ARM 400 - Segment C - Chapters 7, 8, & 9
Questions With Correct Answers
In accordance with the Three Lines of Defense Model, how does risk management act as the
second line of defense?
Select one:
A. Risk management provides oversight to the operational management's assessment of risk and
internal controls.
B. Risk management supports and monitors operational management's implementation of risk
management practices.
C. Risk management has authority to initiate activity demanding an external audit should a risk
be deemed imminent.
D. Risk management alerts internal audit of potential threats within a department and works with
internal audit to neutralize the threat. B. Risk management supports and monitors
operational management's implementation of risk management practices.
Many banks are using technology to search for and detect cyber-security threats locally and in
the cloud. This application of technology, in which machines learn from humans, illustrates the
use of
Select one:
A. Data analytics.
B. Machine learning.
C. Risk management information systems.
D. Artificial intelligence. D. Artificial intelligence.
, Which one of the following best explains how the role of the internal auditor changed with the
passage of the Sarbanes-Oxley Act of 2002?
Select one:
A. The internal auditor must adopt the attitude of an external auditor, carefully reviewing and
critiquing the finances of an organization.
B. The internal auditor must adapt to the ever changing environment of risk control through the
use of electronic reconciliation programs.
C. The internal auditor must adopt a stakeholder orientation by anticipating, monitoring and
assessing business and operational risk.
D. The internal auditor must be able to recognize current fraud risks as well computer theft of
intellectual property. C. The internal auditor must adopt a stakeholder orientation by
anticipating, monitoring and assessing business and operational risk.
Which one of the following best describes how internal audit supports enterprise risk
management (ERM)?
Select one:
A. ERM provides the assessments that internal audit uses to test the viability of controls.
B. ERM implements risk management activities and internal audit assesses the results.
C. Internal audit implements the risk assessments provided by ERM.
D. Internal audit finds risks overlooked by ERM. B. ERM implements risk management
activities and internal audit assesses the results.
An auditor identifies risks under the risk-based approach by
Select one:
Questions With Correct Answers
In accordance with the Three Lines of Defense Model, how does risk management act as the
second line of defense?
Select one:
A. Risk management provides oversight to the operational management's assessment of risk and
internal controls.
B. Risk management supports and monitors operational management's implementation of risk
management practices.
C. Risk management has authority to initiate activity demanding an external audit should a risk
be deemed imminent.
D. Risk management alerts internal audit of potential threats within a department and works with
internal audit to neutralize the threat. B. Risk management supports and monitors
operational management's implementation of risk management practices.
Many banks are using technology to search for and detect cyber-security threats locally and in
the cloud. This application of technology, in which machines learn from humans, illustrates the
use of
Select one:
A. Data analytics.
B. Machine learning.
C. Risk management information systems.
D. Artificial intelligence. D. Artificial intelligence.
, Which one of the following best explains how the role of the internal auditor changed with the
passage of the Sarbanes-Oxley Act of 2002?
Select one:
A. The internal auditor must adopt the attitude of an external auditor, carefully reviewing and
critiquing the finances of an organization.
B. The internal auditor must adapt to the ever changing environment of risk control through the
use of electronic reconciliation programs.
C. The internal auditor must adopt a stakeholder orientation by anticipating, monitoring and
assessing business and operational risk.
D. The internal auditor must be able to recognize current fraud risks as well computer theft of
intellectual property. C. The internal auditor must adopt a stakeholder orientation by
anticipating, monitoring and assessing business and operational risk.
Which one of the following best describes how internal audit supports enterprise risk
management (ERM)?
Select one:
A. ERM provides the assessments that internal audit uses to test the viability of controls.
B. ERM implements risk management activities and internal audit assesses the results.
C. Internal audit implements the risk assessments provided by ERM.
D. Internal audit finds risks overlooked by ERM. B. ERM implements risk management
activities and internal audit assesses the results.
An auditor identifies risks under the risk-based approach by
Select one:
