Internal Control And Risk Management Framework

Question 1

Why should the company have a reliable and effective internal control system and enterprise risk management framework?

Answer 1

To ensure the integrity, transparency, and proper governance in the conduct of its affairs.

Question 2

What should be considered when have an adequate and effective internal control system and enterprise risk management framework?

Answer 2

Size
Risk Profile
Complexity of Operations

Question 3

What should the Company have that provides an independent and objective assurance and consulting services?

Answer 3

Independent Internal Audit Function

Question 4

According to the function of internal audit, to whom should an independent risk-based assurance be provided?

Answer 4

The Board, Audit Committee, and Management

Question 5

According to the function of internal audit, what kind of service should be provided to the Board, Audit Committee, and Management?

Answer 5

an independent risk-based assurance service

Question 6

According to the function of internal audit, what should be the focus of the independent risk-based assurance service?

Answer 6

Focused on reviewing the effectiveness of the governance and control processes in:
* promoting the right values and ethics
* ensuring effective performance management and accounting in the organization
* communicating risk and control information
* coordinating the activities and information among the Board, internal and external auditors, and Management

Question 7

According to the function of internal audit, what kind of audit are contained in the annual audit plan and/or based on the Company’s risk assessment?

Answer 7

Regular and Special audit

Question 8

According to the function of internal audit, it performs regular and special audits as contained and/or based on what?

Answer 8

As contained in the annual audit plan
Based on the Company’s risk assessment

Question 9

According to the function of internal audit, what kind of services are performed related to governance and control as appropriate for the organization?

Answer 9

Consulting and Advisory Services

Question 10

According to the function of internal audit, performing consulting and advisory services are related to what?

Answer 10

Governance and Control

Question 11

What are the functions of the internal audit?

Answer 11

• Provides an independent risk-based assurance service
• Reviews, audits, and assesses the efficiency and effectiveness of the internal control system
• Evaluates operations or programs to ascertain which are consistent with the ebjectives
• Performs: regular and special audit; consulting and advisory services; compliance audit of relevant laws
• Evaluates specific operations at request
• Monitors and evaluates governance processes

Question 12

Who appoints the Chief Audit Executive?

Answer 12

the Board

Question 13

Who shall oversee and be responsible for the internal audit activity of the organization?

Answer 13

Chief Audit Executive (CAE)

Question 14

It is the process designed and effected by those charged with governance, management, and other personnel to provide reasonable assurance about the achievement of the entity’s objectives.

Answer 14

Internal Control

Question 15

What are the three objectives of Internal Control?

Answer 15

Reliability of the entity’s financial reporting
Effectiveness and efficiency of operations
Compliance with applicable laws and regulations

Question 16

CECIM

What are the elements of control?

Answer 16

Control Environment
Entity’s risk assessment process
Control Activities
Information system, business processes, financial reporting, and communications
Monitoring of controls

Question 17

Why should a Company have a separate risk management function?

Answer 17

To identify, assess, and monitor key risk exposures.

Question 18

Who is the ultimate champion of Enterprise Risk Management (ERM) and has adequate authority, stature, resources, and support to fulfill his/her responsibilities?

Answer 18

Chief Risk Officer (CRO)

Question 19

What are the functions of the CRO?

Answer 19

• Supervises the entire ERM process and spearheads the Development, Implementation, Maintenance and continuous improvement of the ERM process, and Documentation (DIMD)
• Communicates the top risks and the status of implementation to the Board Risk Oversight Committee (BROC)
• Collaborates with the CEO in updating and making recommendations
• Suggests ERM policies and related guidance
• Provide insights whether:
• Risk management processes are performing
• Risk measures reported are continuously reviewed
• Established risk policies and procedures are complied

Question 20

It is the process of measuring or assessing risks and developing strategies to manage it.

Answer 20

Risk Management

Question 21

It is a systematic approach in identifying, analyzing, and controlling areas or events with the potential for unwanted change.

Answer 21

Risk Management

Question 22

CABBCB

Principles of Risk Management

Answer 22

Create Value
Address uncertainty and assumptions
Be an integral part of the organizational processes and decision making
Be dynamic, iterative, transparent, tailorable, and responsive to change
Create capability and continual improvement enhancement, considering the best available information and the human factor
Be systematic, structured and continually or periodically reassessed

Question 23

EIR

Process of Risk Management

Answer 23

Establishing the context/coverage
Identification of Potential Risks
Risk Assessment

Question 24

IADIP

Elements of Risk Management

Answer 24

Identification, characterization, and assessment of threats
Assessment of the vulnerability of critical assets to specific threats
Determination of risk
Identification of ways to reduce those risks
Prioritization of risk reduction measures based on a strategy

Question 25

In the elements of risk, what are the examples given in the determination of risk?

Answer 25

The expected likelihood, consequence of specific types of attacks on a particular asset

Question 26

DICEDE

What are the activities involved in the risk management function?

Answer 26

Defining a risk management strategy
Identifying and analyzing key risks exposures relating to EESG factors and the achievement of the organization’s strategic objectives
Communicating and reporting significant risk exposures
Evaluating and categorizing each identified risk using the company’s predefined risk categories and parameters
Developing a risk mitigation plan for the most important risks
Establishing a risk register with clearly defined, prioritized and residual risks

Question 27

In the involved activity in the risk management function, what is used when evaluating and categorizing each identified risk?

Answer 27

Using the company’s predefined risk categories and parameters

Question 28

In the involved activity in the risk management function, a risk register is established with what?

Answer 28

With clearly defined, prioritized and residual risks

Question 29

In the involved activity in the risk management function, a risk mitigation plan is developed for what?

Answer 29

For most important risks to the company

Question 30

In the involved activity in the risk management function, a risk mitigation plan is developed for the most important risks to the company as defined by what?

Answer 30

By the risk management strategy

Question 31

In the involved activity in the risk management function, what are the significant risk exposures that are communicated and reported?

Answer 31

• Business risks
• Control Issues
• Risk Mitigation Plan

Question 32

In the involved activity in the risk management function, to whom should the significant risk exposures be communicated and reported?

Answer 32

To the Board Risk Oversight Committee

Question 33

In the involved activity in the risk management function, what are the examples of business risks?

Answer 33

• Strategic risk
• Compliance risk
• Operational risk
• Financial risk
• Reputational risk