Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

CIMA > P3 > Flashcards

P3 Flashcards

1
Q

Risk Management Cycle

A

Establish risk management group & set goals THEN

  1. identify risk areas
  2. measure - assess scale of risk
  3. manage - risk response strategy, implemt strategy & allocate responsibilities, monitor controls
  4. review & refine process
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

COSO ERM Framework - 8 components to managing risk (2003 version)

A
  1. internal environment
  2. Objective setting
  3. Event identification
  4. Risk assessment
  5. Risk response
  6. Control activities
  7. Information & communication
  8. Monitoring
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

COSO 1992 version

A
  1. control environment
  2. Risk assessment
  3. Control activities
  4. information & communication
  5. Monitoring
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Risk appetite =
Risk capacity =
Risk attitude =
Residual risk =

A

Risk appetite = amount willing to accept
Risk capacity = amount can bear
Risk attitude = approach e.g. seeking/averse
Residual risk = risk remaining after controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

VAR =

A

VAR = Standard deviation x Z score x sq. root no. days

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Z scores

95% =

99% =

A

95% = 1.645
99% =2.33

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Economy =
Effectiveness =
Efficiency =

A

Economy = inputs
Effectiveness = outputs
Efficiency = inputs/outputs relationship

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Scenario Planning (7 stages)

A
  1. high impact, high uncertainty factors
  2. identify possible futures
  3. cluster factors to identify consistent futures
  4. write scenarios
  5. identify courses of action
  6. monitor reality
  7. revise as needed
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

5 key principles to UK corporate governance code:

A
  1. board leadership & company purpose
  2. division of responsibilities
  3. composition, succession & evaluation
  4. audit, risk & internal control
  5. remuneration
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

composition of (no. INEDs)

whole board
nomination committee
remuneration committee
audit committee

A

whole board = 50% INEDs
nomination committee = 50% INEDs
remuneration committee = 100% INEDs
audit committee = 100% INEDs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

A director IS NOT independent if: (6)

A
  • employee in last 5 yrs
  • significant shareholder
  • close family ties
  • receive other pay/benefits
  • business relationship
  • on board >9yrs
    Note: rigorous review after 6 yrs to ensure independence
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Control environment =

A

managements attitudes, actions and awareness of the need for internal controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

COSO 5 integrated elements for effective internal control:

A

Control environment (tone at the top)
Risk assessment
Control Activities
Information & communication
Monitoring

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

INTERNAL AUDIT

Required by:

Appointed by:

Reports to:

Reports on:

Opinions on:

Scope of assignment:

A

test & evaluate controls, special investigations, contribute to risk identification

Required by: management

Appointed by: audit committee

Reports to: audit committee

Reports on: internal controls

Opinions on: adequacy of control

Scope of assignment: prescribed by audit committee

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

The need for internal audit (3 reasons)

A
  1. size e.g. complex activities, no. employees
  2. Changes e.g. org structure, key risks
  3. Something has gone wrong
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Internal audit attribute standards (3)

A

Independence (from executive management)
Objectivity
Professional care

17
Q

Internal audit performance standards (6)

A

Manage internal audit
Risk management
Control (evaluate & maintain)
Governance (assess)
Internal audit work
Communicate results

18
Q

3 types of audit risk

A

Inherent Risk - when no controls in place
Control Risk - controls not sufficient
Detection Risk - Auditors fail to detect

Note: if you can’t control or detect it then it must be inherent!

19
Q

Types of Malware

Ransomware

Botnets

Spyware

Trojans

Malvertising

Viruses

A

Ransomware - ‘kidnaps ‘’ data until paid

Botnets - attacker controls infected computers

Spyware - spys on victim & reports back

Trojans - poses as something else

Malvertising - malicious software written into advert

Viruses - replicates & spreads

20
Q

Application Attacks:

Denial of Service (DoS)

Distributed denial of service (DDoS)

Structured Query Language (SQL)

Cross Site Scripting (XSS)

Man in the middle

Buffer Overflow

A

Denial of Service (DoS) - overwhelm app to prevent it working

Distributed denial of service (DDoS) - as above on mass

Structured Query Language (SQL) - unprotected input boxes

Cross Site Scripting (XSS) - malicious code from website

Man in the middle - intercepting

Buffer Overflow - attack & data overwritten

21
Q

3 Cyber security objectives (AIC Triad)

A

Integrity
Confidentiality
Availability

22
Q

Penetration Testing Types (4)

A

simulated phishing
web applications
internal network
Wireless network

23
Q

NIST Framework Core Activities

A

Identify, Protect, Detect, Respond, Recover

24
Q

Digital Resilience: 6 Actions

A

Identify all issues
Aim to well-defined target
How best to deliver new system
Establish risk/resource trade offs
A plan that aligns to business & tech
Ensure sustained business engagement

25
Q

COSO (2017 version)
(integrating strategy with performance!)

A

Governance & culture
strategy & objective setting
performance
review & revision
Info, communication & reporting

26
Q

Good control environment

A

no blame culture
Training
encourage reporting
‘tone at the top’

27
Q

CIMA picks out 5 specific threats to self-interest:

A
  1. Holding a financial interest in/receiving a loan from the org
  2. Participating in incentive compensation arrangements
  3. Inappropriate use of corporate assets
  4. Concern over employment security
  5. Commercial pressure from outside of the org
28
Q

A fraud response plan should include: (8)

A

Purpose of the fraud response plan

Corporate policy

Definition of fraud

Roles and responsibilities

The response

The investigation

Organisation’s objectives with respect to fraud

Follow up action

29
Q

Audit risk affected by…(3 other risk types)

A

Inherent risk = an amount in the financial statements (for an asset or liability, or a transaction) might be stated as a materially incorrect amount, ignoring the existence of existing internal controls.

Control risk = the existing controls are not sufficient to prevent or detect a material misstatement of a value in the financial statements, use of computerised (or digital) controls may give the auditors more confidence in the controls (or potentially less confidence if the computer system is poor).

Detection risk = the auditors’ substantive tests will not reveal a materially incorrect amount in the financial statements, if such an error exists. The use of technology and algorithms to assist with this has led to concerns over automation bias. Automation bias is where the data used to train the algorithm is flawed and leads the algorithm to be biased.

Audit risk will be affected by changes in any of the three above risks including inherent risk.

CIMA (12 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions