Written by students who passed Immediately available after payment Read online or as PDF Wrong document? Swap it for free 4.6 TrustPilot
logo-home
Summary

Summary Exam Study Guide | Risk Management & Internal Control | KU Leuven | 2025/26

Rating
-
Sold
4
Pages
67
Uploaded on
14-06-2026
Written in
2025/2026

Complete exam study guide for the Master handelsingenieur course on Internal Control and Risk Management at KU Leuven, taught by Jeffrey Ottevanger with guest lectures from EY. Covers Part I (8 chapters) on risk management and internal control theory, plus Part II on data analytics, process mining, sustainability (CSRD), fraud & forensics, IT controls/cybersecurity, and business continuity management. Structured for self-revision with key terms defined, frameworks explained in full, and highest-yield exam points flagged throughout—ideal preparation for the closed-book written exam with multiple-choice and open-ended questions.

Show more Read less
Institution
Course

Content preview

Risk Management & Internal Control
Complete Exam Study Guide

KU Leuven · Faculty of Economics and Business
Lecturer: Jeffrey Ottevanger · Guest lectures: EY & KU Leuven Internal Audit




Part I (Ch 1-8): Risk management & internal control theory. Part II: the EY guest lectures — Data Analytics &
Process Mining, CSRD/Sustainability, Fraud & Forensics, IT Controls/Cybersecurity/AI, and Business Continuity
Management.




Risk Management & Internal Control — Study Guide | Page 1

,How to use this guide & exam overview
This guide is written so that you can revise from this document alone. It follows the order in which the
course was taught. Each chapter teaches the concepts from scratch, defines every key term, explains
every framework in full, and flags the visual slides you must be able to recognise and reproduce. Shaded
call-out boxes mark the highest-yield exam points.

The exam format (confirmed on the slides)
• Closed-book, written exam with multiple-choice and open-ended questions (Intro slide 11).
• Roughly half the exam comes from EY’s part of the curriculum and half from the risk-
management & controls theory (wrap-up slide). The EY material spans five guest sessions — all
covered in Part II of this guide. Give it equal weight.
• The mock exam shows three question types: (1) yes/no with a justification, (2) multiple-choice,
and (3) large open questions (e.g. “What is the fraud triangle?”). Example open prompts named
on the slides: “Discuss the three lines of defence” and “Discuss the role of corporate governance
in ERM.”

Exam strategy
Be able to (a) state precise definitions (ISO Guide 73 risk, COSO Internal Control, COSO ERM, internal
auditing, audit, materiality), (b) draw and label the recurring diagrams (Three Lines, RASP, COSO
cube, ISO 31000 RMP, risk matrix, bow-tie, Fraud Triangle, double-materiality matrix, IT-control
families), and (c) apply them to short scenarios, exactly as the MCQs and EY case studies do.




Risk Management & Internal Control — Study Guide | Page 2

,Table of Contents
How to use this guide & exam overview......................................................................................................2
The exam format (confirmed on the slides).............................................................................................2
Table of Contents........................................................................................................................................3
Chapter 1 — Introduction to Risk Management & Internal Control............................................................6
1.1 Course objectives (what you should be able to do)...........................................................................6
1.2 A brief history of risk management....................................................................................................6
1.3 What is risk?......................................................................................................................................7
1.4 What is (internal) control?.................................................................................................................8
1.5 Development of ERM: from silos to integration................................................................................8
1.6 Corporate governance and the external regulatory context..............................................................9
1.7 Control responsibilities — who does what......................................................................................10
1.8 Summary: the Three Lines (of Defence) — key visual......................................................................12
Chapter 2 — Linking Strategy and Risk Management (Standards & Frameworks)....................................13
2.1 Standards, process and framework: 8R-4T and RASP......................................................................13
2.2 COSO ERM.......................................................................................................................................14
2.3 ISO 31000.........................................................................................................................................15
2.4 The ISO 31000 Risk Management Process (RMP) — key visual........................................................16
2.5 Linking ERM and strategy development..........................................................................................16
Chapter 3 — Governance & Governing Bodies..........................................................................................18
3.1 Red flags of bad governance — Simons’ Risk Exposure Calculator (key visual)...............................18
3.2 The WorldCom case (worked example)...........................................................................................18
3.3 The external regulatory context: theories behind governance........................................................19
3.4 The Sarbanes-Oxley Act (SOX, 2002) in detail..................................................................................20
3.5 Corporate governance from the internal context: governing bodies...............................................20
3.6 Governance around the world.........................................................................................................21
Chapter 4 — Designing Risk Management & Challenges of ERM Implementation....................................22
4.1 Designing a risk-management framework: the lifecycle..................................................................22
4.2 Implementing the framework: case-study lessons..........................................................................22
4.3 Challenges of ERM implementation.................................................................................................23
4.4 Specific risk categories.....................................................................................................................23
Chapter 5 — Fraud Management..............................................................................................................26
5.1 What is fraud?..................................................................................................................................26
5.2 Who commits fraud, and why?........................................................................................................26


Risk Management & Internal Control — Study Guide | Page 3

, 5.3 Types of fraud..................................................................................................................................26
5.4 The Fraud Triangle (Donald Cressey) — key visual...........................................................................27
5.5 The COSO Internal Control framework — five components (key visual)..........................................28
5.6 Control Activities in detail................................................................................................................28
5.7 Rationalisation in practice................................................................................................................29
5.8 Fraud prevention & detection..........................................................................................................29
Chapter 6 — Risk Assessment, Cognitive Biases & Risk Response.............................................................31
6.1 The appetite vocabulary..................................................................................................................31
6.2 Inherent vs residual risk...................................................................................................................31
6.3 Risk assessment: definition and three tasks....................................................................................31
6.4 Risk description and the risk register...............................................................................................32
6.5 Risk assessment tools & techniques (ISO 31010) — key table.........................................................32
6.6 Cognitive biases...............................................................................................................................34
6.7 Risk response (risk treatment) — the 4 Ts.......................................................................................34
Chapter 7 — A Closer Look at Risks & Controls.........................................................................................36
7.1 Financial risk....................................................................................................................................36
7.2 Market risk.......................................................................................................................................36
7.3 Credit risk.........................................................................................................................................37
7.4 Operational risk...............................................................................................................................38
7.5 Types of controls — in depth...........................................................................................................38
Chapter 8 — Internal Audit (KU Leuven guest lecture)..............................................................................40
8.1 Internal audit definition & ethics (GIAS, 2025)................................................................................40
8.2 The IIA Three Lines Model (updated) — key visual..........................................................................40
8.3 Internal audit at KU Leuven.............................................................................................................40
8.4 What internal audit does.................................................................................................................41
8.5 Conducting an audit.........................................................................................................................42
8.6 ERM and Internal Audit....................................................................................................................43
EY Guest Lecture I — Audit, Data Analytics & Process Mining...................................................................45
EY.1 What an audit is, and why it exists.................................................................................................45
EY.2 Data analytics — theory and practice............................................................................................46
EY.3 Process mining...............................................................................................................................47
EY Guest Lecture II — CSRD & Sustainability Reporting (“More than a report”).......................................50
EY2.1 Context: why sustainability matters.............................................................................................50
EY2.2 The EU regulatory landscape.......................................................................................................50
EY2.3 ESG risk identification..................................................................................................................51



Risk Management & Internal Control — Study Guide | Page 4

Written for

Institution
Study
Course

Document information

Uploaded on
June 14, 2026
Number of pages
67
Written in
2025/2026
Type
SUMMARY

Subjects

$9.36
Get access to the full document:

Wrong document? Swap it for free Within 14 days of purchase and before downloading, you can choose a different document. You can simply spend the amount again.
Written by students who passed
Immediately available after payment
Read online or as PDF

Get to know the seller
Seller avatar
vandekreekesem

Get to know the seller

Seller avatar
vandekreekesem Katholieke Universiteit Leuven
Follow You need to be logged in order to follow users or courses
Sold
4
Member since
3 weeks
Number of followers
0
Documents
7
Last sold
2 weeks ago

0.0

0 reviews

5
0
4
0
3
0
2
0
1
0

Recently viewed by you

Why students choose Stuvia

Created by fellow students, verified by reviews

Quality you can trust: written by students who passed their tests and reviewed by others who've used these notes.

Didn't get what you expected? Choose another document

No worries! You can instantly pick a different document that better fits what you're looking for.

Pay as you like, start learning right away

No subscription, no commitments. Pay the way you're used to via credit card and download your PDF document instantly.

Student with book image

“Bought, downloaded, and aced it. It really can be that simple.”

Alisha Student

Working on your references?

Create accurate citations in APA, MLA and Harvard with our free citation generator.

Working on your references?

Frequently asked questions