CPFO - Risk Assessment Exam Questions with Correct Answers Latest Update 2025/2026
Risk Treatment is:
A. Monitoring the frequency and severity of claims and modifying them as necessary.
B. After identifying and evaluating risk exposures, the next step is to decide how best to manage
the exposures.
C. A process that is ongoing and flowing throughout an organization and designed to identify
potential events that may negatively affect the organization.
D. All of the above. - Answers B.
Risk identification is:
A. Monitoring the frequency and severity of claims and modifying them as necessary.
B. A process that is ongoing and flowing throughout an organization and designed to identify
potential events that may negatively affect the organization.
C. Identifying and evaluating risk exposures.
D. An essential component in identifying risk by understanding the sources, types, and likelihood
of risk. - Answers D.
Specification of objectives, identification of risks, alertness to potential fraud, and identification
and assessment of changes is considered:
A. principles that are always in connection with effective risk assessment.
B. always present in an effective control environment
C. always present when control activities are effective
D. evidence when information and communication are effective. - Answers A.
Risk evaluation:
A. identifies and evaluates risk exposures.
B. assumes financial responsibility for some losses.
C. monitors the frequency and severity of claims and modifies them as necessary.
D. None of the above. - Answers C.
Risk treatment will include which of the following?
,A. Loss prevention and control
B. Monitoring
C. Precision
D.None of the above. - Answers A.
Enterprise risk management is:
A. Monitoring the frequency and severity of claims and modifying them as necessary.
B. A process that is ongoing and flowing throughout an organization and designed to identify
potential events that may negatively affect the organization.
C. Heightened awareness of a government's financial information
D. All of the above. - Answers B.
Which of the following describes inherent risk in internal controls?
A. Programs involving large amounts of cash receipts.
B. A process that is ongoing and flowing throughout an organization and designed to identify
potential events that may negatively affect the organization.
C. assumes financial responsibility for some losses.
D. identifies and evaluates risk exposures. - Answers A.
Which of the following has a pervasive effect on the basic components of a comprehensive
framework of internal control?
A. Control environment
B. Risk assessment
C. Control activities
D. Monitoring - Answers A.
"A finance officer manages public finances transparently" is an example from which principle in
the GFOA Code of Ethics?
A. Integrity and Honesty
B. Producing Results for My Community
C. Treating People Fairly
, D. Diversity and Inclusion - Answers A.
When posting documents to a government website, computerized tools can be used to find,
extract, and analyze data presented in electronic form. This is called:
A. Heightened awareness
B. Universal accessibility
C. Facilitated analysis
D. Enhanced diversity - Answers C.
When evaluating service delivery alternatives, which of the following is NOT considered a
stakeholder in the process?
A. Advocacy groups
B. Unions
C. Local businesses
D. Elected officials - Answers D.
Policies and procedures for disaster related costs should be reviewed at least once every:
A. year
B. three years
C. five years
D. seven years - Answers B.
In disaster recover cost documentation, an emergency/disaster clause should be incorporated
into:
A. bylaws.
B. grant applications.
C. insurance policies.
D. contracts for goods and services. - Answers D.
Emphasizing the capacity of infrastructure and operations to respond to and recover from
extreme events is called:
A. planning.
Risk Treatment is:
A. Monitoring the frequency and severity of claims and modifying them as necessary.
B. After identifying and evaluating risk exposures, the next step is to decide how best to manage
the exposures.
C. A process that is ongoing and flowing throughout an organization and designed to identify
potential events that may negatively affect the organization.
D. All of the above. - Answers B.
Risk identification is:
A. Monitoring the frequency and severity of claims and modifying them as necessary.
B. A process that is ongoing and flowing throughout an organization and designed to identify
potential events that may negatively affect the organization.
C. Identifying and evaluating risk exposures.
D. An essential component in identifying risk by understanding the sources, types, and likelihood
of risk. - Answers D.
Specification of objectives, identification of risks, alertness to potential fraud, and identification
and assessment of changes is considered:
A. principles that are always in connection with effective risk assessment.
B. always present in an effective control environment
C. always present when control activities are effective
D. evidence when information and communication are effective. - Answers A.
Risk evaluation:
A. identifies and evaluates risk exposures.
B. assumes financial responsibility for some losses.
C. monitors the frequency and severity of claims and modifies them as necessary.
D. None of the above. - Answers C.
Risk treatment will include which of the following?
,A. Loss prevention and control
B. Monitoring
C. Precision
D.None of the above. - Answers A.
Enterprise risk management is:
A. Monitoring the frequency and severity of claims and modifying them as necessary.
B. A process that is ongoing and flowing throughout an organization and designed to identify
potential events that may negatively affect the organization.
C. Heightened awareness of a government's financial information
D. All of the above. - Answers B.
Which of the following describes inherent risk in internal controls?
A. Programs involving large amounts of cash receipts.
B. A process that is ongoing and flowing throughout an organization and designed to identify
potential events that may negatively affect the organization.
C. assumes financial responsibility for some losses.
D. identifies and evaluates risk exposures. - Answers A.
Which of the following has a pervasive effect on the basic components of a comprehensive
framework of internal control?
A. Control environment
B. Risk assessment
C. Control activities
D. Monitoring - Answers A.
"A finance officer manages public finances transparently" is an example from which principle in
the GFOA Code of Ethics?
A. Integrity and Honesty
B. Producing Results for My Community
C. Treating People Fairly
, D. Diversity and Inclusion - Answers A.
When posting documents to a government website, computerized tools can be used to find,
extract, and analyze data presented in electronic form. This is called:
A. Heightened awareness
B. Universal accessibility
C. Facilitated analysis
D. Enhanced diversity - Answers C.
When evaluating service delivery alternatives, which of the following is NOT considered a
stakeholder in the process?
A. Advocacy groups
B. Unions
C. Local businesses
D. Elected officials - Answers D.
Policies and procedures for disaster related costs should be reviewed at least once every:
A. year
B. three years
C. five years
D. seven years - Answers B.
In disaster recover cost documentation, an emergency/disaster clause should be incorporated
into:
A. bylaws.
B. grant applications.
C. insurance policies.
D. contracts for goods and services. - Answers D.
Emphasizing the capacity of infrastructure and operations to respond to and recover from
extreme events is called:
A. planning.
