Geschreven door studenten die geslaagd zijn Direct beschikbaar na je betaling Online lezen of als PDF Verkeerd document? Gratis ruilen 4,6 TrustPilot
logo-home
Tentamen (uitwerkingen)

Exam Practice Question Bank | Risk Management & Internal Control | KU Leuven | 2025/26

Beoordeling
-
Verkocht
-
Pagina's
21
Cijfer
9-10
Geüpload op
19-06-2026
Geschreven in
2025/2026

This question bank contains 135 practice questions (multiple choice and open-ended) with detailed answers for the Internal Control and Risk Management course at KU Leuven's Master handelsingenieur program. Topics covered include COSO ERM framework, ISO 31000 risk assessment, risk responses (4 Ts), inherent vs. residual risk, IT General Controls, agency theory, business continuity management, cybersecurity controls, and CSRD/ESRS materiality concepts. Essential for exam preparation—work through the questions while covering answers in red to test your knowledge and master the core concepts taught in the course.

Meer zien Lees minder
Instelling
Vak

Voorbeeld van de inhoud

Risk Management & Internal Control
Exam Practice Question Bank
135 questions (multiple choice + open-ended) with answers
KU Leuven · Faculty of Economics and Business



Answers are shown in red beneath each question. Cover them while practising.




RM & IC — Exam Practice Question Bank | Page 1

,Part A — Questions from the revision session (Q1-Q35)
1. [Multiple choice] An entity expects its variable interest rate to rise and locks in a fixed rate via a
hedge. According to COSO, this risk response is:
A. Reduction
B. Acceptance
C. Sharing
D. Avoidance
Answer: C — Sharing (transfer): part of the risk is transferred to the counterparty offering the fixed rate.

2. [Multiple choice] Under ISO 31000, the three tasks of risk assessment, in order, are:
A. Identification - treatment - monitoring
B. Identification - analysis - evaluation
C. Recognition - rating - ranking
D. Analysis - evaluation - response
Answer: B — Risk identification, then analysis (likelihood x consequence, incl. existing controls), then
evaluation against criteria.

3. [Open-ended] Explain the difference between inherent risk and residual risk, and how their
relationship is shown on a risk matrix.
Answer: Inherent = risk before any controls; residual (current/managed) = what remains after controls
(inherent - controls = residual). On the matrix, plot the inherent point (high) and the residual point
(lower); the arrow between them is the control-reduction effort, and a target level can also be shown.
Used to judge whether residual exposure is within risk appetite/capacity.

4. [Multiple choice] In COSO ERM 2017, in which component does an entity define its risk appetite?
A. Governance & Culture
B. Performance
C. Strategy & Objective-Setting
D. Information, Communication & Reporting
Answer: C — Strategy & Objective-Setting (principle 7). Note: in COSO ERM 2004 it was the Objective-
Setting component.

5. [Open-ended] Define double materiality (CSRD/ESRS) and name the two perspectives it consists of.
Answer: A topic is material if material from EITHER: impact materiality (outward - the company's effect
on society/environment) OR financial materiality (inward - sustainability risks/opportunities affecting
the company).

6. [Multiple choice] Which is NOT one of the three IT General Control (ITGC) families?
A. Manage Access
B. Manage Change
C. Manage Operations
D. Manage Threats
Answer: D — Manage Threats is a cybersecurity ('back door') control. The three ITGC families are
Access, Change, Operations.



RM & IC — Exam Practice Question Bank | Page 2

, 7. [Open-ended] Name and explain the four risk responses (the 4 Ts) and the likelihood/impact situation
for each.
Answer: Tolerate (accept) - low/low; Treat (reduce via controls) - high likelihood/low impact; Transfer
(share, e.g. insurance) - low likelihood/high impact; Terminate (avoid/eliminate) - high/high.

8. [Multiple choice] Which technique obtains a reliable consensus from experts giving opinions
individually and anonymously across iterative rounds?
A. Brainstorming
B. SWIFT
C. Delphi technique
D. Bow-tie analysis
Answer: C — Delphi technique (expert panel, individual & anonymous input, iterative rounds).

9. [Open-ended] Explain Agency Theory in corporate governance: who are the principals and agents,
what is the core problem, and name two governance mechanisms used to address it.
Answer: Principals = shareholders; agents = managers. Core problem = the principal-agent problem
(divergent goals, costly to verify the agent's actions) worsened by information asymmetry. Mechanisms
(any 2): board of directors, auditing, performance-based incentives.

10. [Multiple choice] What is the difference between RTO and RPO in BCM?
A. RTO = max data loss; RPO = max downtime
B. RTO = max time to restore a service; RPO = max acceptable data loss
C. Both measure downtime for different systems
D. RTO = recovery cost; RPO = recovery priority
Answer: B — RTO = maximum time to restore; RPO = maximum acceptable data loss (point you can roll
back to).

11. [Open-ended] State the three elements of the Fraud Triangle (Cressey) and explain why all three
matter for designing anti-fraud controls.
Answer: Pressure, Opportunity, Rationalisation. All three together signal high fraud likelihood; controls
attack each corner - reduce opportunity (SoD/access/audit trail), relieve pressure (realistic targets), and
reduce rationalisation (tone at the top, code of conduct, punishment).

12. [Multiple choice] Per ISA 240, the external auditor's responsibility regarding fraud is to:
A. Detect all fraud and report it to the police
B. Obtain reasonable assurance the statements are free from material misstatement from fraud or
error
C. Manage the company's anti-fraud controls
D. Make a legal determination that fraud occurred
Answer: B — Reasonable assurance on material misstatement (fraud or error). The auditor does not
detect all fraud, manage controls, or make legal determinations.

13. [Open-ended] Describe the Three Lines of Defence: what sits at each line (with an example role),
and where external audit fits.
Answer: 1st line = operational management & internal controls (risk owners, e.g. department head); 2nd
line = risk management & compliance (e.g. risk manager); 3rd line = internal audit (independent



RM & IC — Exam Practice Question Bank | Page 3

Geschreven voor

Instelling
Studie
Vak

Documentinformatie

Geüpload op
19 juni 2026
Aantal pagina's
21
Geschreven in
2025/2026
Type
Tentamen (uitwerkingen)
Bevat
Vragen en antwoorden

Onderwerpen

$9.25
Krijg toegang tot het volledige document:

Verkeerd document? Gratis ruilen Binnen 14 dagen na aankoop en voor het downloaden kan je een ander document kiezen. Je kan het bedrag gewoon opnieuw besteden.
Geschreven door studenten die geslaagd zijn
Direct beschikbaar na je betaling
Online lezen of als PDF

Maak kennis met de verkoper
Seller avatar
vandekreekesem

Maak kennis met de verkoper

Seller avatar
vandekreekesem Katholieke Universiteit Leuven
Volgen Je moet ingelogd zijn om studenten of vakken te kunnen volgen
Verkocht
4
Lid sinds
3 weken
Aantal volgers
0
Documenten
7
Laatst verkocht
2 weken geleden

0.0

0 beoordelingen

5
0
4
0
3
0
2
0
1
0

Recent door jou bekeken

Waarom studenten kiezen voor Stuvia

Gemaakt door medestudenten, geverifieerd door reviews

Kwaliteit die je kunt vertrouwen: geschreven door studenten die slaagden en beoordeeld door anderen die dit document gebruikten.

Niet tevreden? Kies een ander document

Geen zorgen! Je kunt voor hetzelfde geld direct een ander document kiezen dat beter past bij wat je zoekt.

Betaal zoals je wilt, start meteen met leren

Geen abonnement, geen verplichtingen. Betaal zoals je gewend bent via Bancontact, iDeal of creditcard en download je PDF-document meteen.

Student with book image

“Gekocht, gedownload en geslaagd. Zo eenvoudig kan het zijn.”

Alisha Student

Bezig met je bronvermelding?

Maak nauwkeurige citaten in APA, MLA en Harvard met onze gratis bronnengenerator.

Bezig met je bronvermelding?

Veelgestelde vragen