Internal Audit - Exam #2 || with 100% Error-free Answers.

The COSO exposure draft defined risk as "The possibility that events will occur and affect the achievement of a strategy and objectives." ISO defines risk as "effect of uncertainty on objectives." correct answers How does COSO define risk? How does ISO define risk? The five fundamental points embedded in the COSO and ISO definitions of risk are: ■■ ■ Risk begins with strategy formulation and setting of business objectives. ■■ ■ Risk involves uncertainty, which COSO refers to as "The state of not knowing how potential events may or may not manifest." ■■ ■ Risk does not represent a single point estimate (for example, the most likely outcome). Rather, it represents a range of possible outcomes. ■■ ■ Risks may relate to preventing bad things from happening (risk mitigation), or failing to ensure good things happen (that is, exploiting or pursuing opportunities). ■■ ■ Risks are inherent in all aspects of life—that is, wherever uncertainty exists, one or more risks exist. correct answers What are the five fundamental points embedded in the COSO and ISO definitions of risk? The COSO ERM exposure draft explains that its definition of enterprise risk management (ERM) emphasizes its focus on risk through: ■■ ■ Recognizing culture and capabilities, which are key aspects of ERM. ■■ ■ Applying practices, which are the procedures and tasks employed by the organization to ensure effective risk management. ■■ ■ Integrating with strategy-setting and its execution, which involves management considering the implications of each strategy to the organization's risk profile. ■■ ■ Managing risk to strategy and business objectives provides management and the board of direc- tors with a reasonable expectation that they can achieve the overall strategy and business objec- tives. ■■ ■ Linking to creating, preserving, and realizing value means that, ultimately, the success of risk management is determined by value. correct answers According to COSO, what are the fundamental concepts emphasized in its definition of enterprise risk management (erm)? COSO's definitions are: ■■ ■ Mission: The entity's core purpose, which establishes what it wants to accomplish and why it exists. ■■ ■ Vision: The entity's aspirations for its future state or what the organization aims to achieve over time. ■■ ■ Core Values: The entity's beliefs and ideals about what is good or bad, acceptable or unaccept- able, which influence the behavior of the organization. correct answers How does COSO define mission, vision, and core values? COSO defines strategy as "The organization's plan to achieve its mission and vision and to apply its core values." It defines business objectives as "Those measurable steps the organization takes