Rédigé par des étudiants ayant réussi Disponible immédiatement après paiement Lire en ligne ou en PDF Mauvais document ? Échangez-le gratuitement 4,6 TrustPilot
logo-home
Examen

Exam Practice Question Bank | Risk Management & Internal Control | KU Leuven | 2025/26

Note
-
Vendu
-
Pages
21
Grade
9-10
Publié le
19-06-2026
Écrit en
2025/2026

This question bank contains 135 practice questions (multiple choice and open-ended) with detailed answers for the Internal Control and Risk Management course at KU Leuven's Master handelsingenieur program. Topics covered include COSO ERM framework, ISO 31000 risk assessment, risk responses (4 Ts), inherent vs. residual risk, IT General Controls, agency theory, business continuity management, cybersecurity controls, and CSRD/ESRS materiality concepts. Essential for exam preparation—work through the questions while covering answers in red to test your knowledge and master the core concepts taught in the course.

Montrer plus Lire moins

Aperçu du contenu

Risk Management & Internal Control
Exam Practice Question Bank
135 questions (multiple choice + open-ended) with answers
KU Leuven · Faculty of Economics and Business



Answers are shown in red beneath each question. Cover them while practising.




RM & IC — Exam Practice Question Bank | Page 1

,Part A — Questions from the revision session (Q1-Q35)
1. [Multiple choice] An entity expects its variable interest rate to rise and locks in a fixed rate via a
hedge. According to COSO, this risk response is:
A. Reduction
B. Acceptance
C. Sharing
D. Avoidance
Answer: C — Sharing (transfer): part of the risk is transferred to the counterparty offering the fixed rate.

2. [Multiple choice] Under ISO 31000, the three tasks of risk assessment, in order, are:
A. Identification - treatment - monitoring
B. Identification - analysis - evaluation
C. Recognition - rating - ranking
D. Analysis - evaluation - response
Answer: B — Risk identification, then analysis (likelihood x consequence, incl. existing controls), then
evaluation against criteria.

3. [Open-ended] Explain the difference between inherent risk and residual risk, and how their
relationship is shown on a risk matrix.
Answer: Inherent = risk before any controls; residual (current/managed) = what remains after controls
(inherent - controls = residual). On the matrix, plot the inherent point (high) and the residual point
(lower); the arrow between them is the control-reduction effort, and a target level can also be shown.
Used to judge whether residual exposure is within risk appetite/capacity.

4. [Multiple choice] In COSO ERM 2017, in which component does an entity define its risk appetite?
A. Governance & Culture
B. Performance
C. Strategy & Objective-Setting
D. Information, Communication & Reporting
Answer: C — Strategy & Objective-Setting (principle 7). Note: in COSO ERM 2004 it was the Objective-
Setting component.

5. [Open-ended] Define double materiality (CSRD/ESRS) and name the two perspectives it consists of.
Answer: A topic is material if material from EITHER: impact materiality (outward - the company's effect
on society/environment) OR financial materiality (inward - sustainability risks/opportunities affecting
the company).

6. [Multiple choice] Which is NOT one of the three IT General Control (ITGC) families?
A. Manage Access
B. Manage Change
C. Manage Operations
D. Manage Threats
Answer: D — Manage Threats is a cybersecurity ('back door') control. The three ITGC families are
Access, Change, Operations.



RM & IC — Exam Practice Question Bank | Page 2

, 7. [Open-ended] Name and explain the four risk responses (the 4 Ts) and the likelihood/impact situation
for each.
Answer: Tolerate (accept) - low/low; Treat (reduce via controls) - high likelihood/low impact; Transfer
(share, e.g. insurance) - low likelihood/high impact; Terminate (avoid/eliminate) - high/high.

8. [Multiple choice] Which technique obtains a reliable consensus from experts giving opinions
individually and anonymously across iterative rounds?
A. Brainstorming
B. SWIFT
C. Delphi technique
D. Bow-tie analysis
Answer: C — Delphi technique (expert panel, individual & anonymous input, iterative rounds).

9. [Open-ended] Explain Agency Theory in corporate governance: who are the principals and agents,
what is the core problem, and name two governance mechanisms used to address it.
Answer: Principals = shareholders; agents = managers. Core problem = the principal-agent problem
(divergent goals, costly to verify the agent's actions) worsened by information asymmetry. Mechanisms
(any 2): board of directors, auditing, performance-based incentives.

10. [Multiple choice] What is the difference between RTO and RPO in BCM?
A. RTO = max data loss; RPO = max downtime
B. RTO = max time to restore a service; RPO = max acceptable data loss
C. Both measure downtime for different systems
D. RTO = recovery cost; RPO = recovery priority
Answer: B — RTO = maximum time to restore; RPO = maximum acceptable data loss (point you can roll
back to).

11. [Open-ended] State the three elements of the Fraud Triangle (Cressey) and explain why all three
matter for designing anti-fraud controls.
Answer: Pressure, Opportunity, Rationalisation. All three together signal high fraud likelihood; controls
attack each corner - reduce opportunity (SoD/access/audit trail), relieve pressure (realistic targets), and
reduce rationalisation (tone at the top, code of conduct, punishment).

12. [Multiple choice] Per ISA 240, the external auditor's responsibility regarding fraud is to:
A. Detect all fraud and report it to the police
B. Obtain reasonable assurance the statements are free from material misstatement from fraud or
error
C. Manage the company's anti-fraud controls
D. Make a legal determination that fraud occurred
Answer: B — Reasonable assurance on material misstatement (fraud or error). The auditor does not
detect all fraud, manage controls, or make legal determinations.

13. [Open-ended] Describe the Three Lines of Defence: what sits at each line (with an example role),
and where external audit fits.
Answer: 1st line = operational management & internal controls (risk owners, e.g. department head); 2nd
line = risk management & compliance (e.g. risk manager); 3rd line = internal audit (independent



RM & IC — Exam Practice Question Bank | Page 3

Infos sur le Document

Publié le
19 juin 2026
Nombre de pages
21
Écrit en
2025/2026
Type
Examen
Contient
Questions et réponses
€7,86
Accéder à l'intégralité du document:

Mauvais document ? Échangez-le gratuitement Dans les 14 jours suivant votre achat et avant le téléchargement, vous pouvez choisir un autre document. Vous pouvez simplement dépenser le montant à nouveau.
Rédigé par des étudiants ayant réussi
Disponible immédiatement après paiement
Lire en ligne ou en PDF

Faites connaissance avec le vendeur
Seller avatar
vandekreekesem

Faites connaissance avec le vendeur

Seller avatar
vandekreekesem Katholieke Universiteit Leuven
Voir profil
S'abonner Vous devez être connecté afin de suivre les étudiants ou les cours
Vendu
4
Membre depuis
4 semaines
Nombre de followers
0
Documents
7
Dernière vente
3 semaines de cela

0,0

0 revues

5
0
4
0
3
0
2
0
1
0

Pourquoi les étudiants choisissent Stuvia

Créé par d'autres étudiants, vérifié par les avis

Une qualité sur laquelle compter : rédigé par des étudiants qui ont réussi et évalué par d'autres qui ont utilisé ce document.

Le document ne convient pas ? Choisis un autre document

Aucun souci ! Tu peux sélectionner directement un autre document qui correspond mieux à ce que tu cherches.

Paye comme tu veux, apprends aussitôt

Aucun abonnement, aucun engagement. Paye selon tes habitudes par carte de crédit et télécharge ton document PDF instantanément.

Student with book image

“Acheté, téléchargé et réussi. C'est aussi simple que ça.”

Alisha Student

Foire aux questions