Test Bank Docx Risks And Risk Assessments Savage Ch.2 - Digital Test Bank | Accounting Info Systems 1e by Arline A. Savage. DOCX document preview.
Accounting Information Systems, 1e (Savage)
Chapter 2 Risks and Risk Assessments
1) ________ is propelling massive and fast-paced changes in how businesses function.
A) Technology
B) Accounting
C) Sales
D) Service
Diff: 1
Learning Objective: 2.1 Describe the nature of risk
Section Reference: Introduction
AACSB: Analytic
Bloom's: Knowledge
AICPA: AC: Systems and Process Management
2) Internal audit departments perform formal risk assessments when
A) using technology.
B) creating audit plans.
C) preparing financial statements.
D) preparing budgets.
Diff: 2
Learning Objective: 2.1 Describe the nature of risk
Section Reference: Introduction
AACSB: Analytic
Bloom's: Application
AICPA: AC: Systems and Process Management
3) Financial accountants implement controls including ________ to address risk.
A) technology
B) general guidelines
C) specific procedures
D) operational perspective
Diff: 1
Learning Objective: 2.1 Describe the nature of risk
Section Reference: Introduction
AACSB: Analytic
Bloom's: Comprehension
AICPA: AC: Systems and Process Management
4) Choose the best description of risk.
A) The estimation of damage that could be caused
B) The estimated probability of occurrence
C) The high-level business area or department
D) The likelihood of an unfavorable event occurring
Diff: 1
Learning Objective: 2.1 Describe the nature of risk
Section Reference: Importance of Risk
AACSB: Analytic
Bloom's: Knowledge
AICPA: AC: Risk Assessment, Analysis, and Management
5) A risk-aware culture at a business is characterized by
A) leadership setting a risk-awareness tone at the top.
B) management that encourages employees to discuss risks openly.
C) an alignment of risks across all corporate initiatives.
D) all the above.
Diff: 2
Learning Objective: 2.1 Describe the nature of risk
Section Reference: Importance of Risk
AACSB: Analytic
Bloom's: Analysis
AICPA: AC: Risk Assessment, Analysis, and Management
6) Organize the three tasks below when performing risk assessment.
A) Identify, categorize and prioritize
B) Prioritize, identify and categorize
C) Categorize, prioritize and identify
D) Identify, prioritize and categorize
Diff: 3
Learning Objective: 2.1 Describe the nature of risk
Section Reference: Importance of Risk
AACSB: Analytic
Bloom's: Synthesis
AICPA: AC: Risk Assessment, Analysis, and Management
7) The three primary types of business processes that make up a basic business model include
A) acquisition and payment processes.
B) conversion processes.
C) marketing, sales and collection processes.
D) all the above.
Diff: 1
Learning Objective: 2.1 Describe the nature of risk
Section Reference: Applying Risks to a Business
AACSB: Analytic
Bloom's: Comprehension
AICPA: AC: Systems and Process Management
8) A business function is a high-level ________ or ________ that performs business processes to achieve company goals.
A) Business area, customer
B) Business area, department
C) Vendor, department
D) Vendor, customer
Diff: 1
Learning Objective: 2.1 Describe the nature of risk
Section Reference: Applying Risks to a Business
AACSB: Analytic
Bloom's: Comprehension
AICPA: AC: Systems and Process Management
9) A business function is a high-level business area or department that performs ________ to achieve company goals.
A) financial statement reporting
B) auditing
C) business processes
D) information technology
Diff: 1
Learning Objective: 2.1 Describe the nature of risk
Section Reference: Applying Risks to a Business
AACSB: Analytic
Bloom's: Comprehension
AICPA: AC: Systems and Process Management
10) A business function is a high-level business area or department that performs business processes to achieve
A) accounting goals.
B) revenue.
C) profit.
D) company goals.
Diff: 1
Learning Objective: 2.1 Describe the nature of risk
Section Reference: Applying Risks to a Business
AACSB: Analytic
Bloom's: Comprehension
AICPA: AC: Systems and Process Management
11) Just as risk can exist at different levels, ________ can be performed at different levels of the company.
A) risk identification
B) risk statements
C) likelihood
D) impact
Diff: 2
Learning Objective: 2.1 Describe the nature of risk
Section Reference: Applying Risks to a Business
AACSB: Analytic
Bloom's: Application
AICPA: AC: Risk Assessment, Analysis, and Management
12) Just as risk can exist at different levels, risk identification can be performed at ________ of the company.
A) the top-level
B) different levels
C) the bottom level
D) the board of directors' level
Diff: 2
Learning Objective: 2.1 Describe the nature of risk
Section Reference: Applying Risks to a Business
AACSB: Analytic
Bloom's: Application
AICPA: AC: Risk Assessment, Analysis, and Management
13) Choose from the following the best description of enterprise risk management (ERM).
A) A narrow process of identifying, categorizing, prioritizing, and ignoring a company's risk
B) A narrow process of identifying, grouping, prioritizing, and ignoring a company's risk
C) A comprehensive process of identifying, categorizing, prioritizing, and responding to a company's risk
D) A comprehensive process of listing, prioritizing, and responding to a company's risk
Diff: 2
Learning Objective: 2.1 Describe the nature of risk
Section Reference: Applying Risks to a Business
AACSB: Analytic
Bloom's: Application
AICPA: AC: Risk Assessment, Analysis, and Management
14) Choose from the following the best definition of risk identification.
A) Decide how the company will address the prioritized risks
B) Select which risks are most likely to occur or will have the largest impact
C) Categorizing risks based on their types
D) Identifying existing risks and their outcomes
Diff: 2
Learning Objective: 2.1 Describe the nature of risk
Section Reference: Applying Risks to a Business
AACSB: Analytic
Bloom's: Application
AICPA: AC: Risk Assessment, Analysis, and Management
15) Choose from the following the best definition of risk response.
A) Decide how the company will address the prioritized risks
B) Select which risks are most likely to occur or will have the largest impact
C) Categorizing risks based on their types
D) Identifying existing risks and their outcomes
Diff: 2
Learning Objective: 2.1 Describe the nature of risk
Section Reference: Applying Risks to a Business
AACSB: Analytic
Bloom's: Application
AICPA: AC: Risk Assessment, Analysis, and Management
16) Choose from the following the best definition of risk prioritization.
A) Decide how the company will address the prioritized risks
B) Select which risks are most likely to occur or will have the largest impact
C) Categorizing risks based on their types
D) Identifying existing risks and their outcomes
Diff: 2
Learning Objective: 2.1 Describe the nature of risk
Section Reference: Applying Risks to a Business
AACSB: Analytic
Bloom's: Application
AICPA: AC: Risk Assessment, Analysis, and Management
17) Choose from the following the best definition of risk categorization.
A) Decide how the company will address the prioritized risks
B) Select which risks are most likely to occur or will have the largest impact
C) Categorizing risks based on their types
D) Identifying existing risks and their outcomes
Diff: 2
Learning Objective: 2.1 Describe the nature of risk
Section Reference: Applying Risks to a Business
AACSB: Analytic
Bloom's: Application
AICPA: AC: Risk Assessment, Analysis, and Management
18) A risk statement contains two parts
A) the improvement and the solution.
B) the improvement and the possible outcome.
C) the issue and the solution.
D) the issue and the possible outcome.
Diff: 2
Learning Objective: 2.1 Describe the nature of risk
Section Reference: Identifying Risks
AACSB: Analytic
Bloom's: Application
AICPA: AC: Risk Assessment, Analysis, and Management
19) Complete the following statement: A company that takes on significant risk may have a(an) ________ over a company that avoids risk.
A) competitive advantage
B) unambitious advantage
C) competitive handicap
D) significant cost advantage
Diff: 2
Learning Objective: 2.1 Describe the nature of risk
Section Reference: Importance of Risk
AACSB: Analytic
Bloom's: Application
AICPA: AC: Risk Assessment, Analysis, and Management
20) What are some common keywords used in risk statements?
A) Because
B) Caused
C) Possible
D) All the above
Diff: 2
Learning Objective: 2.1 Describe the nature of risk
Section Reference: Identifying Risks
AACSB: Analytic
Bloom's: Application
AICPA: AC: Risk Assessment, Analysis, and Management
21) Complete the following statement: "It is essential for accounting professionals to understand risk — including ________ in risk management.
A) emerging trends
B) gradual trends
C) emerging directions
D) gradual directions
Diff: 1
Learning Objective: 2.1 Describe the nature of risk
Section Reference: Introduction
AACSB: Analytic
Bloom's: Comprehension
AICPA: AC: Risk Assessment, Analysis, and Management
22) The second step of ERM is
A) categorizing risks based on their type.
B) identifying risks.
C) responding to a company's risk.
D) categorizing risks based on response.
Diff: 1
Learning Objective: 2.2 Classify risks into different risk categories
Section Reference: Introduction
AACSB: Analytic
Bloom's: Knowledge
AICPA: AC: Risk Assessment, Analysis, and Management
23) An accountant would call the categorization of a risk, external or internal, the ________ of the risk.
A) solution
B) source
C) explanation
D) level
Diff: 2
Learning Objective: 2.2 Classify risks into different risk categories
Section Reference: Introduction
AACSB: Analytic
Bloom's: Application
AICPA: AC: Risk Assessment, Analysis, and Management
24) Complete the following statement: "Identified risks are most useful when they are mapped to
A) external risks."
B) internal risks."
C) one source category."
D) both internal and external categories."
Diff: 2
Learning Objective: 2.2 Classify risks into different risk categories
Section Reference: Introduction
AACSB: Analytic
Bloom's: Application
AICPA: AC: Risk Assessment, Analysis, and Management
25) Complete the following statement: "If a risk feels like it can be classified as both internal and external, companies fine-tune their risk statement to make it more ________ until it maps clearly to one source".
A) soft
B) hard
C) smooth
D) granular
Diff: 1
Learning Objective: 2.2 Classify risks into different risk categories
Section Reference: Introduction
AACSB: Analytic
Bloom's: Comprehension
AICPA: AC: Risk Assessment, Analysis, and Management
26) How many major internal risk categories are there?
A) 3
B) 4
C) 5
D) 6
Diff: 1
Learning Objective: 2.2 Classify risks into different risk categories
Section Reference: Internal Risks
AACSB: Analytic
Bloom's: Knowledge
AICPA: AC: Risk Assessment, Analysis, and Management
27) Choose from the following list a major internal risk category.
A) Compliance risk
B) Financial risk
C) Strategic risk
D) Physical risk
Diff: 2
Learning Objective: 2.2 Classify risks into different risk categories
Section Reference: Internal Risks
AACSB: Analytic
Bloom's: Application
AICPA: AC: Risk Assessment, Analysis, and Management
28) Choose from the following list a major internal risk category.
