1. Which of the following statements correctly describes why internal auditors are well positioned to coach management on responding to risk?

a. Internal audit may have been responsible for identifying the management's current response to risk is an area of weakness within the risk management framework

 

b. Internal audit's analytical training and audit experience enable it to find solutions for weak systems or controls

 

c. Internal audit has appropriate experience and skill set in governance and risk management to teach management about the areas in ERM that are not working and need improvement

 

d. Internal auditors are accustomed to dealing with confidential matters and thus provide a safe environment in which a client can talk about all matters of concern without fear of repercussion

 

2.  Which of the following is not a benefit of risk mapping and prioritization?

a. The results help an enterprise to communicate better its risk aggregated risk profile to key external stakeholders

 

b. Risk maps are key graphical representations of the variance in risk appetites across different divisions within an organization

 

c. Ranking risks by their level of severity helps an organization determine the optimal allocation of resources devoted to risk response or treatment

 

d. Helping the enterprise identify how certain risks can offset other risks to ensure that the enterprise maintains an overall risk profile that remains within risk capacity

 

3. Following COSO Framework, the board's responsibilities for effective reporting of risks should include which of the following?

a. Inserting specific engagements relating to risk management into the annual audit plan

b. Assuring success in management of key risks

c. Selecting the specific techniques regarding event identification to be considered in the risk management process

d. Regularly reviewing the key risks against risk appetite