Which of the following descriptions of the internal control system are indicators that risks are managed effectively?
1) Existing controls promote compliance with applicable laws and regulations.
2) The control environment is designed to address all identified risks to the organization.
3) Key controls for significant risks to the organization remain consistent over time.
4) Monitoring systems are in place to alert management to unexpected events.

• A.2 and 4.
• B.1 and 4.
• C.1 and 3.
• D.2 and 3.

Comment: *

Name: *

Email: *

Verification: *

Which mindset promotes the most comprehensive risk management strategy?

• A.Improve operational efficiency.
• B.Maximize market share.
• C.Mitigate losses.
• D.Increase shareholder value.

Comment: *

Name: *

Email: *

Verification: *

Which of the following statements is correct regarding risk analysis?

• A.The highest risk assessment should always be assigned to the area with the highest probability of occurrence.
• B.The highest risk assessment should always be assigned to the area with the largest potential loss.
• C.Risk analysis must be reduced to quantitative terms in order to provide meaningful comparisons across an organization.
• D.The extent to which management judgments are required in an area could serve as a risk factor in assisting the auditor in making a comparative risk analysis.

Comment: *

Name: *

Email: *

Verification: *

Which of the following statements is true regarding outsourced business processes?

• A.Outsourced business processes should not be considered in the internal audit universe because the controls are owned by the external service provider.
• B.The system of internal controls may be better and more efficient when the business process is
• C.The key controls of outsourced business processes typically are more difficult to audit because they are designed and managed externally.
• D.Generally, independence is improved when the internal audit activity reviews outsourced business processes.

Comment: *

Name: *

Email: *

Verification: *

Which of the following cybersecurity-related activities is most likely to be performed by the second line of defense?

• A.Deploy intrusion detection systems and conduct penetration testing
• B.implement vulnerability management with internal and external scans.
• C.Administer security procedures, training, and testing.
• D.Monitor incidents, key risk indicators, and remediation

Comment: *

Name: *

Email: *

Verification: *