A) Compliance risk
B) Strategic risk
C) Operational risk
D) Physical risk
Diff: 2
Learning Objective: 2.2 Classify risks into different risk categories
Section Reference: Internal Risks
AACSB: Analytic
Bloom's: Application
AICPA: AC: Risk Assessment, Analysis, and Management
29) Choose from the following list a major internal risk category.
A) Compliance risk
B) Strategic risk
C) Physical risk
D) Reputational risk
Diff: 2
Learning Objective: 2.2 Classify risks into different risk categories
Section Reference: Internal Risks
AACSB: Analytic
Bloom's: Application
AICPA: AC: Risk Assessment, Analysis, and Management
30) Choose from the following list the most important type of risk for an AIS.
A) Operational risk
B) Financial risk
C) Strategic risk
D) Physical risk
Diff: 2
Learning Objective: 2.2 Classify risks into different risk categories
Section Reference: Internal Risks
AACSB: Analytic
Bloom's: Application
AICPA: AC: Risk Assessment, Analysis, and Management
31) Choose from the following list the best definition of technology risk.
A) When technology failures have the potential of improving business
B) When technology failures have the potential of disrupting business
C) When technology is deployed to solve business problems
D) When technology is removed from business operations
Diff: 2
Learning Objective: 2.2 Classify risks into different risk categories
Section Reference: Internal Risks
AACSB: Analytic
Bloom's: Application
AICPA: AC: Risk Assessment, Analysis, and Management
32) Choose from the following list the best definition of cyber risks.
A) A common type of technology risk relating to an internal party accessing the company's financial records
B) When technology failures have the potential of disrupting business
C) A unique type of technology risk relating to an external party accessing the company's technology assets
D) When technology is removed from business operations
Diff: 2
Learning Objective: 2.2 Classify risks into different risk categories
Section Reference: Internal Risks
AACSB: Analytic
Bloom's: Application
AICPA: AC: Risk Assessment, Analysis, and Management
33) Choose from the following list the best definition of financial risk.
A) Causes a breakdown in business operations
B) When the good name of a company is damaged
C) Refers to the potential gain of a substantial sum of money
D) Refers to the potential loss of a substantial sum of money
Diff: 2
Learning Objective: 2.2 Classify risks into different risk categories
Section Reference: Internal Risks
AACSB: Analytic
Bloom's: Application
AICPA: AC: Risk Assessment, Analysis, and Management
34) Choose from the following list the best definition of reputational risks.
A) Causes a breakdown in business operations
B) When the good name of a company is damaged
C) Refers to the potential gain of a substantial sum of money
D) Refers to the potential loss of a substantial sum of money
Diff: 2
Learning Objective: 2.2 Classify risks into different risk categories
Section Reference: Internal Risks
AACSB: Analytic
Bloom's: Application
AICPA: AC: Risk Assessment, Analysis, and Management
35) With reputational risk comes financial loss through a(n)
A) loss of customers and revenue.
B) decrease in expenses.
C) increase in stock price.
D) increase in customers and revenues.
Diff: 1
Learning Objective: 2.2 Classify risks into different risk categories
Section Reference: Internal Risks
AACSB: Analytic
Bloom's: Knowledge
AICPA: AC: Risk Assessment, Analysis, and Management
36) Why has reputation risk grown in importance?
A) Fewer people are shopping in stores.
B) Fewer people are shopping on-line.
C) More people are using and accessing social media.
D) More people are shopping on-line.
Diff: 1
Learning Objective: 2.2 Classify risks into different risk categories
Section Reference: Internal Risks
AACSB: Analytic
Bloom's: Knowledge
AICPA: AC: Risk Assessment, Analysis, and Management
37) Choose from the following list a major external risk category.
A) Compliance risk
B) Operational risk
C) Financial risk
D) Reputational risk
Diff: 2
Learning Objective: 2.2 Classify risks into different risk categories
Section Reference: External Risks
AACSB: Analytic
Bloom's: Application
AICPA: AC: Risk Assessment, Analysis, and Management
38) Choose from the following list a major external risk category.
A) Operational risk
B) Strategic risk
C) Financial risk
D) Reputational risk
Diff: 2
Learning Objective: 2.2 Classify risks into different risk categories
Section Reference: External Risks
AACSB: Analytic
Bloom's: Application
AICPA: AC: Risk Assessment, Analysis, and Management
39) Choose from the following list a major external risk category.
A) Operational risk
B) Financial risk
C) Physical risk
D) Reputational risk
Diff: 2
Learning Objective: 2.2 Classify risks into different risk categories
Section Reference: External Risks
AACSB: Analytic
Bloom's: Application
AICPA: AC: Risk Assessment, Analysis, and Management
40) Choose from the following list the best definition of compliance risk.
A) Causes a breakdown in business operations
B) The threat of adverse weather, crimes, or physical damage
C) Is the inevitable risk that comes from a strategy becoming less effective
D) It occurs when a company fails to follow regulation and legislation and is subjected to legal penalties, including fines.
Diff: 2
Learning Objective: 2.2 Classify risks into different risk categories
Section Reference: External Risks
AACSB: Analytic
Bloom's: Application
AICPA: AC: Risk Assessment, Analysis, and Management
41) Choose from the following list the best definition of strategic risk.
A) Causes a breakdown in business operations
B) The threat of adverse weather, crimes, or physical damage
C) Is the inevitable risk that comes from a strategy becoming less effective
D) It occurs when a company fails to follow regulation and legislation and is subjected to legal penalties, including fines.
Diff: 2
Learning Objective: 2.2 Classify risks into different risk categories
Section Reference: External Risks
AACSB: Analytic
Bloom's: Application
AICPA: AC: Risk Assessment, Analysis, and Management
42) In September 2000, the CEO of Blockbuster was given the option to purchase Netflix for $50 million. At the time, Netflix was losing money and worried about bankruptcy. The Blockbuster CEO turned down the opportunity. This is an example of what type of risk?
A) Strategic risk
B) Compliance risk
C) Physical risk
D) Operational risk
Diff: 2
Learning Objective: 2.2 Classify risks into different risk categories
Section Reference: External Risks
AACSB: Analytic
Bloom's: Application
AICPA: AC: Risk Assessment, Analysis, and Management
43) Choose from the following list the best definition of physical risk.
A) Causes a breakdown in business operations
B) The threat of adverse weather, crimes, or physical damage
C) Is the inevitable risk that comes from a strategy becoming less effective
D) It occurs when a company fails to follow regulation and legislation and is subjected to legal penalties, including fines.
Diff: 2
Learning Objective: 2.2 Classify risks into different risk categories
Section Reference: External Risks
AACSB: Analytic
Bloom's: Application
AICPA: AC: Risk Assessment, Analysis, and Management
44) While ________ is the easiest to understand, it is one of the most important types of risk a company identifies because the impact is usually high.
A) strategic risk
B) compliance risk
C) physical risk
D) operational risk
Diff: 1
Learning Objective: 2.2 Classify risks into different risk categories
Section Reference: External Risks
AACSB: Analytic
Bloom's: Comprehension
AICPA: AC: Risk Assessment, Analysis, and Management
45) Choose from the following list the best definition of a risk inventory.
A) Causes a breakdown in business operations
B) The threat of adverse weather, crimes, or physical damage
C) Is the inevitable risk that comes from a strategy becoming less effective
D) A listing of all the business' known risks
Diff: 2
Learning Objective: 2.2 Classify risks into different risk categories
Section Reference: External Risks
AACSB: Analytic
Bloom's: Application
AICPA: AC: Risk Assessment, Analysis, and Management
46) Founded in 1852, Wells Fargo is one of the largest banks in the United States. When internal fraud at Wells Fargo was exposed to the public in September 2016, what type of risk was increased at Wells Fargo due to this fraud?
A) Reputational risk
B) Compliance risk
C) Physical risk
D) Operational risk
Diff: 2
Learning Objective: 2.2 Classify risks into different risk categories
Section Reference: Internal Risks
AACSB: Analytic
Bloom's: Analysis
AICPA: AC: Risk Assessment, Analysis, and Management
47) Choose the best definition of risk severity from the list below.
A) It is the likelihood of risks occurring and the potential impact on the company.
B) It is the estimated probability of a risk occurrence.
C) It is the estimation of damage that could be caused if the risk occurs.
D) It is an estimation of the loss of goodwill.
Diff: 2
Learning Objective: 2.3 Determine the quantitative value of risk
Section Reference: Evaluating Risk Severity
AACSB: Analytic
Bloom's: Analysis
AICPA: AC: Risk Assessment, Analysis, and Management
48) Choose the best definition of likelihood from the list below.
A) Prioritizes risks by ranking their likelihood of occurring and the potential impact on the company
B) It is the estimated probability of a risk occurrence.
C) It is the estimation of damage that could be caused if the risk occurs.
D) It is an estimation of the loss of goodwill.
Diff: 2
Learning Objective: 2.3 Determine the quantitative value of risk
Section Reference: Evaluating Risk Severity
AACSB: Analytic
Bloom's: Analysis
AICPA: AC: Risk Assessment, Analysis, and Management
49) Choose the best definition of impact from the list below.
A) Prioritizes risks by ranking their likelihood of occurring and the potential impact on the company
B) It is the estimated probability of a risk occurrence.
C) It is the estimation of damage that could be caused if the risk occurs.
D) It is an estimation of the loss of goodwill.
Diff: 2
Learning Objective: 2.3 Determine the quantitative value of risk
Section Reference: Evaluating Risk Severity
AACSB: Analytic
Bloom's: Analysis
AICPA: AC: Risk Assessment, Analysis, and Management
50) Complete the following sentence: "Companies use different methods to calculate likelihood, but likelihood is always ranked on a
A) fixed level."
B) sliding level."
C) fixed scale."
D) sliding scale."
Diff: 1
Learning Objective: 2.3 Determine the quantitative value of risk
Section Reference: Evaluating Risk Severity
AACSB: Analytic
Bloom's: Knowledge
AICPA: AC: Risk Assessment, Analysis, and Management
51) Complete this sentence: "In different industries, likelihood can be described as
A) probability."
B) scarcity."
C) insufficient."
D) abundant."
Diff: 1
Learning Objective: 2.3 Determine the quantitative value of risk
Section Reference: Evaluating Risk Severity
AACSB: Analytic
Bloom's: Comprehension
AICPA: AC: Risk Assessment, Analysis, and Management
52) What is the abbreviation for Medium High?
A) MH
B) M
C) ML
D) H
Diff: 1
Learning Objective: 2.3 Determine the quantitative value of risk
Section Reference: Evaluating Risk Severity
AACSB: Analytic
Bloom's: Knowledge
AICPA: AC: Risk Assessment, Analysis, and Management
53) What is the abbreviation for High?
A) MH
B) M
C) ML
D) H
Diff: 1
Learning Objective: 2.3 Determine the quantitative value of risk
Section Reference: Evaluating Risk Severity
AACSB: Analytic
Bloom's: Knowledge
AICPA: AC: Risk Assessment, Analysis, and Management
54) What is the abbreviation for Medium Low?
A) MH
B) M
C) ML
D) H
Diff: 1
Learning Objective: 2.3 Determine the quantitative value of risk
Section Reference: Evaluating Risk Severity
AACSB: Analytic
Bloom's: Knowledge
AICPA: AC: Risk Assessment, Analysis, and Management
55) What is the abbreviation for Low?
A) MH
B) L
C) ML
D) H
Diff: 1
Learning Objective: 2.3 Determine the quantitative value of risk
Section Reference: Evaluating Risk Severity
AACSB: Analytic
Bloom's: Knowledge
AICPA: AC: Risk Assessment, Analysis, and Management
56) What is the abbreviation for Medium?
A) M
B) L
C) ML
D) H
Diff: 1
Learning Objective: 2.3 Determine the quantitative value of risk
Section Reference: Evaluating Risk Severity
AACSB: Analytic
Bloom's: Knowledge
AICPA: AC: Risk Assessment, Analysis, and Management
57) What is the risk calculation if a company assigns a likelihood of 4 to a particular risk and an impact of 3 to the risk?
A) 7
B) 12
C) 4
D) 3
Diff: 2
Learning Objective: 2.3 Determine the quantitative value of risk
Section Reference: Using Risk Formulas
AACSB: Analytic
Bloom's: Application
AICPA: AC: Risk Assessment, Analysis, and Management
58) What is the risk calculation if a company assigns a likelihood of 1 to a particular risk and an impact of 5 to the risk?
A) 1
B) 3
C) 5
D) 6
Diff: 2
Learning Objective: 2.3 Determine the quantitative value of risk
Section Reference: Using Risk Formulas
AACSB: Analytic
Bloom's: Application
AICPA: AC: Risk Assessment, Analysis, and Management
59) If a company identifies four risks with a risk score as follows:
Risk | Risk Score |
An oven fire may result in the destruction of a store. | 5 |
A cybersecurity attack may result in the theft of customer data. | 15 |
A store employee getting sick may result in them backing out of their shift last minute. | 4 |
An employee stealing from a cash register may result in loss of cash. | 6 |
Which risk is the highest priority?
A) An oven fire may result in the destruction of a store.
B) A cybersecurity attack may result in theft of customer data.
C) A store employee getting sick may result in them backing out of their shift last minute.
D) An employee stealing from a cash register may result in loss of cash.
Diff: 2
Learning Objective: 2.3 Determine the quantitative value of risk
Section Reference: Using Risk Formulas
AACSB: Analytic
Bloom's: Application
AICPA: AC: Risk Assessment, Analysis, and Management
60) If a company identifies four risks with a risk score:
Risk | Risk Score |
An oven fire may result in the destruction of a store. | 5 |
A cybersecurity attack may result in the theft of customer data. | 15 |
A store employee getting sick may result in them backing out of their shift last minute. | 4 |
An employee stealing from a cash register may result in loss of cash. | 6 |
Which risk is the lowest priority?
A) An oven fire may result in the destruction of a store.
B) A cybersecurity attack may result in theft of customer data.
C) A store employee getting sick may result in them backing out of their shift last minute.
D) An employee stealing from a cash register may result in loss of cash.
Diff: 2
Learning Objective: 2.3 Determine the quantitative value of risk
Section Reference: Using Risk Formulas
AACSB: Analytic
Bloom's: Application
AICPA: AC: Risk Assessment, Analysis, and Management
61) Choose the best definition of risk matrices from the list below.
A) Risk matrices give a clear picture through the assignment of values to the data.
B) Risk matrices are the estimated probability of a risk occurrence.
C) Risk matrices are the estimation of damage that could be caused if the risk occurs.
D) Risk matrices are an estimation of the loss of goodwill.
Diff: 2
Learning Objective: 2.3 Determine the quantitative value of risk
Section Reference: Creating Risk Matrices
AACSB: Analytic
Bloom's: Analysis
AICPA: AC: Risk Assessment, Analysis, and Management
62) Choose the best definition of a heat map from the list below.
A) A heat map is the estimated probability of a risk occurrence.
B) A heat map uses different colors to represent values of data in a map or diagram format.
C) A heat map is the estimation of damage that could be caused if the risk occurs.
D) A heat map is an estimation of the loss of goodwill.
Diff: 2
Learning Objective: 2.3 Determine the quantitative value of risk
Section Reference: Creating Risk Matrices
AACSB: Analytic
Bloom's: Analysis
AICPA: AC: Risk Assessment, Analysis, and Management
63) Referencing the following risk scale:
What likelihood score would you assign to a risk with an annual occurrence of 7%?
A) 1
B) 2
C) 3
D) 4
Diff: 2
Learning Objective: 2.3 Determine the quantitative value of risk
Section Reference: Using Risk Formulas
AACSB: Analytic
Bloom's: Application
AICPA: AC: Risk Assessment, Analysis, and Management
64) Referencing the following risk scale:
What likelihood score would you assign to a risk with an annual occurrence of 3%?
A) 1
B) 2
C) 3
D) 4
Diff: 2
Learning Objective: 2.3 Determine the quantitative value of risk
Section Reference: Using Risk Formulas
AACSB: Analytic
Bloom's: Application
AICPA: AC: Risk Assessment, Analysis, and Management
65) Consider the following risk matrix.
What score would a risk have with an impact of M and a likelihood of L?
A) 3
B) 4
C) 6
D) 8
Diff: 2
Learning Objective: 2.3 Determine the quantitative value of risk
Section Reference: Creating Risk Matrices
AACSB: Analytic
Bloom's: Analysis
AICPA: AC: Risk Assessment, Analysis, and Management
66) Consider the following risk matrix.
What score would a risk have with an impact of M and a likelihood of H?
A) 3
B) 5
C) 15
D) 16
Diff: 2
Learning Objective: 2.3 Determine the quantitative value of risk
Section Reference: Creating Risk Matrices
AACSB: Analytic
Bloom's: Analysis
AICPA: AC: Risk Assessment, Analysis, and Management
67) Consider the following risk matrix.
What score would a risk have with an impact of M and a likelihood of M?
A) 3
B) 6
C) 8
D) 9
Diff: 2
Learning Objective: 2.3 Determine the quantitative value of risk
Section Reference: Creating Risk Matrices
AACSB: Analytic
Bloom's: Analysis
AICPA: AC: Risk Assessment, Analysis, and Management
68) If a company identifies four risks with a risk scores as follows:
Risk | Risk Score |
An oven fire may result in the destruction of a store. | 5 |
A cybersecurity attack may result in the theft of customer data. | 15 |
A store employee getting sick may result in them backing out of their shift last minute. | 4 |
An employee stealing from a cash register may result in loss of cash. | 6 |
How would you suggest the management of the company prioritize the identified risks?
Diff: 3
Learning Objective: 2.3 Determine the quantitative value of risk
Section Reference: Using Risk Formulas
AACSB: Analytic
Bloom's: Synthesis
AICPA: AC: Risk Assessment, Analysis, and Management
69) How can someone determine how risky a risk is?
Diff: 2
Learning Objective: 2.3 Determine the quantitative value of risk
Section Reference: Introduction
AACSB: Analytic
Bloom's: Analysis
AICPA: AC: Risk Assessment, Analysis, and Management
70) The U.S. Bureau of Labor and Statistics anticipates a ________ percent growth in jobs with the focus of "risk management" between 2018-2026.
A) 10
B) 15
C) 18
D) 19
Diff: 1
Learning Objective: 2.4 Explain how businesses respond to risk
Section Reference: Introduction
AACSB: Analytic
Bloom's: Knowledge
AICPA: AC: Risk Assessment, Analysis, and Management
71) Accounting professionals are uniquely qualified to work in risk management due to their training in ________, risk identification, and ________.
A) budgeting, financial statement preparation
B) business processes, tax preparation
C) business processes, holistic business operations
D) tax preparation, holistic business operations
Diff: 1
Learning Objective: 2.4 Explain how businesses respond to risk
Section Reference: Introduction
AACSB: Analytic
Bloom's: Knowledge
AICPA: AC: Risk Assessment, Analysis, and Management
72) What is the first step of ERM?
A) Risk Identification
B) Risk Categorization
C) Risk Prioritization
D) Risk Response
Diff: 1
Learning Objective: 2.4 Explain how businesses respond to risk
Section Reference: Introduction
AACSB: Analytic
Bloom's: Knowledge
AICPA: AC: Risk Assessment, Analysis, and Management
73) What is the second step of ERM?
A) Risk Identification
B) Risk Categorization
C) Risk Prioritization
D) Risk Response
Diff: 1
Learning Objective: 2.4 Explain how businesses respond to risk
Section Reference: Introduction
AACSB: Analytic
Bloom's: Knowledge
AICPA: AC: Risk Assessment, Analysis, and Management
74) What is the third step of ERM?
A) Risk Identification
B) Risk Categorization
C) Risk Prioritization
D) Risk Response
Diff: 1
Learning Objective: 2.4 Explain how businesses respond to risk
Section Reference: Introduction
AACSB: Analytic
Bloom's: Knowledge
AICPA: AC: Risk Assessment, Analysis, and Management
75) What is the last step of ERM?
A) Risk Identification
B) Risk Categorization
C) Risk Prioritization
D) Risk Response
Diff: 1
Learning Objective: 2.4 Explain how businesses respond to risk
Section Reference: Introduction
AACSB: Analytic
Bloom's: Knowledge
AICPA: AC: Risk Assessment, Analysis, and Management
76) Choose the best definition of risk appetite from the list below.
A) Risk appetite is the amount of risk a company is willing to take on at that time.
B) Risk appetite uses different colors to represent values of data in a map or diagram format.
C) Risk appetite is the estimation of damage that could be caused if the risk occurs.
D) Risk appetite is an estimation of the loss of goodwill.
Diff: 2
Learning Objective: 2.4 Explain how businesses respond to risk
Section Reference: Introduction
AACSB: Analytic
Bloom's: Analysis
AICPA: AC: Risk Assessment, Analysis, and Management
77) Choose the phrase that most accurately completes this sentence. "Risk appetite is part of
A) a weak manager."
B) a company's culture."
C) a satisfied customer."
D) a strong employee."
Diff: 2
Learning Objective: 2.4 Explain how businesses respond to risk
Section Reference: Introduction
AACSB: Analytic
Bloom's: Analysis
AICPA: AC: Risk Assessment, Analysis, and Management
78) Choose the best definition of inherent risk.
A) Inherent risk is the risk to a business process of a cybersecurity leak.
B) Inherent risk is the remaining risk posed by a process or activity once a plan to respond to the risk is in place.
C) Inherent risk is the natural level of risk in a business process if there are no risk responses in place.
D) Inherent risk is the risk to a business process of a natural disaster, such as a fire or earthquake.
Diff: 2
Learning Objective: 2.4 Explain how businesses respond to risk
Section Reference: Assess the Risk
AACSB: Analytic
Bloom's: Analysis
AICPA: AC: Risk Assessment, Analysis, and Management
79) Inherent risks consist of two parts: ________ and ________.
A) severity, financial
B) severity, impact
C) likelihood, financial
D) likelihood, impact
Diff: 1
Learning Objective: 2.4 Explain how businesses respond to risk
Section Reference: Assess the Risk
AACSB: Analytic
Bloom's: Knowledge
AICPA: AC: Risk Assessment, Analysis, and Management
80) Choose the best definition of residual risk.
A) Residual risk is the risk to a business process of a cybersecurity leak.
B) Residual risk is the remaining risk posed by a process or activity once a plan to respond to the risk is in place.
C) Residual risk is the natural level of risk in a business process if there are no risk responses in place.
D) Residual risk is the risk to a business process of a natural disaster, such as a fire or earthquake.
Diff: 2
Learning Objective: 2.4 Explain how businesses respond to risk
Section Reference: Assess the Risk
AACSB: Analytic
Bloom's: Analysis
AICPA: AC: Risk Assessment, Analysis, and Management
81) Choose the best definition of target residual risk.
A) Target residual risk is the risk to a business process of a cybersecurity leak.
B) Target residual risk is the natural level of risk in a business process or activity if there are no risk responses in place.
C) Target residual risk is the goal after implementing a risk response.
D) Target residual risk is what happens after the risk is addressed.
Diff: 2
Learning Objective: 2.4 Explain how businesses respond to risk
Section Reference: Assess the Risk
AACSB: Analytic
Bloom's: Analysis
AICPA: AC: Risk Assessment, Analysis, and Management
82) Choose the best definition of actual residual risk.
A) Actual residual risk is the risk to a business process of a cybersecurity leak.
B) Actual residual risk is the natural level of risk in a business process or activity if there are no risk responses in place.
C) Actual residual risk is the goal after implementing a risk response.
D) Actual residual risk is what happens after the risk is addressed.
Diff: 2
Learning Objective: 2.4 Explain how businesses respond to risk
Section Reference: Assess the Risk
AACSB: Analytic
Bloom's: Analysis
AICPA: AC: Risk Assessment, Analysis, and Management
83) If a construction worker purchases a heavy-duty case to protect his cell phone and reduces the risk likelihood from a 3 to a 2 and the risk impact from a 4 to a 3, by what percent is the risk score reduced?
A) 50%
B) 100%
C) 25%
D) 33%
Diff: 2
Learning Objective: 2.4 Explain how businesses respond to risk
Section Reference: Assess the Risk
AACSB: Analytic
Bloom's: Application
AICPA: AC: Risk Assessment, Analysis, and Management
84) Choose the best definition of risk acceptance.
A) Risk acceptance is when an inherent risk is present, but the organization chooses not to act.
B) Risk acceptance eliminates the risk by completely avoiding the events causing the risk.
C) Risk acceptance is when a company decides to accept the risk but to minimize its impact if it occurs.
D) Risk acceptance is the shifting of the risk to a third party.
Diff: 2
Learning Objective: 2.4 Explain how businesses respond to risk
Section Reference: Respond to the Risk
AACSB: Analytic
Bloom's: Application
AICPA: AC: Risk Assessment, Analysis, and Management
85) Choose the best definition of risk avoidance.
A) Risk avoidance is when an inherent risk is present, but the organization chooses not to act.
B) Risk avoidance eliminates the risk by completely avoiding the events causing the risk.
C) Risk avoidance is when a company decides to accept the risk but to minimize its impact if it occurs.
D) Risk avoidance is the shifting of the risk to a third party.
Diff: 2
Learning Objective: 2.4 Explain how businesses respond to risk
Section Reference: Respond to the Risk
AACSB: Analytic
Bloom's: Application
AICPA: AC: Risk Assessment, Analysis, and Management
86) Choose the best definition of mitigating the risk.
A) Mitigating the risk is when an inherent risk is present, but the organization chooses not to act.
B) Mitigating the risk eliminates the risk by completely avoiding the events causing the risk.
C) Mitigating the risk is when a company decides to minimize its impact if it occurs through additional business processes or controls.
D) Mitigating the risk is the shifting of the risk to a third party.
Diff: 2
Learning Objective: 2.4 Explain how businesses respond to risk
Section Reference: Respond to the Risk
AACSB: Analytic
Bloom's: Application
AICPA: AC: Risk Assessment, Analysis, and Management
87) Choose the best definition of risk transfer.
A) Risk transfer is when an inherent risk is present, but the organization chooses not to act.
B) Risk transfer eliminates the risk by completely avoiding the events causing the risk.
