4. Risk Management (10% 12 MCQs)

Question 1

Section E - Proficient

Risk Management Concept (Fundamental)
Risk - Definition

Risk Management Process

Answer 1

Risk: Possibility of events impacting the organization, measured by impact and likelihood.

Question 2

Section E - Proficient

Risk Management Concept (Fundamental)
Risk Management - Definition

Risk Management Process

Answer 2

1. Risk Management (RM): Process to identify, assess, manage, and control events to ensure organizational objectives.
2. Standard 2120 – RM: IA evaluates and improves the RM process.
3. RM: Can be formal or informal.

Question 3

Section E - Proficient

Risk Management Concept (Fundamental)
Risk Management Process - Definition

Risk Management Process

Answer 3

1. Identification of Context
2. Risk Identification
3. Risk Assessment & Prioritization
4. Risk Response
5. Risk Monitoring

Question 4

Section E - Proficient

Risk Management Concept (Fundamental)
Responsibility for Aspect of Org RM

Risk Management Process

Answer 4

1. RM: Key responsibility of management and the Board.
2. IA Assurance: Reviews and recommends improvements.
3. IA Consulting: Identifies, evaluates, implements, and manages methods and controls.
4. Board Role: Determines IA’s RM role based on culture, competence, and local conditions.
5. IA Role: Defined in the Charter.

Question 5

Section H - Basic

Role of IA in RM

Risk Management Process

Answer 5

1. Standard 2120.A1: Assess alignment, risk identification, responses, and communication.
2. Standard 2120.A2: Evaluate fraud risk and management.
3. IG 2120: Understand RM framework, assess risk maturity, plan audits, and report issues.
4. Implementation: CAE assesses and discusses RM, performs gap analysis, ensures timely action, and reviews Board minutes.
5. Conformance: Charter, Audit Plan, Meeting Minutes, IA Risk Assessment.

Question 6

Section E - Proficient

Risk Management Concept (Fundamental)
Risk Management in Consulting

Risk Management Process

Answer 6

1. Performance Standard 2120.C1: Address risks per engagement objectives.
2. Performance Standard 2120.C2: Incorporate consulting knowledge.
3. Performance Standard 2120.C3: Avoid management responsibilities

Question 7

Section F - Basic

RM Framework (COSO, ISO 31000 etc.)
ERM - Definition & Concepts

COSO Framework - ERM Overview

Answer 7

1. Culture: Values influencing risk management.
2. Capabilities: Skills and resources for risk.
3. Practices: Methods for managing risks.
4. Strategy: Aligning risks with goals.
5. Performance: Managing risks to create value.

Question 8

Section F - Basic

RM Framework (COSO, ISO 31000 etc.)
ERM - Role & Responsibilities

COSO Framework - ERM Overview

Answer 8

1. Board: Provides oversight via committees (e.g., audit, risk, governance).
2. Management: Manages risk and achieves objectives daily.
3. Risk Officer: Centralizes and coordinates risk management.
4. Three Line Model:
   * First: Risk owners.
   * Second: Support functions (e.g., Risk Officer).
   * Third: Assurance functions.

Question 9

Section F - Basic

RM Framework (COSO, ISO 31000 etc.)
COSO ERM Framework

COSO Framework - ERM Component & Limitations

Enterprise Risk Management

Answer 9

A set of principles organized into 5 interrelated components.
* Governance & Culture - Mission, Vision & Core Values
* Strategy & Objective Setting - Strategy Development
* Performance - Business Objective Formulation
* Review & Revision - Implementation & Performance
* Information, Communication, & Reporting - Enhanced Value

Question 10

Section F - Basic

RM Framework (COSO, ISO 31000 etc.)
COSO ERM Components

COSO Framework - ERM Component & Limitations

Enterprise Risk Management

Answer 10

A set of principles organized into 5 interrelated components.
* Governance & Culture -
1. Exercises Board Risk Oversight
2. Establishes Operating Structure
3. Defines Desired Culture
4. Demonstrates to Core Values
5. Attracts, Develops & Retains Capable Individuals

Question 11

Section F - Basic

RM Framework (COSO, ISO 31000 etc.)
COSO ERM Components

COSO Framework - ERM Component & Limitations

Enterprise Risk Management

Answer 11

A set of principles organized into 5 interrelated components.
* Strategy & Objective-Setting
6. Analyzes Business Context
7. Defines Risk Appetite
8. Eveluates Alternative Strategies
9. Formulates Business Objectives

Question 12

Section F - Basic

RM Framework (COSO, ISO 31000 etc.)
COSO ERM Components

COSO Framework - ERM Component & Limitations

Enterprise Risk Management

Answer 12

A set of principles organized into 5 interrelated components.
* Performance
10. Identifies Risk
11. Assesses Severity of Risk
12. Prioritize Risks
13. Implements Risk Responses
14. Develops Portfolio View

Question 13

Section F - Basic

RM Framework (COSO, ISO 31000 etc.)
COSO ERM Components

COSO Framework - ERM Component & Limitations

Enterprise Risk Management

Answer 13

A set of principles organized into 5 interrelated components.
* Review & Revision
1. Assesses Substantial Change
2. Reviews Risk & Performance
3. Pursues Improvement in Enterprise Risk Management

Question 14

Section F - Basic

RM Framework (COSO, ISO 31000 etc.)
COSO ERM Components

COSO Framework - ERM Component & Limitations

Enterprise Risk Management

Answer 14

A set of principles organized into 5 interrelated components.
* Information, Communication & Reporting
1. Leverages Information & Technology
2. Communication Risk Information
3. Reports on Risk, Culture & Performance

Question 15

Section F - Basic

RM Framework (COSO, ISO 31000 etc.)
ERM Limitations

COSO Framework - ERM Component & Limitations

Enterprise Risk Management

Answer 15

1. Faulty Judgment
2. Cost-Benefit Considerations
3. Simple Errors
4. Collusion
5. Management Override

Question 16

Section F - Basic

RM Framework (COSO, ISO 31000 etc.)
Principles

ISO 31000 Framework - Risk Management

Answer 16

1. Integrated: Covers all activities.
2. Structured: Organized and comprehensive.
3. Customized: Tailored to objectives.
4. Inclusive: Engages stakeholders.
5. Dynamic: Adapts to change.
6. Best Information: Uses all relevant data.
7. Human Factors: Considers cultural aspects.
8. Continual Improvement: Ongoing enhancement.

Question 17

Section F - Basic

RM Framework (COSO, ISO 31000 etc.)
Framework Components

ISO 31000 Framework - Risk Management

Answer 17

1. Leadership: Policies, resources, and accountability (Board & Management).
2. Integration: Across all parts of the organization.
3. Design: System setup.
4. Implementation: Plan development and deployment, with adjustments if needed.
5. Evaluation: Performance measurement.
6. Improvement: Monitoring and updating

Question 18

Section F - Basic

RM Framework (COSO, ISO 31000 etc.)
Process

ISO 31000 Framework - Risk Management

Answer 18

1. Communication & Consultation: Awareness and feedback.
2. Scope, Context & Criteria: Define boundaries and standards.
3. Risk Assessment: Identify, analyze, and evaluate risks.
4. Risk Treatment: Accept, avoid, reduce, share, or pursue risks.
5. Monitoring & Review: Enhance quality and effectiveness.
6. Recording & Reporting: Share results with stakeholders.

Question 19

Section F - Basic

RM Framework (COSO, ISO 31000 etc.)
Responsibilities for Risk

ISO 31000 Framework - Risk Management

Answer 19

• Board: Provides oversight.
• Management: Sets risk attitude and handles risk assessment and decisions.
• Auditor: Provides assurance.

Question 20

Section F - Basic

RM Framework (COSO, ISO 31000 etc.)
Assurance approches/ responsibilities

ISO 31000 Framework - Risk Management

Answer 20

• Key Principle Approach: Implementing risk management principles.
• Process Element Approach: Establishing risk management elements.
• Maturity Model: Uses Capability Maturity Model (CMM) and CMMI Development V2.0.

Question 21

Section F - Basic

RM Framework (COSO, ISO 31000 etc.)
Other Risk Framework

Turnbull Framework

Answer 21

Emphasizes controls, unlike ISO 31000.