Committee of Sponsoring Organizations (COSO), exceptA.Identifying mitigating controls to prevent losses.B.Testing to determine whether the controls are operating effectively and have prevented losses in the past.C.Evaluating internal control systems that focus first on risk identification of specific losses.D.Distinguishing economy risk from industry risk and enterprise risk.

Answer (D) is correct.Evaluating internal controls based on the COSO framework does not require distinguishing economic risk from industry risk and enterprise risk. Therefore, it is NOT a method to evaluate internal controls based on the COSO framework.

Management's aggressive attitude toward financial reporting and its emphasis on meeting projected profit goals most likely would significantly influence an entity's control environment whenA.Internal auditors have direct access to the board of directors and entity management.B.The audit committee is active in overseeing the entity's financial reporting policies.C.External policies established by parties outside the entity affect its accounting practices.D.Management is dominated by one individual who is also a shareholder.

Answer (D) is correct.Management's philosophy and operating style is one factor affecting the control environment as described in the COSO model for internal control. Such characteristics as management's attitudes and actions toward financial reporting and its emphasis on meeting budget, profit, and other goals have a significant influence on the control environment, especially when management is dominated by one or a few individuals. When incentives or pressures are present to achieve certain performance goals, the auditor should heighten his or her concern about the possibility of fraud.

Information about returns of eight stocks is as follows:StockEPerfectly correlated with FFPerfectly correlated with EHPositively correlated with IIPositively correlated with HJNot correlated with KKNot correlated with JLPerfectly negatively correlated with MMPerfectly negatively correlated with LWhich pair of stocks, if the stocks are purchased in equal amounts, will create the portfolio with the least risk?A.H and I.B.J and K.C.E and F.D.L and M.

Answer (D) is correct.Perfect positive correlation means the two variables always move together while perfect negative correlation means the two variables always move in opposite directions. If two securities are perfectly positively correlated, the risk of the two together is the same as the risk of each security by itself. On the other hand, if two securities are perfectly negatively correlated, all specific, or unsystematic, risk has been eliminated. As a result, since Stock L and M are perfectly negatively correlated, this pair of investments will create the least risk for the portfolio.

To assist in an investment decision, Gift Co. selected the most likely sales volume from several possible outcomes. Which of the following attributes would that selected sales volume reflect?A.The expected value.B.The median.C.The midpoint of the range.D.The greatest probability.

Answer (D) is correct.Probability is important to management decision making because of the uncertainty of future events. Probability estimation techniques assist in making the best decisions in the face of uncertainty. Consequently, the most likely sales volume is the one with the greatest probability.

In using regression analysis, which measure indicates the extent to which a change in the independent variable explains a change in the dependent variable?A.Standard error.B.p-value.C.t-statistic.D.R-squared.

Answer (D) is correct.R-squared is also known as the coefficient of determination. It is a measure of how good the fit between the independent and dependent variable is.

An entity determined that its variable interest rate on borrowing will increase significantly in the near future. Consequently, the entity hedged its variable rate by locking in a fixed rate for the relevant period. According to COSO, this decision is which type of response to risk?A.Reduction.B.Acceptance.C.Avoidance.D.Sharing.

Answer (D) is correct.Sharing reduces the risk by transferring a portion of the risk to another party. By entering into a hedging transaction, the entity transferred a portion of the risk to the party that offered the fixed rate.

According to COSO, which of the following provides oversight of an entity's enterprise risk management (ERM)?A.The risk officer.B.Management.C.Financial executives.D.The board of directors.

Answer (D) is correct.The board provides risk oversight of ERM culture, capabilities, and practices. Also, board committees may be formed for this purpose, e.g., a risk committee.

Which of the following best describes the business model?A.Identification and documentation of business processes.B.Activities related to the business's core objectives.C.Multiple layers encompassing organizational governance.D.The objectives of the business.

Answer (D) is correct.The business model consists of the organization's objectives and how the business processes achieve those objectives. The objectives include vision, mission, and corporate strategy.

The coefficient of determination, r squared, in a multiple regression equation is theA.Coefficient of the independent variable divided by the standard error of the regression coefficient.B.Percentage of variation in the independent variables explained by the variation in the dependent variable.C.Measure of the proximity of actual data points to the estimated data points.D.Percentage of variation in the dependent variable explained by the variation in the independent variables.

Answer (D) is correct.The coefficient of determination, or the coefficient of correlation squared, measures the fit between the independent and dependent variables. In a multiple regression equation, it is the proportion of the total variation in one dependent variable that is accounted for by two or more independent variables.

The expected rate of return for the stock of Cornhusker Enterprises is 20%, with a standard deviation of 15%. The expected rate of return for the stock of Mustang Associates is 10%, with a standard deviation of 9%. The stock with the worse risk/return relationship isA.Mustang because the standard deviation is higher.B.Cornhusker because the return is higher.C.Cornhusker because the standard deviation is higher.D.Mustang because the coefficient of variation is higher.

Answer (D) is correct.The coefficient of variation is useful when the rates of return and standard deviations of two investments differ. It measures the risk per unit of return by dividing the standard deviation by the expected return. The coefficient of variation is higher for Mustang (.09 ÷ .10 = .90) than for Cornhusker (.15 ÷ .20 = .75).

Which of the following are common process components of the COSO ERM framework?A.Review and revision; governance and culture.B.Governance and culture; performance.C.Information, communication, and reporting; strategy and objective-setting.D.Performance; review and revision.

Answer (D) is correct.The common process components of the COSO ERM framework are (1) strategy and objective-setting, (2) performance, and (3) review and revision.

Which of the following factors are included in an entity's control environment?

Integrity and ethical values, assignment of authority, and human resource practices.

Piper Corp. reviewed the mix of preventive and detective control activities over its cash disbursements process and discovered a high proportion of preventive control activities. If Piper desires to establish additional detective control activities, which of the following control activities should it consider?

Regularly comparing reported results to budgets and other benchmarks.

The portfolio view of cyber risks should beA.Assessed for materiality.B.Stagnant.C.Continually adjusted.Answer (C) is correct.The portfolio view of cyber risks, including risk identification, assessment, prioritization, and response, should be continually adjusted because of the constantly evolving business context.D.Industry specific.

The portfolio view of cyber risks should beA.Assessed for materiality.B.Stagnant.C.Continually adjusted.Answer (C) is correct.The portfolio view of cyber risks, including risk identification, assessment, prioritization, and response, should be continually adjusted because of the constantly evolving business context.

Which step in the risk management process assesses the actions to manage identified risks?

risk monitoring