C) Risk transfer is when a company decides to accept the risk but to minimize its impact if it occurs.
D) Risk transfer is the shifting of the risk to a third party.
Diff: 2
Learning Objective: 2.4 Explain how businesses respond to risk
Section Reference: Respond to the Risk
AACSB: Analytic
Bloom's: Application
AICPA: AC: Risk Assessment, Analysis, and Management
88) How are you responding to the risk if you purchase a new cell phone and choose not to purchase a phone protection plan?
A) Accept the risk
B) Avoid the risk
C) Mitigate the risk
D) Transfer the risk
Diff: 2
Learning Objective: 2.4 Explain how businesses respond to risk
Section Reference: Respond to the Risk
AACSB: Analytic
Bloom's: Application
AICPA: AC: Risk Assessment, Analysis, and Management
89) If a company closes stores in a particularly high-risk geographical location, how are they responding to the risk?
A) Accept the risk
B) Avoid the risk
C) Mitigate the risk
D) Transfer the risk
Diff: 2
Learning Objective: 2.4 Explain how businesses respond to risk
Section Reference: Respond to the Risk
AACSB: Analytic
Bloom's: Application
AICPA: AC: Risk Assessment, Analysis, and Management
90) How are you responding to the risk if you purchase a new cell phone and later purchase a screen protector and phone case?
A) Accept the risk
B) Avoid the risk
C) Mitigate the risk
D) Transfer the risk
Diff: 2
Learning Objective: 2.4 Explain how businesses respond to risk
Section Reference: Respond to the Risk
AACSB: Analytic
Bloom's: Application
AICPA: AC: Risk Assessment, Analysis, and Management
91) How are you responding to the risk if you purchase a new cell phone and purchase the phone protection insurance?
A) Accept the risk
B) Avoid the risk
C) Mitigate the risk
D) Transfer the risk
Diff: 2
Learning Objective: 2.4 Explain how businesses respond to risk
Section Reference: Respond to the Risk
AACSB: Analytic
Bloom's: Application
AICPA: AC: Risk Assessment, Analysis, and Management
92) How many types of risk response are there?
A) 4
B) 3
C) 5
D) 6
Diff: 1
Learning Objective: 2.4 Explain how businesses respond to risk
Section Reference: Respond to the Risk
AACSB: Analytic
Bloom's: Knowledge
AICPA: AC: Risk Assessment, Analysis, and Management
93) Consider the following diagram:
What is the sweet spot?
Diff: 2
Learning Objective: 2.1 Describe the nature of risk
Section Reference: Importance of Risk
AACSB: Analytic
Bloom's: Application
AICPA: AC: Risk Assessment, Analysis, and Management
94) Julia's Cookies hires delivery drivers of any age with a state-issued driver's license. Newly hired drivers have one day of training on how to provide the best customer experience. It does not include driver safety training. Delivery drivers use company vehicles. Assess risks related to Julia's Cookies' delivery drivers.
Diff: 3
Learning Objective: 2.1 Describe the nature of risk
Section Reference: Applying Risks to a Business
AACSB: Analytic
Bloom's: Evaluation
AICPA: AC: Risk Assessment, Analysis, and Management
95) Predict at least one of the outcomes from the following risk statement related to driver safety at Julia's Cookies: "Drivers not receiving road safety training."
Diff: 3
Learning Objective: 2.1 Describe the nature of risk
Section Reference: Identifying Risks
AACSB: Analytic
Bloom's: Evaluation
AICPA: AC: Risk Assessment, Analysis, and Management
96) Briefly discuss the importance of risk.
Diff: 2
Learning Objective: 2.1 Describe the nature of risk
Section Reference: Importance of Risk
AACSB: Analytic
Bloom's: Application
AICPA: AC: Risk Assessment, Analysis, and Management
97) Consider the following risk matrix.
What score would a risk have with an impact of MH and a likelihood of ML?
Diff: 2
Learning Objective: 2.3 Determine the quantitative value of risk
Section Reference: Creating Risk Matrices
AACSB: Analytic
Bloom's: Analysis
AICPA: AC: Risk Assessment, Analysis, and Management
98) Consider the following risk matrix.
What score would a risk have with an impact of MH and a likelihood of H?
Diff: 2
Learning Objective: 2.3 Determine the quantitative value of risk
Section Reference: Creating Risk Matrices
AACSB: Analytic
Bloom's: Analysis
AICPA: AC: Risk Assessment, Analysis, and Management
99) Julia's Cookies is concerned about customers being injured while shopping in their stores. What actions could Julia's Cookies take to transfer the risk?
Diff: 3
Learning Objective: 2.4 Explain how businesses respond to risk
Section Reference: Respond to the Risk
AACSB: Analytic
Bloom's: Synthesis
AICPA: AC: Risk Assessment, Analysis, and Management
100) Julia's Cookies is concerned about drivers being injured when delivering cookies. What actions could Julia's Cookies take to mitigate the risk?
Diff: 3
Learning Objective: 2.4 Explain how businesses respond to risk
Section Reference: Respond to the Risk
AACSB: Analytic
Bloom's: Synthesis
AICPA: AC: Risk Assessment, Analysis, and Management
© 2022 John Wiley & Sons, Inc. All rights reserved. Instructors who are authorized users of this course are permitted to download these materials and use them in connection with the course. Except as permitted herein or by law, no part of these materials should be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise.