9. Which of the following is not a step that a CAE would perform in assurance mapping?

a. Ensure that the internal auditors are the only source from which the board will see assurance

b. Identify which of the risk management activities and residual risks fall within Kipper's risk appetite

c. Identify which assurance providers are responsible for assessing the risks or control activities tied to each risk

d. Provide assurance across the entire enterprise and its operations after considering the coverage by all assurance providers

 

 

10. Some companies are not mature in identifying risks that will prevent them from meeting their strategic objectives. What is not a way that ERM can help with achieving strategic objectives?

a. Companies should make a list of all their risks and assign ownership to a department that can routinely monitor and manage them

b. With proper internal controls, companies have reasonable assurance that risk management is working effectively, which provides a continuous basis for achieving objectives at all levels

c. ERM can help companies achieve objectives by assigning priorities and resources that help achieve operational objectives, which push the strategy forward

d. Once the ERM vision and the related goals and objectives are articulated, management can conduct a risk assessment to decide how to manage the risks to achieving the goals across all levels of the organization

 

 

11.  Aces & Queens, a talent and model agency that has experienced steady growth for a decade, gathers its staff together for a control risk self-assessment (CRSA) and identifies top concerns. Which of the risks represents a potential single point of failure?

a. Effects of the economy on each business sector they serve

b. High staff turnover. Only the CEO and the award-winning creative director have been with the firm since inception

c. Heavy reliance "legacy" on former clients rather than cultivating new clients

d. The firm's new focus on a global, rather than a regional, market