Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CITP > Risk Assessment (a) > Flashcards

Risk Assessment (a) Flashcards

1
Q

Describe the 6 steps to an effective Risk Assessment:

A

6 R’s!

  1. Recognize
    - Use formal process to ID relevent, material risks that could adversely affect entity
  2. Rate
    - Assess level of risk for each individual risk ID’d and rate significance of impact
    - Significance can be high, medium or low impact or a percentage
  3. Rank
    - 2 methods to Rank:
    (a) Risk Score = Significance factor x likelihood
    (b) Plot in a Risk Scorecard
    - More efficient and effective application of risk assessment
  4. Respond
    - Develop responses and mitigating controls to higher risks
    - Link specific risk and assessed level of that risk (ex: take high-powered control to mitigate high risk)
  5. Report
    - Document via Risk Assessment Report
  6. Review
    - Regular review needed to monitor risks and mitigation effectiveness
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the 3 “COSO ERM Model” (Enterprise Risk Mgmt) Dimensions?

A
  1. Risk Components
  2. Risk Mgmt Objectives
  3. Entity/Unit Level Components
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Name the 8 “Risk Components” under the COSO ERM Model:

A

IO EAR CIM

(1) Internal Environment
(2) Objective Setting
(3) Event ID
(4) Risk Assessment
(5) Risk Response
(6) Control Activities
(7) Information and Communication
(8) Monitoring

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Name the 4 “Risk Mgmt Objectives” under the COSO ERM Model:

A

(1) Strategic
(2) Operations
(3) Reporting
(4) Compliance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Name the 4 “Entity/Unit Level Components” under the COSO ERM Model:

A

(1) Subsidiary
(2) Business Unit
(3) Division
(4) Entity Level

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Name the 3 Risk-Based Audit (RBA) Phases:

A

(1) Risk Assessment
- ID risks associated w/ financial reporting process
- Gather evidence about IT-related IR to make assessment on RMM
- Gather evidence about controls to assess level of CR
(2) Audit Planning
(3) Further Audit Procedures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Under a Risk-Based Audit (RBA), what is involved in the “Risk Assessment” Phase?

A

“Risk Assessment” 1 of 3 RBA Phases:

  • Risks associated w/ financial reporting process are ID’d here
  • Gather evidence about IT-related IR to make assessment on RMM
  • Gather evidence about controls to assess level of CR
  • Typically occur in last quarter of fiscal yr
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Under a Risk-Based Audit (RBA), what is involved in the “Further Audit Procedures” Phase?

A

“Further Audit Procedures” (FAP) 3 of 3 RBA Phase:

  • RBA standards require FAP developed from FS risk assessment, where FAP linked to specific risks
  • Level of substantive procedures (or other FAP) s/b appropriate for level of risk (high RMM, FAP needs more powerful (re-perform))
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Name 4 processes under the “IT Risk Assessment”:

A

(1) Applications
- Document key systems and apps
(2) Data Storage (Integrity, Security and Reliability)
- Databases and DBA
(3) Communications
(4) Data Transfers
- Special type of communications

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

CITP (29 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions