COSO Framework/Enterprise Risk Management MCQ
1. In the COSO enterprise risk management framework, the term risk tolerance refers to
A. The level of risk an organization is willing to accept.
B. The acceptable variation with respect to a particular objective.
C. The risk of an event after considering management’s response.
D. Events that require no risk response.
2. One of the financial statement auditor’s major concerns is to ascertain whether
internal control is designed to provide reasonable assurance that
A. Profit margins are maximized, and operational efficiency is optimized.
B. The chief accounting officer reviews all accounting transactions.
C. Corporate morale problems are addressed immediately and effectively.
D. Financial reporting is reliable.
3. Which of the following are considered control environment factors?
Detection Risk Personnel Policies and Practices
A. Yes Yes
B. Yes No
C. No Yes
D. No No
4. Basic to a proper control environment are the quality and integrity of personnel who
must perform the prescribed procedures. Which is not a factor in providing for
competent personnel?
A. Segregation of duties.
B. Hiring practices.
C. Training programs.
D. Performance evaluations.
5. Audit committees have been identified as a major factor in promoting the
independence of both internal and external auditors. Which of the following is the
most important limitation on the effectiveness of audit committees?
A. Audit committees may be composed of independent directors. However,
those directors may have close personal and professional friendships with
management.
B. Audit committee members are compensated by the organization and thus favor an
owner�s view.
C. Audit committees devote most of their efforts to external audit concerns and do not
pay much attention to the internal audit activity and the overall control environment.
D. Audit committee members do not normally have degrees in the accounting or
auditing fields.
6. The audit committee may serve several important purposes, some of which directly
benefit the internal audit activity. The most significant benefit provided by the audit
committee to the internal audit activity is
A. Protecting the independence of the internal audit activity from undue
management influence.
�B. Reviewing annual engagement work schedules and monitoring engagement results.
C. Approving engagement work schedules, scheduling, staffing, and meeting with the
internal auditors as needed.
D. Reviewing copies of the procedures manuals for selected organizational operations
and meeting with organizational officials to discuss them.
7. The COSO Enterprise Risk Management Integrated Framework stresses that
A. risk management activities are an inherent part of all business operations
and should be considered during strategy setting.
B. effective risk management is comprised of just three interrelated components;
internal environment, risk assessment, and control activities.
C. risk management is the sole responsibility of top management.
D. risk management policies, if enforced, guarantee achievement of corporate
objectives.
8. What is one reason why AIS threats are increasing?
A. LANs and client/server systems are easier to control than centralized, mainframe
systems.
B. Many companies do not realize that data security is crucial to their survival.
C. Computer control problems are often overestimated and overly emphasized by
management.
D. Many companies believe that protecting information is a strategic requirement.
9. Which of the following is an example of a preventive control?
A. approving customer credit prior to approving a sales order
B. reconciling the bank statement to the cash control account
C. counting inventory on hand and comparing counts to the perpetual inventory records
D. maintaining frequent backup records to prevent loss of data
10. Pam is a receptionist for Office Paper Co., which has strict corporate policies on
appropriate use of corporate resources. The first week of August, Pam saw Michael,
the branch manager, putting pencils, pens, erasers, paper and other supplies into his
briefcase on his way out the door. This situation best reflects a weakness in which
aspect of internal environment, as discussed in the COSO Enterprise Risk
Management Framework?
A. Integrity and ethical values
B. Risk management philosophy
C. Restrict access to assets
D. Methods of assigning authority and responsibility
