QUIZ CHAPTER 4

Select the best answer for each of the following questions.

1. According to COSO ERM, which of the following is not an inherent challenge that arises as part of
establishing strategy and business objectives?
a. Ensuring culture is clearly articulated by the board.
2. Which of the following external events will most likely impact a defense contractor that relies on
large government contracts for its success?
c. Political event.
3. Which of the following is not an example of a risk-sharing strategy?
b. Selling a nonstrategic business unit.
4. An organization tracks a website hosting anonymous blogs about its industry. Recently,
anonymous posts have focused on potential legislation that could have a dramatic effect on this
industry. Which of the following may create the greatest risk if this organization makes business
decisions based on the information contained on this website?
d. Accuracy and reliability of the information.
5. Which of the following risk management activities is out of sequence in terms of timing?
c. Determine key organizational objectives.
6. Who is responsible for implementing ERM?
d. Management throughout the organization.
7. Which of the following is not a potential value driver for implementing ERM?
a. Financial results will improve in the short run.
8. Which of the following is the best reason for the CAE to consider the organization’s strategic plan
in developing the annual internal audit plan?
d. To ensure that the internal audit plan supports the overall business objectives.
9. When senior management accepts a level of residual risk that the CAE believes is unacceptable
to the organization, the CAE should:
c. Discuss the matter with knowledgeable members of senior management and, if not resolved,
take it to the audit committee.
10. The CAE is asked to lead the enterprise risk assessment as part of an organization’s
implementation of ERM. Which of the following would not be relevant with respect to protecting
the internal audit function’s independence and the objectivity of its internal auditors?
d. The internal audit function obtains assistance from an outside consultant in the conduct of the
formal risk assessment session.
11. An internal audit engagement was included in the approved internal audit plan. This is
considered a moderately high-risk audit based on the internal audit function’s risk model. It is
currently on a two-year audit cycle. Which of the following will likely have the greatest impact on
the scope and approach of the internal audit engagement?
c. A new system was implemented during the year, which changed how the transactions are
processed.
12. When assessing the risk associated with an activity, an internal auditor should:
b. Provide assurance on the management of the risk.
13. One of the challenges of ERM in an organization that has a centralized structure is that:
a. It may be difficult to raise awareness of the impact of work actions on other employees or
work areas.
14. The function of the chief risk officer is most effective when he or she:
a. Manages risk as a member of senior management.
15. Enterprise risk management:
c. Involves the identification of events with negative impacts on business objectives.