Enterprise Risk Management (Help From An Experienced Auditor)

Please see the attached multi-choice questions.

Enterprise Risk Management

Connect with a professional writer in 5 simple steps

Please provide as many details about your writing struggle as possible

Academic level of your paper

Type of Paper

When is it due?

How many pages is this assigment?


Which two concepts are included in organization’s risk profile?


a) Risk and performance

b) Risk and rewards

c) Strategy and performance

d) Strategy and rewards


L.L. Bean states, “sell good merchandise at a reasonable profit, treat your customers like human beings, and they will always come back for more.” What is this an example of?


a) Vision

b) Mission

c) Outlook

d) Core values


An entity has recently completed the initial development of its risk profile. If the entity seeks to not change the risk curve but, instead, sets the target higher, which identifies the appropriate risk response?


a) Reduce

b) Avoid

c) Accept

d) Pursue


An organization is more likely to have lower costs if it does what with respect to its ERM process?


a) Layers is on to existing operational and other ERM procedures

b) Captures large amounts of performance data

c) Integrates it into daily tasks

d) Implements additional key controls


Risk profiles generally tend upwards, and influence business objectives, following industry sector trends as notes in each of the following except:


a) Recruitment of specialist resources: As entities pursue increasingly niche products or markets, attracting and retaining expertise and experience in their workforces becomes more challenging.

b) Funding for capital works and improvements: In liquid markets, where consumer confidence is high, the capacity of an entity’s ability to secure funding for capital works, projects, or initiatives increases.

c) Oil and gas exploration: As exploration efforts for new oil and gas reserves target increasingly remote and inaccessible areas, oil and gas companies likely face greater amounts of risk in an effort to locate resources.

d) Transportation and logistics: As the number of location or volume of goods increase, the size of the transportation fleet and complexity of operations grows.



An entity who has recently applied the ERM framework has completed the development of its risk profile. Which risk response would be appropriate if the entity wants to change the height and shape of the risk curve?


a) Avoid

b) Reduce

c) Accept

d) Pursue


Which component if ERM aligns with business objective formulation?


a) Review and revision

b) Strategy and objective setting

c) Performance

d) Governance and culture


Which ERM component forms a basis for all other components of ERM?


a) Review and revision

b) Strategy and objective setting

c) Performance

d) Governance and culture


Which of these terms provide guidance on the practices as organization is encouraged to pursue and sets the range of appropriate practices?


a) Risk appetite

b) Risk maintenance

c) Risk adherence

d) Risk mitigation


ERM practices help an organization identify, prioritize, and focus on those areas that may present the creation of:


a) Profit

b) Value

c) Goodwill

d) Cash flows


Which does NOT represent a benefit of ERM?


a) Improves resource deployment

b) Reduces performance variability

c) Increases the range of investment opportunities







An entity wants to instill more transparency and risk awareness into its culture. Which would NOT be a recommended action for the entity to perform?


a) Communicate roles and responsibilities for the achievement of strategy.

b) Ensure that a strategy is developed prior to the creation of a mission.

c) Implement forums or other mechanisms for sharing information.

d) Develop and share a strong understanding of the drivers of value creation.


Which most appropriately identifies what management should consider when evaluating potential risks that may arise from strategy?


a) Financial statement impacts

b) Alternative strategies

c) Cor values

d) Critical assumptions


Defining an entity’s risk appetite and formulating business objective should be performed within which ERM component?


a) Review and revision

b) Information, communication & reporting

c) Governance and culture

d) Strategy and objective setting




With respect to the principle of attracting, developing, and retaining capable individuals, which should an entity avoid in order to build human capital alignment


a) Developing contingency plans for assigning responsibility important to ERM.

b) Promptly addressing behavior inconsistent with the standards of conduct.

c) Providing non-monetary incentives to motivate individuals with respect to their performance.

d) Creating an imbalance between rewards and short-term financial performance.


Which type of individual would NOT make an effective board member?


a) One who possesses the collective skills, experience, and business knowledge to understand organizational risks.

b) One who knows the history of the organization as a result of being a former employee.

c) One who understands how integrating ERM capabilities and practices will enhance value.

d) One who understands organizational biases and challenges management to overcome them.


At all levels, an entity’s culture is developed and shaped by:


a) People

b) Process

c) Technology

d) Strategy


An entity is currently assessing the principle of establishing operating structures within the governance and culture component of its new erm process. In this regard, which procedure would be recommended in order to enhance risk-based decisions?


a) Create performance targets in incentivize key employees.

b) Increase the importance of tone at the top from key executives.

c) Provide guidance on an individual’s performance regarding standards of conduct.

d) Delegate responsibility only to the extent required to achieve business objectives.


Abacus, Inc. an automobile parts supplier, hired a new CEO after the previous CEO suddenly retired due to health issues. Because the new CEO came from the hotel industry, his contemplated strategy did not adequately support the entity’s mission and vision. According to the ERM framework, the biggest threat to Abacus, Inc. is value destruction. Why?


a) Because of the lack of relevant industry experience in the new CEO.

b) Because CEOs should not be switched out abruptly.

c) Because the retiring CEO’s strategy was far superior to the new CEO’s strategy.

d) Because of the lack of alignment between CEO strategy and entity mission and vision.


A client has recently begun implementing a new ERM process. Which would be a helpful recommendation to assist the client in embracing a risk-aware culture?


a) Limiting accountability to severe actions.

b) Incorporating various stakeholders in key decisions.

c) Employing a participative management style.

d) Aligning risk-aware behavior with internal controls.


An entity should seek to encourage risk-aware behavior in employees. The characteristics of such an entity include:


a) Emphasizing the achievement of business objectives over the management of risk.

b) Encouraging the transparent and timely flow of risk information.

c) Being quick to assign blame when misconduct is detected.

d) Populating the board with members of key management who understand company risk.


Which is NOT an aspect of a risk-aware culture?


a) Addressing risk consistently when making key business decisions.

b) Documentation of and adherence to policies of accountability.

c) Allowing departmental managers to set the organization’s risk appetite.

d) Remuneration and incentive programs tied to expected behaviors.


According to the ERM framework, what is the overall objective of organizational culture?


a) To encourage behaviors that align with the company’s core values.

b) To emphasize compliance with written policy and procedures.

c) To encourage individual managers to set their own risk appetites.

d) To reduce the opportunity for judgement for low level managers.






A university accepts a moderate risk appetite as it seeks to expand the scope of its offerings and will explore opportunities to attract new students. If the university will not accept programs that present severe risks to the university mission and vision


a) Range

b) Ceiling

c) Floor

d) Target


Which is correct about a company seeking to create sustainable profits?


a) It must embrace naturally occurring bias when evaluating alternatives.

b) It must first allocate resources to the riskiest alternatives.

c) It must focus on results that appeal to shareholders and investors.

d) It must align its strategy with its core values and risk appetite.



Healthy Foods International is a provider of healthy organic foods from locally sourced ingredients. Based on this, which statement communicates risk appetite related to the company’s strategy instead of a business objective?


a) We have a lower risk appetite for making any decisions that challenge our brand and will not make decisions that put cost above our core values, product quality, or ingredient choice.

b) We have a lower risk appetite relating to decisions affecting our retail presence.

c) We understand that a focus on innovation and new tastes has more moderate risk profile and will manage the risk and will manage the risk of failing to develop new tastes our customers desire will the opportunity to enhance our product offerings.

d) We will not make decisions that compromise our brand by using products that are not certified organic.


Goatherd, Inc.’s board of directors is schedule to meet to discuss high-level concepts such as risk capacity and risk capacity and risk appetite. During their discussions, they must consider risk capacity when setting risk appetite because:


a) Risk appetite may exceed risk capacity

b) Risk appetite typically falls within risk capacity

c) Risk appetite and risk tolerance cannot exceed risk capacity

d) Risk appetite determines risk tolerance









Mr. Gabriello, newly appointed Chief Risk Officer (CRO) of Golden Nugget, Inc., a precious metals company in the extractive industry, has just finished reading the updated 2017 COSO ERM Framework. As part of identifying and assessing risk that may affect an entity’s ability to achieve its strategy and business objectives (performance), what should Mr. Gabriello be doing?


a) Evaluating risk avoidance and risk-sharing alternatives.

b) Benchmarking technology implementation and integration efforts.

c) Risk ranking and prioritization of assessed risks.

d) Environmental scanning to understand risk landscape.


In relation to an entity’s risk appetite, which term applies in the implementation of a strategy, aids in decision-making and evaluation, and ties strategy to measures?


a) Milestones

b) Tolerance

c) Triggers

d) Indicators


What is the result if an entity’s risk capacity significantly exceeds its risk appetite?


a) The entity may lose opportunities to add value.

b) The entity will position its risk profile as a constraint on performance.


Company XYZ is in the process of identifying the risk related to the organization. if the company seeks to collect and analyze large amounts of data to detect future trends and meaningful insights, then which approach for identifying risks should be applied?


a) Interviews

b) Key indicators

c) Process analysis

d) Cognitive computing


All are useful approaches to identifying emerging risks EXCEPT:


a) Interviews

b) Process analysis

c) Workshops

d) Cognitive computing


Company ABC is currently performing a detailed risk assessment to assess the severity of risk that it faces. Which assessment approach would you recommend if the company wishes to estimate the impact of events without quantifying an associated likelihood on a business objective?


a) Operational loss distributions

b) Sensitivity analysis

c) Cash flow at risk

d) Value at risk


When using a heat map to depict assessment results, a risk-averse entity will code more squares what color compared to risk-aggressive entities?


a) Green

b) Red

c) Black

d) White


Which is NOT correct with respect to identifying risk?


a) The organization undertakes risk identification activities to establish and inventory risks and confirm existing risks as still relevant.

b) Identifying new and emerging risks allows the organization to look to the future and allows time to assess the potential severity of the risks.

c) The organization identifies new, emerging, and changing risks to the achievement of strategy and business objectives.

d) How often an organization confirms the completeness of its risk inventory depends on how frequently strategy and business objectives change.


Risks associated with changing commodity prices may need to be assessed daily, but risks associated with changing demographics or market tastes for new products may need to be assessed only annually. The triggers for such periodic risk assessments are based on:


a) Loss exposure levels

b) Market volatility

c) Velocity of risk

d) Risk profile


Which term identifies the amount of risk that an entity prefers to assume in the pursuit of its strategy and business objectives?


a) Incremental risk

b) Inherent risk

c) Target residual risk

d) Actual residual risk


Gazebo, Inc., a tourist operator and guide in several attractive locations such as Hawaii and Alaska, has decided to start a new passenger cruise shipping line. Now that the business strategy has been set, the next step is for executive management and the board to focus on;


a) Identifying risk universe applicable to this decision context

b) Assessing the non-linear relationship between risk and performance

c) Mapping out the risk appetite and risk capacity

d) Understanding the current risk profile for that chosen strategy





Alpha Company, Inc. is in the process of developing a portfolio view of its risks. Currently, the focus of this development has shifted to business objectives and the risks that align with those objectives. In this situation, which level of integration has the company reached?


a) Partial integration

b) Full integration

c) Minimal integration

d) Limited integration


Henns Pharma, a large pharmaceutical company, has a well-developed risk-aware culture but uses some stand-alone monitoring and reporting practices that are required by its regulators. When the company’s personnel identify deviations in performance, to better understand and assess the potential effect on the risk profile without relying on a stand-alone assessment program, they may improve the ERM process by:


a) Achieving full compliance with regulatory compliance requirements.

b) Fully integrating ERM with entity characteristics and capabilities.

c) Monitoring risks of the stand-alone program indirectly.

d) Benchmarking against pharma industry ERM performance.


If an organization determines that performance doe not fall within its acceptable variation, what would the organization do, considering ERM Framework?


a) Re-assess the severity of risk impacts.

b) Review business objectives.

c) Re-assess the impacts from lack of performance.

d) Implement additional internal control procedures.


If an organization determines that performance does not all within its acceptable variation, the extent of any corrective actions must align with:


a) Existing technology and infrastructure.

b) Existing ERM practices.

c) The cost and benefits associated with altering risk responses.

d) Current business objectives.


Brass Case Holdings has determined that its performance has resulted in a significant deviation from its expected risk profile. In this situation, what would be an appropriate recommendation in terms of next steps for the company?


a) Implement additional internal controls.

b) Modify its operating performance metrics.

c) Review its strategy.

d) Increase its risk tolerance.






JamCo wants to determine whether it is operating within industry performance boundaries. Which approach would best determine this?


a) Change analysis

b) Peer comparison

c) Technological evaluation

d) Revised risk evaluation


Which change is NOT likely to substantially affect strategy and business objectives?


a) A change leadership through internal promotion.

b) Changing regulatory or economic environment.

c) Rapid growth in business operations.

d) Innovative technology used in decision-making.


Which is an example of insufficient risk being taken in support of the achievement of target growth?


a) Management monitors key metrics and investigates unfavorable variances.

b) Delays due to additional regulations have materialized.

c) Less than projected growth is still within the range of acceptable performance.

d) Planning and logistics teams are operating below capacity.


Steel Case Enterprises is reviewing its ERM system. Which response is most appropriate if management determines that the market is performing well and is less than volatile that originally thought?


a) Increase its risk appetite for certain future initiatives

b) Revise overall strategy

c) Realign the responsibility for ERM

d) Revise risk categories


Which question would an organization NOT seek to answer by reviewing performance?


a) What risks may be affecting performance?

b) Has the entity performed as expected and achieved its target?

c) How should products be modified to incorporate new technology?

d) Was the entity taking enough risk to attain its target?


Which type of reporting outlines the severity of risks at the entity level that may affect the achievement of strategy and business objectives?


a) Key performance indicators

b) Portfolio view of risk

c) Sensitivity analysis

d) Analysis of roots causes





RFM, Inc. is a consumer retailer that has equipped its management team to gather insights about consumers through social media, such as purchasing behavior, including historical patterns and preferences. The insights cane be used to reduce the risk of over-or-under-stocking inventory, as they provide management with a better view of the right inventory levels. This improved inventory management reduces operational and resource costs and enhances the customer experience. RFM, In. has probably deployed:


a) End-to-end data warehousing

b) Periodic customer satisfaction surveys

c) Advanced inventory management techniques

d) Artificial intelligence applications


Which is NOT correct regarding evolving information trends?


a) Unstructured data exceeds the amounts of structured data available to the organization

b) Data analytics do not allow management greater insight but, rather, more timely decisions

c) Data transformed into information may come from structured and unstructured sources

d) Advances in cognitive computing can convert unstructured data into useful information


Which example of data is considered a structured source?


a) Manufacture reports

b) Debt agreement

c) Email

d) Meeting minutes


The frequency of reporting should be commensurate with the:


a) Medium of communications used, for example, intranet or internet.

b) Expectations of the general counsel

c) Severity and priority of the risk

d) Scheduled periodic meetings with the CEO


Archer Metals is in the process of identifying reports for use in its ERM. What should the reports developed for its board of directors NOT focus on?


a) Day-to-day operations

b) Strategy setting

c) Budgeting

d) Risk appetite


Edwards Manufacturing, Inc. is developing risk reports related to its new ERM process. If the entity seeks to outline the severity of risks at different levels within the entity, then which type of risk reporting is recommended for development?


a) Profile view of risk.

b) Key performance indicators.

c) Trend analysis.

d) Sensitivity analysis.


Owens Paint, Inc. has recently placed an increased emphasis on risk reporting with respect to its ERM process. If the entity wants to outline the entity’s risk tolerance and potential risk to a strategy or business objective, then which type of work reporting should be deployed?


a) Trend analysis.

b) Key performance indicators.

c) Regression analysis.

d) Root causes analysis.


Strategy and business objectives should be communicated to which parties?


a) All levels of management and those individuals interacting with external stakeholders.

b) Upper and lower levels of management.

c) All entity personnel at all levels.

d) Upper management only.