Which of the following will BEST support management reporting on risk?

• A.Key performance indicators (KPIs)
• B.Risk policy requirements
• C.A risk register
• D.Control self-assessment (CSA)

Comment: *

Name: *

Email: *

Verification: *

Which of the following BEST enables an organization to determine whether external emerging risk factors will impact the organization's risk profile?

• A.Prevention and detection techniques
• B.Control identification and mitigation
• C.Scenario analysis and stress testing
• D.Adoption of a compliance-based approach

Comment: *

Name: *

Email: *

Verification: *

Which of the following items is considered as an objective of the three dimensional model within the framework described in COSO ERM?

• A.Risk assessment
• B.Financial reporting
• C.Control environment
• D.Monitoring

Correct Answer: B

Explanation/Reference:
Explanation:
The COSO ERM (Enterprise Risk Management) frame work is a 3-dimensional model. The dimensions and their components include:
Strategic Objectives - includes strategic, operations, reporting, and compliance.

Risk Components - includes Internal Environment, Objectives settings, Event identification, Risk

assessment, Risk response, Control activities, Information and communication, and monitoring.
Organizational Levels - include subsidiary, business unit, division, and entity-level.

The COSO ERM framework contains eight risk components:
Internal Environment

Objective Settings

Event Identification

Risk Assessment

Risk Response

Control Activities

Information and Communication

Monitoring

Section 404 of the Sarbanes-Oley act specifies a three dimensional model- COSO ERM, comprised of Internal control components, Internal control objectives, and organization entities. All the items listed are components except Financial reporting which is an internal control objective.
Incorrect Answers:
A, C, D: They are the Internal control components, not the Internal control objectives.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the first MOST step in the risk assessment process?

• A.Identification of assets
• B.Identification of threats
• C.Identification of threat sources
• D.Identification of vulnerabilities

Comment: *

Name: *

Email: *

Verification: *

Which of the following BEST confirms the existence and operating effectiveness of information systems controls?

• A.Review of internal audit and third-party reports
• B.First-hand direct observation of the controls in operation
• C.Self-assessment questionnaires completed by management
• D.Management review and sign-off on system documentation

Comment: *

Name: *

Email: *

Verification: *