A.  

The proficiency in building and maintaining relationships with partners and suppliers who must implement Perform actions and controls

B.  

The ability to quickly change direction in Perform actions and controls when things change

C.  

The capacity to innovate and develop new ways to implement Perform actions and controls

D.  

The capability to manage and resolve conflicts and disputes regarding Perform actions and controls

A.  

Level 1 – Initial

B.  

Level 2 – Managed

C.  

Level 3 – Consistent

D.  

Level 4 – Measured

A.  

It ensures policies and procedures meet regulatory standards

B.  

It ensures financial statements are accurate and free from misstatements

C.  

It helps identify and mitigate potential risks and threats to the organization

D.  

It verifies that what stakeholders believe is happening, is actually happening

A.  

It ensures that resources are available when opportunities to improve arise

B.  

It increases the organization’s profitability and revenue

C.  

It minimizes the risk of legal disputes and litigation

D.  

It reduces the need for external audits and assessments

A.  

Objectives drive the identification, analysis, and prioritization of opportunities, obstacles, and opportunities

B.  

Objectives determine the level of risk tolerance for the organization as it addresses opportunities and obstacles

C.  

Objectives outline the roles and responsibilities of employees in the alignment process

D.  

Objectives specify the types of software and technology the governing body wants to have used in the alignment process

A.  

Setting direction, setting objectives and indicators, identifying opportunities, aligning strategies, and managing systems

B.  

Planning for risks, identifying risks, assessing risks, addressing risks, measuring and monitoring risks, and using decision science

C.  

Identifying mandatory and voluntary obligations, assessing risk, setting policy, educating the workforce, and shaping ethical culture

D.  

Fostering creativity, encouraging innovation, facilitating brainstorming, supporting idea generation, and promoting design thinking

A.  

Assurance Objectivity and Assurance Competence

B.  

Assurance Transparency and Assurance Accountability

C.  

Assurance Consistency and Assurance Reliability

D.  

Assurance Efficiency and Assurance Effectiveness

A.  

The rate of return on investment and capital allocation

B.  

The quality of products and services offered to customers

C.  

The level of innovation and technological advancement

D.  

The negative, unfavorable effect of uncertainty on objectives

A.  

The Fifth Line, or the Governing Authority (Board).

B.  

The Second Line, or the individuals and teams that establish performance, risk, and compliance programs.

C.  

The First Line, or the individuals and teams involved in operational activities.

D.  

The Third Line, or the individuals and teams that provide assurance.

A.  

This inquiry prevents the need for employee surveys.

B.  

This inquiry eliminates the need to analyze information.

C.  

This inquiry focuses on unfavorable events.

D.  

This inquiry often provides information sooner than other methods.

A.  

Culture change requires long-term commitment, consistent modeling in both words and deeds, and reinforcement by leaders and the workforce.

B.  

Culture change is not necessary as long as the organization is meeting its financial targets.

C.  

Culture change can be achieved quickly through the implementation of new policies and procedures if there is adequate training provided.

D.  

Culture change is solely dependent on the decisions made by the executive leadership team and how they model desired behavior.

A.  

The mission states the organization’s purpose and direction, while the vision is an aspirational objective that states what the organization aspires to be.

B.  

The mission is determined by external stakeholders, while the vision is determined by internal stakeholders.

C.  

The mission is a short-term financial goal, while the vision is a long-term non-financial goal.

D.  

The mission is what a for-profit organization should have, while the vision is for non-profit organizations.

A.  

To reliably achieve objectives, address uncertainty, and act with integrity – to produce and preserve value simultaneously.

B.  

To maximize profits and minimize losses.

C.  

To ensure compliance with all legal requirements.

D.  

To eliminate all risks and uncertainties.

A.  

Noncompliance

B.  

Compliance

C.  

Violation

D.  

Deviation

A.  

To establish the organizational hierarchy for decision-making

B.  

To guide, constrain, and conscribe how opportunities, obstacles, and obligations are identified, categorized, and prioritized

C.  

To create a list of potential stakeholders for communication purposes

D.  

To determine the budget allocation for risk management activities

A.  

Allocating financial resources and evaluating their use to manage the organization’s budget better.

B.  

Providing the governing body with opinions on how well its objectives are being met based on expertise and experience.

C.  

Designing and monitoring the organization’s information technology systems to be accurate and reliable so management can be assured of meeting established objectives.

D.  

Objectively and competently evaluating subject matter to provide justified conclusions and confidence.

A.  

To determine the effectiveness of strategies

B.  

To identify opportunities for improvement

C.  

To assess the financial stability of the organization

D.  

To evaluate employee performance

A.  

External context includes the organization's risk management policies, while internal context includes its compliance procedures

B.  

External context represents the operating environment, while internal context represents capabilities and resources

C.  

External context refers to the organization's financial performance, while internal context refers to its governance structure

D.  

External context encompasses the organization's mission and vision, while internal context encompasses its values and culture

A.  

It enables the organization to decide it would rather bear the risk and cost of a compliance enforcement action than spend more money to ensure compliance.

B.  

It determines the number of employees to commit to any aspect of the design.

C.  

It provides insights into the preferences and behaviors of customers and clients.

D.  

It ensures that the costs do not outweigh the benefits of a design decision.

A.  

To promote transparency and accountability in the organization's decision-making processes.

B.  

To ensure that the organization's financial statements are accurate and reliable.

C.  

To provide sufficient information to assurance providers when management and governance actions and controls are not enough.

D.  

To establish a clear chain of command and reporting structure within the organization.

A.  

To eliminate the need for external audits.

B.  

To reduce the overall cost of operations.

C.  

To gauge the effectiveness, efficiency, responsiveness, and resilience of actions and controls.

D.  

To have documentation for use in defending against enforcement or legal actions.

A.  

The education program can quickly respond to changes and promptly detect and correct errors

B.  

The education program is formally documented and consistently managed to be efficient

C.  

The education program is resistant to disruptions and has backup plans that do not add an expense or need more resources than the original plans

D.  

The education program evaluates the cost of educating the workforce, assessing whether the cost per worker is going up or down, and comparing the cost to organizations of similar size

A.  

To make sense of the changes that are tracked in the external context to determine impact on the organization

B.  

To evaluate the effectiveness of the organization’s monitoring of the external environment

C.  

To continually watch for and make sense of changes in the external context that may have a direct, indirect, or cumulative effect on the organization and to notify appropriate personnel and systems

D.  

To use qualitative methods of monitoring the organization’s external context based on experience and intuition

A.  

Mapping objectives not only at the enterprise level but also across all units shows how they impact one another and how resources may be best allocated

B.  

Mapping objectives not only at the enterprise level but also across all units is important for determining the compensation and bonuses of employees based on their contributions to achieving objectives

C.  

Mapping objectives not only at the enterprise level but also across all units is important for creating a visual representation of the organization’s hierarchy and reporting structure

D.  

Mapping objectives not only at the enterprise level but also across all units is important for identifying redundant objectives and eliminating them from the organization’s strategic plan

A.  

It outlines the organization’s budget and financial goals which must be considered in every type of decision

B.  

It describes the organization’s product development plans that must be considered when making decisions and setting priorities

C.  

It serves as a clear and consistent statement of the organization’s overall purpose and direction, guiding decision-making and priority-setting

D.  

It defines the roles and responsibilities of each department

A.  

It specifies the organization's views on ethical issues facing it.

B.  

It describes what the organization aspires to be and why it matters, serving as a guidepost for long-term strategic planning and inspiring and motivating employees, stakeholders, and customers.

C.  

It details the organization's sales targets and revenue projections to motivate employees to work hard and meet those goals.

D.  

It outlines the organization's succession planning and leadership development.

A.  

Accept

B.  

Share

C.  

Avoid

D.  

Control

A.  

Number of non-compliance events investigated

B.  

The level of employee training and understanding of requirements

C.  

The impact of environmental and social initiatives

D.  

The degree to which obligations and requirementsare addressed

A.  

It is only important for high levels of assurance in financial audits

B.  

It is not relevant to the level of assurance and does not affect the assurance process

C.  

It contributes to a higher level of assurance by enhancing impartiality and credibility

D.  

It is determined by the governing authority and enhances the level of assurance

A.  

Quality, Productivity, Flexibility, and Durability

B.  

Accuracy, Precision, Speed, and Stability

C.  

Effectiveness, Efficiency, Responsiveness, and Resilience

D.  

Compliance, Consistency, Adaptability, and Robustness

A.  

Both favorable and unfavorable events

B.  

Only events related to compliance violations

C.  

Only events that exemplify or contradict organizational values

D.  

Only events that are reported by external stakeholders

A.  

Impact

B.  

Consequence

C.  

Cause

D.  

Likelihood

A.  

Compliance & Ethics

B.  

Risk & Decisions

C.  

Security & Continuity

D.  

Strategy & Performance

A.  

To oversee employees and meet target objectives for the unit being managed.

B.  

To directly address opportunities, obstacles, and obligations.

C.  

To minimize costs and maximize profits.

D.  

To ensure strict adherence to external regulations and internal policies.

A.  

Technology

B.  

Policy

C.  

Information

D.  

People

A.  

Market research, customer feedback, and competitive analysis

B.  

How the organization's legal department and outside legal counsel coordinate activities

C.  

Laws, rules, regulations, litigation, and judicial or administrative opinions

D.  

Enforcement actions and litigation against the company

A.  

Impact

B.  

Consequence

C.  

Likelihood

D.  

Cause

A.  

Policy, process change, punishment, incentives, and employee education

B.  

Policy, people, process, physical, informational, technological, and financial actions and controls

C.  

Outsourcing, downsizing, and automation as the primary means of control

D.  

Random selection, trial and error, and reliance on intuition and experience

A.  

It ensures that superior-level objectives cascade to subordinate units and that subordinate units contribute to the most important objectives and priorities of the organization.

B.  

It enables the governing authority to only focus on the highest-level objectives that are tied to financial outcomes.

C.  

It frees the organization to focus solely on short-term financial performance.

D.  

It eliminates the need for excessive communication and collaboration between different departments within the organization.

A.  

Opportunities (reward), obstacles (risk), and obligations (compliance)

B.  

Profitability, liquidity, and solvency

C.  

Growth, diversification, and resiliency

D.  

Leadership, teamwork, and communication

A.  

Inherent effect is the effect of uncertainty in the presence of risk, while residual effect is the effect of uncertainty in the presence of reward

B.  

Inherent effect is the effect of uncertainty in the absence of actions and controls, while residual effect is the effect of uncertainty in the presence of actions and controls

C.  

Inherent effect is the effect of uncertainty in the absence of risk, while residual effect is the effect of uncertainty in the absence of reward

D.  

Inherent effect is the effect of uncertainty in the presence of actions and controls, while residual effect is the effect of uncertainty in the absence of actions and controls

A.  

Individuals and Teams who are responsible for financial reporting and budgeting activities within the organization.

B.  

Individuals and Teams who establish performance, risk, and compliance programs for the First Line and provide oversight through frameworks, standards, policies, tools, and techniques.

C.  

Individuals and Teams who manage external relationships with stakeholders, investors, and regulators.

D.  

Individuals and Teams who provide legal advice and support to the organization in case of disputes or litigation.

A.  

Consequence

B.  

Effect

C.  

Condition

D.  

Cause

A.  

The mission describes the organization's reason for existing; the vision describes the organization's plans for the next few years; and values describe the organization's performance evaluation criteria.

B.  

The mission describes who the organization serves, what it does, and its goals; the vision describes what the organization aspires to be and why it matters; and values describe what the organization believes and stands for. Together, they define the organization's highest purpose.

C.  

The mission describes the organization's financial targets, the vision describes the organization's marketing strategy, and the values describe the organization's pricing model.

D.  

The mission outlines the organization's legal obligations, the vision outlines the organization's ideas about meeting those obligations, and the values outline the organization's code of conduct.

A.  

Identification criteria are used to determine the order in which units undertake identification activities.

B.  

Identification criteria are used to calculate the total budget for the organization based on priority objectives and the number of related obstacles and obligations.

C.  

Identification criteria are used to focus on priority objectives and results.

D.  

Identification criteria are used to establish the communication channels within the organization regarding opportunities, obstacles, and obligations.

A.  

The ability to rapidly expand and scale the organization’s operations in response to change

B.  

The ability to quickly re-learn context and culture when things change

C.  

The ability to adapt the organization’s mission and vision to changing market conditions

D.  

The ability to effectively manage risks and respond to compliance issues that are identified

A.  

Compliance and ethics culture

B.  

Performance culture

C.  

Workforce culture

D.  

Governance culture

A.  

Strategic goals are short-term objectives focused on the organization’s daily operations and activities

B.  

Strategic goals are specific targets related to the organization’s sales and marketing efforts

C.  

Strategic goals are long-term objectives typically set at higher levels of the organization and serve as guideposts for long-term strategic planning

D.  

Strategic goals are quantitative measures of the organization’s financial performance and profitability

A.  

No, the Second Line cannot provide assurance over First Line activities because it is focused on strategic planning and long-term goals, not on assurance activities

B.  

Yes, the Second Line can provide assurance over First Line activities regardless of the design or performance of the activities because it has a higher level of authority and the necessary skills

C.  

Yes, the Second Line may provide assurance over First Line activities so long as the activities under examination were not designed or performed by the Second Line, and the Second Line personnel have the required degree of Assurance Objectivity and Assurance Competence relative to the subject matter and desired Level of Assurance

D.  

No, the Second Line cannot provide assurance over First Line activities because it lacks the necessary authority and jurisdiction

A.  

These notifications are always more reliable than traditional paper-based methods

B.  

These notifications often (though not always) alert the organization sooner than other methods, especially when human methods fail or are delayed

C.  

Use of this type of notification is only beneficial for large organizations with complex structures

D.  

These notifications eliminate the need for any human involvement in the assignment of follow-up tasks

A.  

To assess the level of compliance with legal and regulatory requirements

B.  

To evaluate the potential impact of market fluctuations and economic conditions

C.  

To address obstacles and measure the negative, unfavorable effect of uncertainty on objectives

D.  

To identify and mitigate potential threats to the organization's security and reputation

A.  

Because it generates financial reports for stakeholders.

B.  

Because it contributes to employee performance evaluations.

C.  

Because it is a required task for external regulatory compliance.

D.  

Because it helps management and the governing authority understand progress toward objectives and whether opportunities, obstacles, and obligations are addressed.

A.  

Anonymity should never be afforded, as it encourages false reporting.

B.  

Anonymity should be afforded where legally permitted or required.

C.  

Anonymity should only be afforded to stakeholders who are not employees of the organization.

D.  

Anonymity should be afforded only when the issue raised is of minor importance.

A.  

To organize stakeholder appreciation events

B.  

To rank the most valuable stakeholders

C.  

To highlight and address needs that compete with or conflict with each other

D.  

To create a stakeholder directory

A.  

The duality of compliance refers to the distinction between domestic and international regulations that an organization must follow.

B.  

The duality of compliance refers to the trade-off between investing in compliance measures and allocating resources to other business areas.

C.  

The duality of compliance involves addressing both compliance with obligations and compliance-related risks. Compliance involves meeting mandatory and voluntary obligations, while compliance-related risks involve addressing the risk of negative outcomes associated with non-compliance.

D.  

The duality of compliance refers to the balance between financial gains and ethical considerations in business decisions.

A.  

To ensure that stakeholders receive special privileges and benefits

B.  

To liaison with people and champions who hold actual power and influence in each stakeholder group

C.  

To create a network of stakeholders who can promote the organization’s brand

D.  

To gather intelligence on the activities and plans of competing organizations who have some of the same stakeholders

A.  

Resilience measures the durability and longevity of the organization’s physical assets

B.  

Resilience measures the organization’s ability to recover from financial losses and setbacks

C.  

Resilience measures the ability to withstand stress and the capability to align after stress

D.  

Resilience measures the organization’s ability to maintain a positive reputation in the face of public scrutiny

A.  

Values

B.  

Vision

C.  

Outcome

D.  

Mission

A.  

Market segmentation, pricing strategies, and promotional activities

B.  

Research and Design activity, innovations in materials, mechanical efficiency, and the rate of technological change

C.  

How the organization uses technology for employee recruitment, onboarding processes, and performance appraisals

D.  

How the organization uses financial forecasting, budgeting, and cost control

A.  

Reasonable assurance is provided by external auditors as part of a financial audit and indicates conformity to suitable criteria and freedom from material error, while limited assurance results from reviews, compilations, and other activities performed by competent personnel who are sufficiently objective about the subject matter.

B.  

Reasonable assurance is provided by internal auditors as part of a risk assessment, while limited assurance results from external audits and regulatory examinations.

C.  

Reasonable assurance is provided by the Board of Directors as part of governance activities, while limited assurance results from employee self-assessments.

D.  

Reasonable assurance is provided by management as part of strategic planning, while limited assurance results from operational reviews and performance evaluations.

A.  

The Second Line is responsible for conducting external audits and providing assurance to stakeholders

B.  

The Second Line is responsible for making strategic decisions and setting the overall direction of the organization, deciding on objectives and issuing decision-making guidance

C.  

The Second Line establishes performance, risk, and compliance programs for the First Line, and provides oversight through frameworks, standards, policies, tools, and techniques

D.  

The Second Line focuses on the day-to-day operational activities of the organization to address risk and compliance requirements

A.  

Beliefs are ideas and assumptions held by individuals or groups, often shaped by experiences and perceptions, that influence behavior by informing the values and principles that guide actions and decisions.

B.  

Beliefs are the organization’s commitments to mandatory and voluntary obligations, and they influence behavior by determining the extent to which individuals fulfill obligations and honor promises.

C.  

Beliefs are the organization’s understanding of its mission, vision, and values, and they influence behavior by aligning actions with the organization's higher purpose and long-term goals.

D.  

Beliefs are the organization’s perceptions of risk and uncertainty, and they influence behavior by guiding actions and controls to address compliance-related risks.

A.  

To escalate incidents for investigation and identify them as in-house or external.

B.  

To provide incentives to employees for favorable conduct.

C.  

To determine if, when, how, and what to disclose regarding unfavorable events.

D.  

To ensure that future events of similar nature are less likely to occur and are less harmful.

A.  

Learning Assessment

B.  

Learning Objective

C.  

Learning Content

D.  

Learning Outcome

A.  

Financial audits and budget reviews.

B.  

Employee performance evaluations and appraisals.

C.  

Market research and customer surveys.

D.  

Lessons learned, root-cause analysis, after-action reviews, and other evaluative activities.

A.  

Based on identification criteria and the priority of associated objectives

B.  

Based on the business units they relate to and how important those units are to the achievement of objectives

C.  

Based on the items identified as top priorities at the enterprise level taking higher priority than any unit-based items

D.  

Based on the preferences of the executive management team

A.  

True

B.  

False

A.  

To afford more flexibility in corrective action and allow the organization to address concerns promptly

B.  

To prevent stakeholders from getting a whistleblower reward

C.  

To ensure that stakeholders' concerns are hidden from the media

D.  

To provide time to fix the identified issue and not have to report it to any stakeholders

A.  

They encourage adverse conduct

B.  

They are not tax-deductible

C.  

They decrease employee satisfaction

D.  

They violate anti-harassment laws

A.  

By avoiding any actions that could lead to uncertainty

B.  

By focusing on immediate goals and actions that don't present uncertainty

C.  

By obtaining risk insurance

D.  

By using design options such as Avoid, Accept, Share, and Control

A.  

Accountable

B.  

Visionary

C.  

Versatile

D.  

Intradisciplinary

A.  

Customer

B.  

Risk Manager

C.  

Board

D.  

Ethics Department

A.  

It is solely based on the assurance provider's credentials and ensures the highest level of assurance

B.  

It is determined by the number of years the assurance provider has been in the industry and ensures high levels of assurance

C.  

A greater degree of it allows the assurance provider to use sophisticated, professional, and structured techniques to evaluate the subject matter, resulting in a higher level of assurance

D.  

It is only relevant for external audits and does not apply to internal assurance activities and level of assurance

A.  

They can reduce the risk of legal disputes

B.  

They can lead to perceptions of favoritism and mistrust

C.  

They can increase employee motivation and productivity

D.  

They can improve the company’s public image