CPFO - Risk Assessment Questions With Complete
Solutions
"A finance officer manages public finances transparently" is an
example from which principle in the GFOA Code of Ethics?
A. Integrity and Honesty
B. Producing Results for My Community
C. Treating People Fairly
D. Diversity and Inclusion Correct Answers A.
A change in which of the following would require a revalidation
of the baseline?
A. The process that is the object of internal control
B. The controls themselves
C. Risk exposure
D. All of the above
E. Both B and C Correct Answers After a baseline of effective
internal control has been established, changes may occur that
affect the
processes that are the object of internal control, the controls
themselves, or risk exposure. Management
should have a process in place to identify such changes as they
occur and make whatever
changes are necessary to ensure that controls remain effective.
[ Correct response = D]
A firewall is:
A. a cybersecurity format that needs to be read with a key and
code interpreter.
B. A multilayered approach to security where a second step of
authentication is required to complete a transaction.
,C. An established frequency for applying patches or fixes to
software and other applicable technologies
D. a combination of hardware and software that separate internal
networks from external networks. Correct Answers D.
A risk is something that prevents management from having
reasonable assurance that:
A. Operations are effective and efficient.
B. Financial reporting is reliable.
C. The organization has complied with applicable laws and
regulations.
D. All of the above
E. Both B and C Correct Answers A risk is any situation that
could compromise management's reasonable assurance that it is
achieving
one of its basic objectives ( efficiency and effectiveness of
operations, reliability of financial reporting,
or compliance with applicable laws and regulations). [Correct
response= D]
Applications and infrastructure are examples of:
A. contracts and inventory.
B. cloud services.
C. vendors and supply chains.
D. programming and engagement. Correct Answers B.
Data obtained that will be converted to quality information
should be which of the following?
A. Relevant
B. From reliable sources
C. Both A and B
, D. Neither A or B Correct Answers The data obtained that will
be converted to quality information by the government needs to
be
relevant and from reliable sources. [ Correct response = C]
Effective internal communication is which of the following?
A. Flows from the top-down
B. Flows from the bottom-up
C. Flows across departments
D. Just A and B
E. All of the above Correct Answers To be effective, internal
communication cannot be limited to a top-down flow of
information; it
must also flow from the bottom up, and horizontally across all
departments of a government.
[Correct response= E]
Emphasizing the capacity of infrastructure and operations to
respond to and recover from extreme events is called:
A. planning.
B. cyber security.
C. resiliency.
D. recovery. Correct Answers C.
Encrypted storage is:
A. a combination of hardware and software that separate internal
networks from external networks.
B. An established frequency for applying patches or fixes to
software and other applicable technologies
C. A multilayered approach to security where a second step of
authentication is required to complete a transaction.
Solutions
"A finance officer manages public finances transparently" is an
example from which principle in the GFOA Code of Ethics?
A. Integrity and Honesty
B. Producing Results for My Community
C. Treating People Fairly
D. Diversity and Inclusion Correct Answers A.
A change in which of the following would require a revalidation
of the baseline?
A. The process that is the object of internal control
B. The controls themselves
C. Risk exposure
D. All of the above
E. Both B and C Correct Answers After a baseline of effective
internal control has been established, changes may occur that
affect the
processes that are the object of internal control, the controls
themselves, or risk exposure. Management
should have a process in place to identify such changes as they
occur and make whatever
changes are necessary to ensure that controls remain effective.
[ Correct response = D]
A firewall is:
A. a cybersecurity format that needs to be read with a key and
code interpreter.
B. A multilayered approach to security where a second step of
authentication is required to complete a transaction.
,C. An established frequency for applying patches or fixes to
software and other applicable technologies
D. a combination of hardware and software that separate internal
networks from external networks. Correct Answers D.
A risk is something that prevents management from having
reasonable assurance that:
A. Operations are effective and efficient.
B. Financial reporting is reliable.
C. The organization has complied with applicable laws and
regulations.
D. All of the above
E. Both B and C Correct Answers A risk is any situation that
could compromise management's reasonable assurance that it is
achieving
one of its basic objectives ( efficiency and effectiveness of
operations, reliability of financial reporting,
or compliance with applicable laws and regulations). [Correct
response= D]
Applications and infrastructure are examples of:
A. contracts and inventory.
B. cloud services.
C. vendors and supply chains.
D. programming and engagement. Correct Answers B.
Data obtained that will be converted to quality information
should be which of the following?
A. Relevant
B. From reliable sources
C. Both A and B
, D. Neither A or B Correct Answers The data obtained that will
be converted to quality information by the government needs to
be
relevant and from reliable sources. [ Correct response = C]
Effective internal communication is which of the following?
A. Flows from the top-down
B. Flows from the bottom-up
C. Flows across departments
D. Just A and B
E. All of the above Correct Answers To be effective, internal
communication cannot be limited to a top-down flow of
information; it
must also flow from the bottom up, and horizontally across all
departments of a government.
[Correct response= E]
Emphasizing the capacity of infrastructure and operations to
respond to and recover from extreme events is called:
A. planning.
B. cyber security.
C. resiliency.
D. recovery. Correct Answers C.
Encrypted storage is:
A. a combination of hardware and software that separate internal
networks from external networks.
B. An established frequency for applying patches or fixes to
software and other applicable technologies
C. A multilayered approach to security where a second step of
authentication is required to complete a transaction.
