Audit Part I, Section II

Question 1

Absolute Risk

Answer 1

The risk derived from the environment without the mitigating effects of internal controls.

Question 2

Acceptable Risk

Answer 2

A type of risk that revolves around the business impact that would be experienced if certain risks were realized.

Question 3

Acceptable risk level

Answer 3

A risk level derived from an organization’s legal and regulatory compliance responsibilities, its threat profile, and its business drivers and impacts.

Question 4

Active control

Answer 4

A type of control that prevents or detects a deviation from the approved procedure.

Question 5

Adequate control

Answer 5

A level of control that is present if management has planned and organized in a manner that provides reasonable assurance that the organization’s risks shave been managed effectively and that the organization’s goals and objectives will be achieved efficiently and economically.

Question 6

Application control

Answer 6

An IT control related to the specific functioning of an application system that supports a specific business process.

Question 7

Benchmarking

Answer 7

The comparison of an organization or project to similar internal or external organizations or projects, for the purpose of determining areas for potential improvement and to identify best practices. May also be used to assess likelihood and impact of potential events across an industry.

Question 8

Brainstorming

Answer 8

An activity in which a group generates new ideas; ideas are accepted without criticism and are then evaluated together.

Question 9

Pervasive Risk

Answer 9

The type of risk found throughout the environment.

Question 10

Positive conflict

Answer 10

A type of conflict that leads to beneficial results; can transform the way sin which individuals interact and improve the quality of conflict outcomes.

Question 11

Process-flow analysis

Answer 11

A two-dimensional graphic representation of an operation in terms of the flow of activity through the process. Examines the combination of inputs, tasks, and responsibilities that comprise a process.

Question 12

Processing controls

Answer 12

Automated error checks built into computer processing as well as segregation of duties such as controlling programmers’ access to files and records. They check that data processing tasks are accurate, complete, and valid.

Question 13

Residual risk

Answer 13

The risk remaining after management takes action to reduce the impact and likelihood of an adverse event, including control activities in responding to a risk.

Question 14

Risk

Answer 14

The possibility of an event occurring that will have an impact on the achievement of objectives; measured in terms of impact and likelihood.

Question 15

Risk analysis

Answer 15

The identification of risk, the measurement of risk, and the process of prioritizing risk or selecting alternatives based on risk.

Question 16

Risk appetite

Answer 16

The amount of risk an organization is willing to accept in pursuit of value.

Question 17

Risk assessment

Answer 17

The identification of risk, the measurement of risk, and the process of prioritizing risk (considering likelihood and impact) or selecting alternatives based on risk.