Examen Risk management and control

42 MPC

Make sure you know the different definitions of risk and ERM by ISO, COSO 2004, 2017 because questions are “Which of the following is not emphasised in ‘that specific definition’?” Make sure you know difference of external audit and internal audit, to who they report, ... What can compromise the independence of the internal auditor? a. evaluating the effectiveness of internal controls b. suggesting internal controls to implement c. managing the risks

Questions on Basel What is the loss given default if a customer default on a 100 000 loan and the bank can sell it for 90000? a. 10% b. 11,1% c. 90% d. you can’t calculate it

Make sure you know the 3 dimensions of the COSO Cube Especially questions on the 2nd dimension: Internal environment, Objective setting, Event identification, Risk assessment, Risk response, Control activities, Information and

communication, Monitoring

Know the definitions of independent overseer/facilitator/business partner

What is risk protocol?

a. guidelines and procedures b. ...

What is the definition of operational risk according to Basel?

Specific question on financial risk (market and credit risk)

Which type of control is both pre and post event?

a. detective b. directive c. corrective d. preventive

One way for a company to manage its risk in relation to its employees' workplace behavior is by A. allowing employees to view all company records. B. providing employees with the flexibility to change company policies. C. encouraging employees to report workplace misconduct.

D. permitting employees to use company resources for personal use.

Which is not 1 of the 4 pillars of corporate governance?

which is not one of the 5 principles of CobIT?

statements on risk appetite

A. should be stated with certain precision B. amount of risk an entity is willing to accept in pursuit of strategy and objectives C. ….

Which is not a step of the risk management process (8 R’s)?

IT system risk is most likely

a. internally driven infrastructure risk b. internally driven reputational risk c. externally driven infrastructure risk d. externally driven reputational risk

which is most likely true: a. internal audit is 3rd line of defence b. internal control is 2nd line of defence c. external control is 3rd line of defence

Which is false

a. ERM links strategy and risk b. ERM links growth, risk and return c. ERM is cross-entity d. ERM ...

3 essay questions: 1. you organise a BBQ party for your friends. What are the risks that can occur?

• fill in the boxes of the ISO 31000 model (all the boxes were blank and you had to fill in the steps

• explain all the steps in the ISO framework (alle boxes!), include both threats

and opportunities • make a risk register (template provided) • put the risk in the risk map (risk map provided)

2. Unpacking the ERM mix: which components + explain + Explain the Contingency Theory of Enterprise Risk Management according to Mikes and Kaplan 2014 (seen in

last class) 3. text on travel agency company. list 2 risks and discuss them briefly for every of the following categories

• environmental • political • financial • economic