CIA Exam: Part 1 Questions and verified answers
Acceptable Risk - ✔✔A type of risk that revolves around the business impact that would be
experienced if certain risks became realized. The loss is deemed to be acceptable; no additional
controls are warranted.
Acceptable Risk Level - ✔✔A risk level derived from an organizations' legal and regulatory
compliance responsibilities, its threat profile, and its business drivers and impacts.
Adequate Control - ✔✔A level of control that is present if management has planned and
organized (designed) in a manner that provides reasonable assurance that the organization's
risk have been managed effectively and that the organization's goals and objectives will be
achieved efficiently and economically.
Audit Risk - ✔✔The risk that internal auditors may arrive at the wrong conclusions and opinions
of the work that they have undertaken.
Compliance - ✔✔Conformity and adherence to policies, plans, procedures, laws, regulations,
contracts, or other requirements.
Control Deficiency - ✔✔A condition that warrants attention as a potential or real shortcoming
that leaves an organization excessively at risk.
Control Environment - ✔✔The attitude and actions of the board and management regarding the
significance of control within the organization. The control environment provides the discipline
and structure for the achievement of the primary objectives of the system of internal control.
Elements of the Control Environment - ✔✔1) Integrity and ethical values
2) Management's philosophy and operating style
, 3) Organizational structure
4) Assignment of authority and responsibility
5) Human Resource policies and practices
6) Competence of personnel
Control Process - ✔✔The policies, procedures, and activities that are part of a control
framework, designed to ensure that risks are contained within the risk tolerances established by
the risk management process.
Control Risk - ✔✔The potential that control activities will fail to reduce controllable risk to an
acceptable level.
Enterprise risk management (ERM) - ✔✔A structured, consistent, and continuous process across
the whole organization for identifying, assessing, deciding on responses to, and reporting on
opportunities and threats that affect the achievement of its objectives.
Event - ✔✔An incident or occurrence resulting from internal or external sources that affects the
implementation of strategy or achievement of objectives.
Impact - ✔✔The result, effect, or consequences of an event.
Inherent Limitations - ✔✔Limitations of risk management, control, and governance related to
human judgement, resource limitations, and the need to balance the costs of controls in
relation to expected benefits; considers the reality of breakdowns occurring and the possibility
of management override and collusion.
Inherent Risk (or Absolute Risk) - ✔✔The risk derived from the environment without the
mitigating effects of internal controls
Acceptable Risk - ✔✔A type of risk that revolves around the business impact that would be
experienced if certain risks became realized. The loss is deemed to be acceptable; no additional
controls are warranted.
Acceptable Risk Level - ✔✔A risk level derived from an organizations' legal and regulatory
compliance responsibilities, its threat profile, and its business drivers and impacts.
Adequate Control - ✔✔A level of control that is present if management has planned and
organized (designed) in a manner that provides reasonable assurance that the organization's
risk have been managed effectively and that the organization's goals and objectives will be
achieved efficiently and economically.
Audit Risk - ✔✔The risk that internal auditors may arrive at the wrong conclusions and opinions
of the work that they have undertaken.
Compliance - ✔✔Conformity and adherence to policies, plans, procedures, laws, regulations,
contracts, or other requirements.
Control Deficiency - ✔✔A condition that warrants attention as a potential or real shortcoming
that leaves an organization excessively at risk.
Control Environment - ✔✔The attitude and actions of the board and management regarding the
significance of control within the organization. The control environment provides the discipline
and structure for the achievement of the primary objectives of the system of internal control.
Elements of the Control Environment - ✔✔1) Integrity and ethical values
2) Management's philosophy and operating style
, 3) Organizational structure
4) Assignment of authority and responsibility
5) Human Resource policies and practices
6) Competence of personnel
Control Process - ✔✔The policies, procedures, and activities that are part of a control
framework, designed to ensure that risks are contained within the risk tolerances established by
the risk management process.
Control Risk - ✔✔The potential that control activities will fail to reduce controllable risk to an
acceptable level.
Enterprise risk management (ERM) - ✔✔A structured, consistent, and continuous process across
the whole organization for identifying, assessing, deciding on responses to, and reporting on
opportunities and threats that affect the achievement of its objectives.
Event - ✔✔An incident or occurrence resulting from internal or external sources that affects the
implementation of strategy or achievement of objectives.
Impact - ✔✔The result, effect, or consequences of an event.
Inherent Limitations - ✔✔Limitations of risk management, control, and governance related to
human judgement, resource limitations, and the need to balance the costs of controls in
relation to expected benefits; considers the reality of breakdowns occurring and the possibility
of management override and collusion.
Inherent Risk (or Absolute Risk) - ✔✔The risk derived from the environment without the
mitigating effects of internal controls
