ARM 400 Segment C Flashcards

Question 1

Q

Which one of the following best describes how internal audit supports enterprise risk management (ERM)?

Select one:
A. Internal audit implements the risk assessments provided by ERM.
B. Internal audit finds risks overlooked by ERM.
C. ERM provides the assessments that internal audit uses to test the viability of controls.
D. ERM implements risk management activities and internal audit assesses the results.

Answer

A

D. ERM implements risk management activities and internal audit assesses the results.

Question 2

Q

The Committee of Sponsoring Organizations of the Treadway Commission’s (COSO’s) Internal Control—Integrated Framework provides

Select one:
A. Common standards designed to increase effectiveness and efficiency of operations and reliability of financial reporting while ensuring compliance with applicable laws and regulations.
B. International standards to help ensure that organizations meet the needs of customers and stakeholders while also complying with statutory and regulatory requirements.
C. Guidance on assessing risk and evaluating internal controls to government agencies but not to other organizations.
D. Not a system of controls, but a framework for auditors to provide independent, objective, and reasonable assurances that management has adopted a system of controls that is effective and functioning as intended.

Answer

A

A. Common standards designed to increase effectiveness and efficiency of operations and reliability of financial reporting while ensuring compliance with applicable laws and regulations.

Question 3

Q

Which one of the following best explains how the role of the internal auditor changed with the passage of the Sarbanes-Oxley Act of 2002?

Select one:
A. The internal auditor must adapt to the ever changing environment of risk control through the use of electronic reconciliation programs.
B. The internal auditor must adopt a stakeholder orientation by anticipating, monitoring and assessing business and operational risk.
C. The internal auditor must be able to recognize current fraud risks as well computer theft of intellectual property.
D. The internal auditor must adopt the attitude of an external auditor, carefully reviewing and critiquing the finances of an organization.

Answer

A

B. The internal auditor must adopt a stakeholder orientation by anticipating, monitoring and assessing business and operational risk.

Question 4

Q

Which one of the following describes the role of internal audit according to the Federation of European Risk Management Associations (FERMA) and the European Commission of Institutes of Internal Audit (ECIIA) model?

Select one:
A. Internal audit is the second line of defense providing support for the implementation of controls, particularly with law and regulations.
B. Internal audit is the first line of defense providing the original risk assessment, control environment as well as maintaining effective internal controls.
C. Internal audit is the fourth line of defense providing oversight to the organization as a whole, reporting to the board and senior management on compliance by the various departments with regulations.
D. Internal audit is the third line of defense providing assurance to the board and senior management on organizational effectiveness of risk management and assessment efforts.

Answer

A

D. Internal audit is the third line of defense providing assurance to the board and senior management on organizational effectiveness of risk management and assessment efforts. The first line of defense is operational management. The second line of defense is the risk management functions. The fourth line of defense is external audit.

Question 5

Q

A risk-based auditing approach is deemed to be a top-down approach because

Select one:
A. It involves an external review of known potential threats to the organization and then developing an organizational response to those threats.
B. It involves identifying and analyzing material risks to the achievement of the organization’s objectives and then determining how the risks should be managed.
C. It involves review of the current financial controls and compliance to regulations as determined by external auditors.
D. It involves review of each department’s dependence on financial controls, compliance with federal statutes and audit history.

Answer

A

B. It involves identifying and analyzing material risks to the achievement of the organization’s objectives and then determining how the risks should be managed.

Question 6

Q

Martin Pruitt was hired by Regional Bank Company (RBC) to strengthen the company’s internal control efforts. Martin implemented a computer scanning program to detect fraud. The scanning program flagged a suspicious account. When Martin investigated the account, he learned that someone in the bank’s technology department had created the account. When the bank credits monthly interest on depositor accounts, any fractional cents are rounded-down to the nearest cent. The technology department official programmed the system so that any fractional cents lost due to rounding were deposited to the account owned by the technology department official. The scanning program Martin Pruitt implemented used computers to learn from the data analyzed. This application of emerging technology illustrates the use of

Select one:
A. Computer simulation.
B. Artificial intelligence.
C. Risk management information systems.
D. Machine learning.

Answer

A

D. Machine learning.

Question 7

Q

The importance of strong control environments with independent oversight have become increasingly important

Select one:
A. As organizations became more complex.
B. Because the Federation of European Risk Management Associations (FERMA) made it a requirement for international trade.
C. Because international trade is dependent upon consistent accounting processes.
D. As business complied with the provisions of the Sarbanes Oxley Act.

Answer

A

A. As organizations became more complex.

Question 8

Q

In accordance with the Three Lines of Defense Model, how does risk management act as the second line of defense?

Select one:
A. Risk management alerts internal audit of potential threats within a department and works with internal audit to neutralize the threat.
B. Risk management provides oversight to the operational management’s assessment of risk and internal controls.
C. Risk management supports and monitors operational management’s implementation of risk management practices.
D. Risk management has authority to initiate activity demanding an external audit should a risk be deemed imminent.

Answer

A

C. Risk management supports and monitors operational management’s implementation of risk management practice.

Question 9

Q

The Auditing Standard No. 5 (AS 5) calls for a specific fraud assessment because

Select one:
A. Failure to detect fraud through regular transactions in an organization remains the highest risk.
B. Fraud within an organization remains the most serious threat to the economic well-being of society.
C. Of the financial scandals of the late twentieth century; there is now an obligation to detect fraud.
D. The failure to prevent or detect fraudulent misstatements is higher than the risk of failing to prevent or detect other types of errors.

Answer

A

D. The failure to prevent or detect fraudulent misstatements is higher than the risk of failing to prevent or detect other types of errors.

Question 10

Q

Which one of the following best describes how internal audit compliments a risk management initiative?

Select one:
A. Risk managers identify, assess and prioritize risks with the assistance of internal audit. Internal audit requires that the controls for the risks are tested.
B. Risk managers identify, assess and prioritize risks. Internal audit develops a risk-based auditing plan that addresses material risks to an organization.
C. Internal audit tests the controls initiated by the risk management team. The risk management team reviews the results and responds to internal audit on the control assessment.
D. Internal audit tests controls for risks identified by risk managers. Risk management and internal audit are similar in that they are both charged with protecting the assets of an organization.

Answer

A

B. Risk managers identify, assess and prioritize risks. Internal audit develops a risk-based auditing plan that addresses material risks to an organization.

Question 11

Q

Emerging technologies such as artificial intelligence and machine learning are being applied by some businesses as part of their internal audit and control process. A key benefit of such applications is

Select one:
A. Gaining an historical perspective on inefficient and ineffective internal control measures.
B. Greater ability to quantify losses.
C. Detection of fraud and inefficient practices in real time.
D. Reduced labor costs in the risk management department.

Answer

A

C. Detection of fraud and inefficient practices in real time.

Question 12

Q

The Committee of Sponsoring Organizations of the Treadway Commission (COSO) describes internal control as consisting of five essential components, one of which is risk assessment. This component

Select one:
A. Sets the tone for internal control by providing resources, discipline, and structure.
B. Should be included in the audit as an internal control to minimize unforeseen events.
C. Verifies adherence to control results and assists in identifying other procedures that the entity may wish to adopt.
D. Considers management’s efforts to identify and analyze risks relevant to achieving predetermined objectives.

Answer

A

D. Considers management’s efforts to identify and analyze risks relevant to achieving predetermined objectives.

Question 13

Q

Which one of the following is true regarding internal audit involvement with enterprise risk management (ERM) efforts?

Select one:
A. Internal audit is increasingly asked to evaluate organizational risks, including strategic, financial and hazard risks.
B. Internal audit is not becoming more involved with ERM efforts because internal audit must remain independent and objective.
C. Internal audit is responsible for the organization’s compliance with all governance issues, including ERM compliance.
D. Internal audit is responsible for reviewing controls in an organization which includes ERM programs.

Answer

A

A. Internal audit is increasingly asked to evaluate organizational risks, including strategic, financial and hazard risks.

Question 14

Q

Which one of the following statements is true with regard to the application of emerging technologies such as artificial intelligence and machine learning to internal auditing of an organization?

Select one:
A. There should be no improvement given that the same practices are subject to internal audit with or without the application of emerging technology.
B. Deviations from desired practices and procedures will be more quickly identified by emerging technologies, and auditors can focus on designing and implementing new systems.
C. While the application of such technologies may be beneficial, the cost of implementation makes the use of emerging technologies unrealistic.
D. Although such techniques are applicable to the risk management function, they are not applicable to internal audit.

Answer

A

B. Deviations from desired practices and procedures will be more quickly identified by emerging technologies, and auditors can focus on designing and implementing new systems.

Question 15

Q

Which one of the following best describes how the modern approach to internal auditing differs from the traditional approach?

Select one:
A. The traditional approach uses systems-based controls, determines materiality of potential risks to the organization’s achievement of its objectives rather than reviewing adherence to regulations.
B. The modern approach uses many systems-based techniques, determines activity based on the organization’s business objectives, materiality of the risk and key threats to achieving business objectives rather than evaluating current controls.
C. The traditional approach confines itself to review of current system controls, compliance with those controls and any potential to bypass those controls rather than the materiality of the risk.
D. The modern approach uses a systems-based technique, evaluating current controls and threats to the organization, and considers the materiality of risks, but does not consider an organization’s business objectives.

Answer

A

B. The modern approach uses many systems-based techniques, determines activity based on the organization’s business objectives, materiality of the risk and key threats to achieving business objectives rather than evaluating current controls.

Question 16

Q

An auditor identifies risks under the risk-based approach by

Select one:
A. Reviewing the organization, department by department to determine if the controls overlap asking, “Is the redundancy needed?”
B. Looking at each objective and its controls identifying risks by asking, “What might go wrong?”
C. Reviewing prior audits, comparing results and asking, and “Has the control environment changed?”
D. Looking at each objective, testing each control by asking, “Does this seem appropriate?”

Answer

A

B. Looking at each objective and its controls identifying risks by asking, “What might go wrong?”

Question 17

Q

Which one of the following best describes if it is within the scope of duties for an internal auditor to assist the company’s enterprise risk management (ERM) program?

Select one:
A. It is not within the scope. Assisting the ERM program is outside of the functions of internal audit and can compromise the objectivity of internal audit.
B. It is not within the scope. Assisting with review of key risks, identification and evaluating risks compromises the overall functions of internal audit.
C. It is within the scope. Assisting with the management of key risks, including effectiveness of controls lend support to the ERM program.
D. It is within the scope. Assisting with implementation of new controls and providing feedback on controls will lend support to the ERM program.

Answer

A

C. It is within the scope. Assisting with the management of key risks, including effectiveness of controls lend support to the ERM program.

Question 18

Q

An independent auditor has been given the task of evaluating internal controls at Westside Company (Westside). The auditor has determined that Westside’s board of directors has endorsed a framework requiring management to have documented internal reporting controls to ensure efficient operations, accuracy of financial statements, and compliance with regulations. The framework is applied at the entity and divisional levels, but not the operating unit or functional levels. The program is new so it has not yet been monitored. The auditor is likely to report that

Select one:
A. The selected method aligns with the Committee of Sponsoring Organizations of the Treadway Commission’s (COSO) Internal Control—Integrated Framework because it is applied at the entity level. Monitoring is not a requirement.
B. The selected method aligns with the Committee of Sponsoring Organizations of the Treadway Commission’s (COSO) Internal Control—Integrated Framework because it is applied at the entity level. Monitoring will be required after the framework has been in place for one year.
C. The selected method does not align with the Committee of Sponsoring Organizations of the Treadway Commission’s (COSO) Internal Control—Integrated Framework because it must also be applied at the operating unit and functional levels and it must be monitored.
D. The selected method does not align with the Committee of Sponsoring Organizations of the Treadway Commission’s (COSO) Internal Control—Integrated Framework. It must also be applied at the operating unit level, but not the functional level. Regular monitoring must be implemented.

Answer

A

C. The selected method does not align with the Committee of Sponsoring Organizations of the Treadway Commission’s (COSO) Internal Control—Integrated Framework because it must also be applied at the operating unit and functional levels and it must be monitored.

Question 19

Q

Cheryl Babson works in internal control at Software Company. She contacted company security and asked them to immediately go to the office of a software engineer and to detain him. As part of the internal control process, Cheryl had scanning software installed at the company that randomly searched all e-mails and text messages sent from on-site, searching for key words. The scanning software detected the words: “gun,” “bomb,” “revenge,” and “kill” in communications sent from the engineer’s office. Company security found a loaded assault rifle, two loaded handguns, and a pipe bomb in the engineer’s office. He confessed to planning a workplace attack at the company cafeteria later that day. The emerging technology Cheryl deployed is called

Select one:
A. Radio frequency identification.
B. Blockchain Technology.
C. Natural language processing.
D. Computer simulation.

Answer

A

C. Natural language processing.

Question 20

Q

Which one of the following best describes why many purchasers require an ISO 9001 certification prior to buying a business?

Select one:
A. To have an outside audit company attest to its conclusive audit.
B. To ensure that internal standards and controls are in place.
C. To transfer liability should the financial statements prove erroneous.
D. To obligate the seller to perform audits for conformance prior to the sale.

Answer

A

B. To ensure that internal standards and controls are in place.

Question 21

Q

One internal control integrated framework consists of five essential components: the control environment, risk assessment, control activities, information and communication, and monitoring activities. When these components are applied across the organization, they create a “cube.” This framework is the

Select one:
A. Institute of International Auditors (IIA) International Standards for the Practice of International Auditing.
B. International Organization for Standardization’s (ISO’s) framework.
C. Committee of Sponsoring Organizations of the Treadway Commission’s (COSO’s) framework.
D. Financial Accounting Standards Board’s (FASB’s) Internal Control Standard.

Answer

A

C. Committee of Sponsoring Organizations of the Treadway Commission’s (COSO’s) framework.

Question 22

Q

Future-Com is a rapidly growing communication device company. It distributes its communication devices through a fleet of Future-Com trucks. In consultation with internal audit, the fleet of Future-Com delivery trucks was outfitted with sensors that monitor other traffic in proximity to Future-Com trucks. The sensors alert drivers if there’s a stalled vehicle ahead, if a vehicle is beside the truck in an area hard to see, and if a vehicle is following too closely behind the truck. The sensors installed by Future-Com and the feedback they provide to the drivers illustrate the use of which of the following emerging technology?

Select one:
A. Machine learning.
B. Artificial intelligence.
C. Radio frequency identification.
D. Natural language processing.

Answer

A

A. Machine learning.

Question 23

Q

t is necessary to define functions that should be performed by internal audit rather than the enterprise risk management (ERM) team because

Select one:
A. Internal audit and risk managers share responsibilities for governance and compliance for the organization.
B. The Institute of Internal Auditors (IIA) guidelines are used to avoid confusion in an organization and clarify financial compliance issues.
C. ERM is all encompassing and if not controlled will absorb internal audit functions.
D. Clarification of functions helps avoid redundancy and foster a strong working relationship.

Answer

A

A. Internal audit and risk managers share responsibilities for governance and compliance for the organization.

Question 24

Q

Preventive controls assist the overall control environment of an organization by
Select one:
A. Detecting errors or inconsistencies after they occur.
B. Addressing reconciliation of accounting errors.
C. Reducing risk of unauthorized actions.
D. Comparing different sets of data and investigating any differences.

Answer

A

Reducing risk of unauthorized actions.

Question 25

Q

Which one of the following best describes an effective way to construct internal controls?

Select one:
A. The controls should be linear and create checks and balances.
B. The controls should be system based with oversight by one or two individuals.
C. The controls should be quantitative and include segregation and transfer options.
D. The controls should lend themselves to true risk management concerns.

Answer

A

A. The controls should be linear and create checks and balances.

Question 26

Q

Developing a risk-based audit plan requires a risk assessment. Under the model of the Committee of Sponsoring Organizations of the Treadway Commission (COSO) Internal Control—Integrated Framework, which one of the following explains how risk assessment is addressed?

Select one:
A. It is essentially the same as the traditional model, but is codified in steps that are reported.
B. It is narrower and it provides concrete steps which are recommended and differ by industry.
C. It expands the risk assessment concept by identifying five interrelated components of internal control.
D. It expands the risk assessment concept by comparing it to competitor audits.

Answer

A

C. It expands the risk assessment concept by identifying five interrelated components of internal control.

Question 27

Q

Which one of the following best describes why the Institute for Internal Auditors (IIA) has designed standards addressing the need for internal audit to evaluate the effectiveness of risk management?

Select one:
A. Audits are conducted annually in many organizations. Requiring an auditor to validate the findings of prior years provides a comfort level to stakeholders.
B. Audits may be self-serving to an organization depending on the experience level of an auditor. By indicating specific criteria, an auditor should be able to conduct a valid audit.
C. Audits are objective and independent of the politics of an organization. A pronouncement assists the auditor by defining review criteria.
D. Audits are conducted under diverse legal and cultural environments. Requiring an auditor to validate particular points ensures that auditors and their activities meet their responsibilities.

Answer

A

D. Audits are conducted under diverse legal and cultural environments. Requiring an auditor to validate particular points ensures that auditors and their activities meet their responsibilities.

Question 28

Q

Many banks are using technology to search for and detect cyber-security threats locally and in the cloud. This application of technology, in which machines learn from humans, illustrates the use of

Select one:
A. Data analytics.
B. Machine learning.
C. Risk management information systems.
D. Artificial intelligence.

Answer

A

B. Machine learning.

Question 29

Q

Colossal Casualty Insurance Company decided to conduct an internal audit of the company’s operations. As part of the internal audit, several fictitious claims were submitted to the claims department to see if the claims would be approved and paid. Which one of the Committee of Sponsoring Organizations of the Treadway Commission’s (COSO’s) components of internal control was examined by this internal audit test?

Select one:
A. Control environment.
B. Monitoring activities.
C. Information and communication.
D. Risk assessment.

Answer

A

A. Control environment.

Question 30

Q

Which one of the following is an example of a principles-based traffic control regulation?

Select one:
A. Driver must maintain liability insurance that meets the state minimum financial responsibility limit
B. Driver and passengers must wear a safety belt when the car is in motion
C. Driver must drive at a speed within the posted speed limit
D. Driver must maintain a reasonable following distance appropriate to speed and conditions.

Answer

A

D. Driver must maintain a reasonable following distance appropriate to speed and conditions. Because it could be interpreted differently by different drivers and traffic control regulators, an example of a principles-based traffic control regulation is that a driver must maintain a reasonable following distance appropriate to speed and conditions.

Question 31

Q

Which one of the following is the first step that should be taken by the senior manager who is responsible for the organization’s compliance program?

Select one:
A. Review all employee files for any relevant history of illegal behavior
B. Train all employees on how to report compliance violations to the federal government
C. Assemble a task force from all major functions within the organization
D. Establish incentives and disciplinary actions to enforce the program

Answer

A

C. Assemble a task force from all major functions within the organization. Once this is done, the manager should be trained on the laws and regulations that apply to their functions. Other employees should receive basic training that includes how to report violations.

Question 32

Q

Which one of the following statements is true regarding Basel III?

Select one:
A. Basel III is a regulatory standard for banks of the European Union and the United Kingdom.
B. Basel III is a voluntary standard for the insurers which encourages senior management to take the lead in establishing a strong risk management culture.
C. Basel III was developed to reduce the likelihood of insurer insolvency, market disruption, and consumer loss.
D. Basel III was developed to address both the risk of individual organizations and systemic risk in the banking sector.

Answer

A

D. Basel III was developed to address both the risk of individual organizations and systemic risk in the banking sector.

Question 33

Q

All of the following are true regarding the Federal Sentencing Guidelines, EXCEPT:

Select one:
A. They establish minimum components for an effective compliance program.
B. They are mandatory.
C. They can be used by federal courts.
D. They require an organization to have written standards and procedures.

Answer

A

B. They are mandatory. Because of a 2005 U.S. Supreme Court decision, the Federal Sentencing Guidelines are not mandatory, but can be used by federal courts.

Question 34

Q

One of the key department players in compliance program implementation is Internal Audit. As such, the main responsibility of Internal Audit involves which of the following?

Select one:
A. Compliance with employment laws
B. Employee health and safety
C. Oversight of financial compliance
D. Product safety and environmental control

Answer

A

C. Oversight of financial compliance

Question 35

Q

Solvency II is a new regulatory standard in the European Union (EU) to establish principles for risk management and consistency in regulation for which one of the following industries?

Select one:
A. Banking
B. Health care
C. Insurance
D. Transportation

Answer

A

C. Insurance - Solvency II is a new regulatory standard in the EU to establish principles for risk management and consistency in regulation for the insurance industry.

Question 36

Q

Which one of the following standards was developed in response to the financial crisis that began in 2007?

Select one:
A. Capital Adequacy Framework
B. ISO 31000
C. Basel III
D. Solvency II

Answer

A

C. Basel III

Question 37

Q

The individual responsible for ensuring compliance within an organization usually reports to which one of the following?

Select one:
A. Human resources
B. Operations management
C. General counsel
D. Senior management

Answer

A

D. Senior management

Question 38

Q

The Federal Sentencing Guidelines require a senior manager to have responsibility for the organization’s entire compliance program. The individual selected is typically from which one of the following functions of the organization?

Select one:
A. Legal
B. Internal audit
C. Operations
D. Human development

Answer

A

B. Internal audit

Question 39

Q

Which one of the following clauses would be a foundation of the Fair Labor Standards Act (FLSA)?

Select one:
A. Requires companies who operate their own online networks to safeguard user data
B. Establishes minimum wage and overtime pay requirements by which United States employers must abide
C. Establishes transparency requirements which allow investors and regulators a greater understanding of the fund’s assets
D. Prohibits the bribery of foreign government officials in effort to gain or retain business

Answer

A

B. Establishes minimum wage and overtime pay requirements by which United States employers must abide

Question 40

Q

Which one of the following regulatory approaches allocates resources based on the concept of achieving the greatest potential good while simultaneously minimizing the overall costs?

Select one:
A. Performance-based regulation
B. Risk-based regulation
C. Rules-based regulation
D. Evidence-based regulation

Answer

A

B. Risk-based regulation

Question 41

Q

Bo’s Diving Adventures (BDA) is one of the largest recreational SCUBA diving businesses in the world. While enjoying much success in the diving aspect of its business, it has had its challenges adhering to the different government and industry regulations over the years. The board of directors decided to hire a Chief Compliance Officer (CCO) to remedy this issue and ensure that each diving excursion the company charts is in full compliance with all regulations regardless of destination. After a week on the job the new CCO has discovered that the number one non-compliance issue over the past few years could be rectified with better internal training. As such, the BEST move the CCO should make would be which of the following?

Select one:
A. Sit down with the head of Human Resources and outline a comprehensive training program for all employees which address the non-compliance issues.
B. Make a phone call to the National Diving Control Board and refute the non-compliance citations.
C. Approach the board of directors to cease all diving excursions until each employee is better trained.
D. Replace the current head of Human Resources for allowing the non-compliance issues to fester.

Answer

A

A. Sit down with the head of Human Resources and outline a comprehensive training program for all employees which address the non-compliance issues.

Question 42

Q

Examples of Principles-Based Regulations include all of the following, EXCEPT:

Select one:
A. Restaurant employees must wash their hands every time they use the restroom.
B. Insurance companies must retain sufficient capital to ensure that policyholder obligations are met.
C. Corporations must fairly and accurately report on the financial condition of the firm to all stakeholders.
D. Investors having material influence over the management of a publicly traded company must publicly disclose that control to all stakeholders in the firm.

Answer

A

A. Restaurant employees must wash their hands every time they use the restroom.

Question 43

Q

One of the major objectives of a compliance program is to receive benefits from external sources. Which one of the following is an example of a potential benefit from an external source?

Select one:
A. Reductions in insurance premiums
B. Reductions in corporate taxes
C. Improved employee health and safety
D. Increased product safety

Answer

A

A. Reductions in insurance premiums

Question 44

Q

When comparing principles-based regulation with rules-based regulation, which one of the following statements is correct?

Select one:
A. Principles-based regulation tends to use a one-size-fits-all approach.
B. Principles-based regulation responds more quickly to a changing environment.
C. Principles-based regulation requires less communication between the regulator and regulated entity.
D. Principles-based regulation emphasizes conformity rather than the outcome.

Answer

A

B. Principles-based regulation responds more quickly to a changing environment.

Question 45

Q

The Sarbanes-Oxley Compliance (SOX) category involves all of the following compliance levels, EXCEPT:

Select one:
A. Voluntary
B. Mandatory
C. Internal
D. External

Answer

A

A. Voluntary

Question 46

Q

Based on Basel III principles, which one of the following groups should take the lead in establishing a strong risk management culture?

Select one:
A. Employees
B. Risk managers
C. Senior management
D. Board of directors

Answer

A

D. Board of directors - Basel III is a comprehensive set of reform measures to strengthen the regulation, supervision, and risk management of the banking sector. Based on Basel III principles, the board of directors should take the lead in establishing a strong risk management culture.

Question 47

Q

Claim representative Klee is reviewing an auto liability claim concerning a two-car collision that has just been assigned to him. He discovers that the insured was clearly 100 percent at fault for the accident and although nobody was injured, it is company policy for him to set a $500 reserve. Klee sets the reserve and then calls the insured driver involved in the accident for a recorded statement. During the conversation with the insured driver, Klee takes it upon himself to recommend a company-approved collision center where the insured driver can have her vehicle repaired to pre-accident condition. Klee’s application of setting reserves and mentioning the collision repair center would best represent which two compliance requirements in this case?

Select one:
A. Internal and mandatory
B. External and mandatory
C. Internal and voluntary
D. External and voluntary

Answer

A

C. Internal and voluntary

Question 48

Q

Be-Ne-Lux Insurance is an insurer operating in Belgium, the Netherlands, and Luxembourg. Be-Ne-Lux is subject to the Solvency II standards. Company managers believed the company was adequately financed, however it was determined that the company did not have adequate assets based on the uncertainty of its operating performance. The standard that Be-Ne-Lux failed to meet is

Select one:
A. Basel II.
B. Risk-based capital.
C. Own risk and solvency assessment.
D. Underwriting leverage.

Answer

A

B. Risk-based capital.

Question 49

Q

Which one of the following regulatory approaches provides an organization with more certainty and greater predictability?

Select one:
A. Rules-based
B. Evidence-based
C. Risk-based
D. Principles-based

Answer

A

A. Rules-based

Question 50

Q

Which one of the following standards was developed in response to the financial crisis that began in 2007?

Select one:
A. Capital Adequacy Framework
B. ISO 31000
C. Basel III
D. Solvency II

Answer

A

C. Basel III

Question 51

Q

Tom is the Chief Underwriting Officer (CUO) of a large commercial insurance carrier and has been tasked with updating the current compliance program. The internal audit results for the past few years have been poor and highlight a need for immediate correction in certain functional areas. Instead of modifying the current program, Tom decides to start from scratch and build a new, ground-up program. What is a fundamental component Tom should be implementing to ensure his company’s compliance program is effective?

Select one:
A. Use due diligence to prevent and detect criminal behavior.
B. Reference the U.S. Sentencing Commission’s Guidelines manual for ideas.
C. Consult with his CUO peers at competitor firms who have had success in this area.
D. Conduct his own internal audit to see the laws the employees are following.

Answer

A

A. Use due diligence to prevent and detect criminal behavior.

Question 52

Q

The Sarbanes-Oxley Compliance (SOX) category involves all of the following compliance levels, EXCEPT:

Select one:
A. Internal
B. External
C. Mandatory
D. Voluntary

Answer

A

D. Voluntary

Question 53

Q

Which one of the following is an example of a compliance requirement that is internal and mandatory?

Select one:
A. Requiring that all full-time employees have workers compensation insurance
B. Requiring employees to conserve energy by turning off the lights at the end of the day
C. Requiring all employees to consider car-pooling with other employees
D. Requiring all employees working in the foundry to wear hearing protection.

Answer

A

D. Requiring all employees working in the foundry to wear hearing protection.

Question 54

Q

Which one of the following statements about standards—risk management, Solvency II, and Basel II and III— is true?

Select one:
A. The Basel II and Basel III standards apply to all European corporations no matter the sector of the economy in which the corporation operates.
B. Many risk management standards, such as ISO 31000, are voluntary.
C. The Solvency II standards were approved by the U.S. Congress and now must be satisfied by all U.S. insurers.
D. The Solvency II standards were promulgated to strengthen U.S. regulation and supervision of the banking sector.

Answer

A

B. Many risk management standards, such as ISO 31000, are voluntary.

Question 55

Q

Sims Cinnamon Rolls and Donuts creates confectionery masterpieces for business conventions. Knowing how much a warm cinnamon roll or fresh donut means to a conventioneer just arriving from out of town, Sims’ decides to implement a standard that 100% of its orders be delivered 60 minutes before the start of each convention. This is an example of which of the following kinds of compliance requirements?

Select one:
A. External and Voluntary
B. External and Mandatory
C. Internal and Mandatory
D. Internal and Voluntary

Answer

A

D. Internal and Voluntary

Question 56

Q

The development and implementation of a business continuity plan entails seven steps. Which one of the following steps involves assessing what events may occur, when they will occur, and how they could affect achievement of key objectives?

Select one:
A. Developing a continuity plan
B. Conducting a business impact analysis
C. Performing a risk assessment
D. Understanding the business

Answer

A

B. Conducting a business impact analysis. Conducting a business impact analysis involves assessing what events may occur, when they will occur, and how they could affect achievement of key objectives.

Question 57

Q

Which one of the following stages of a strategic redeployment plan has the sole objective of preserving and enhancing stakeholders’ trust and confidence in the organization?

Select one:
A. Alternate marketing stage
B. Communication stage
C. Emergency stage
D. Contingency production stage

Answer

A

B. Communication stage. The communication stage of a strategic redeployment plan has the sole objective of preserving and enhancing stakeholders’ trust and confidence in the organization.

Question 58

Q

As a result of a risk assessment, Medford Factory identified several exposures that could interrupt its operations. Which one of the following would be categorized as an external exposure?

Select one:
A. A fire breaking out in the warehouse
B. A widespread power outage
C. An IT server failure
D. A poorly designed product that needs to be recalled

Answer

A

B. A widespread power outage

Question 59

Q

Disaster recovery planning arose from organizations’ increasing use of and dependence on

Select one:
A. Communication.
B. Nuclear energy.
C. International suppliers.
D. Technology.

Answer

A

D. Technology. Disaster recovery planning arose from organizations’ increasing use of and dependence on technology.

Question 60

Q

A business impact analysis (BIA) should identify the points in time when the interruption would have the greatest impact, what the operational impact would be, and

Select one:
A. What continuity strategy to use.
B. Whether the exposures are external, internal, or project.
C. What the financial impact would be.
D. Who should be on the recovery team.

Answer

A

C. What the financial impact would be. A business impact analysis (BIA) should identify the points in time when the interruption would have the greatest impact, what the operational impact would be, and what the financial impact would be.

Question 61

Q

Parker International sets realistic goals for employees, and provides mentorships and educational opportunities to help them succeed. The company also provides profit sharing and employee wellness incentives. Which one of the following key resiliency traits does Parker International demonstrate?

Select one:
A. Valued employees
B. A culture of openness and trust
C. Clear company objectives
D. Strong relationships with vendors and customers

Answer

A

A. Valued employees

Question 62

Q

Disaster recovery planning arose from the increasing use of and dependency on

Select one:
A. High-rise construction.
B. Technology.
C. International travel.
D. Global financial institutions.

Answer

A

B. Technology.

Question 63

Q

The owners of West Coast Inn have identified a number of external risks to their business that are uncontrollable. They have decided to a business continuity plan in order to minimize the negative effects of the risks on its operations. West Coast Inn’s plan will use a combination of a contingency model and a risk-transfer model. Which one of the following activities would be part of the risk-transfer model?

Select one:
A. Purchasing business interruption insurance
B. Purchasing a generator to help maintain operations
C. Contracting with a nearby inn to be backup for each other’s customers
D. Maintaining a separate site in a neighboring town

Answer

A

A. Purchasing business interruption insurance

Question 64

Q

Which one of the following is a critical component to achieving true operational resiliency?

Select one:
A. A facilities based operation
B. A top management view of potential risks
C. A culture of openness and trust
D. A long-term commitment to a single vendor

Answer

A

C. A culture of openness and trust. Creating a culture of openness and trust is critical to achieving operational resiliency. While upper management may have a broader view of risk, front-line workers may be in a better position to anticipate possible risks from vendors or customers.

Answer 65

A

D. Information technology

Answer 66

A

D. Reminding patrons that their attendance comes with an assumption of risk and no guarantees.

Answer 67

A

B. Protecting people

Answer 68

A

A. Data breach

Answer 69

A

A. Emergency stage

Answer 70

A

D. The employee is being discouraged from creating relationships with suppliers that may be needed if a large scale event disrupts local suppliers in their supply chain.

Answer 71

A

D. Hiring a crisis-management firm to promote the big-box’s corporate social responsibility program and respond if a disaster occurs.

Answer 72

A

B. The sole objective is to preserve or enhance stakeholders’ trust and confidence in the organization.

Answer 73

A

C. Business continuity management attempts to minimize the results of disruptions to operations.

Answer 74

A

A. Front-line workers

Answer 75

A

B. Business continuity management attempts to minimize the results of disruptions to operations.

Answer 76

A

B. The sole objective is to preserve or enhance stakeholders’ trust and confidence in the organization.

Answer 77

A

C. Organizational resiliency.

Brainscape's Knowledge GenomeTM

ARM 400 Segment C Flashcards

Brainscape's Knowledge Genome^TM