Geschreven door studenten die geslaagd zijn Direct beschikbaar na je betaling Online lezen of als PDF Verkeerd document? Gratis ruilen 4,6 TrustPilot
logo-home
Samenvatting

Summary Exam Study Guide | Risk Management & Internal Control | KU Leuven | 2025/26

Beoordeling
-
Verkocht
4
Pagina's
67
Geüpload op
14-06-2026
Geschreven in
2025/2026

Complete exam study guide for the Master handelsingenieur course on Internal Control and Risk Management at KU Leuven, taught by Jeffrey Ottevanger with guest lectures from EY. Covers Part I (8 chapters) on risk management and internal control theory, plus Part II on data analytics, process mining, sustainability (CSRD), fraud & forensics, IT controls/cybersecurity, and business continuity management. Structured for self-revision with key terms defined, frameworks explained in full, and highest-yield exam points flagged throughout—ideal preparation for the closed-book written exam with multiple-choice and open-ended questions.

Meer zien Lees minder

Voorbeeld van de inhoud

Risk Management & Internal Control
Complete Exam Study Guide

KU Leuven · Faculty of Economics and Business
Lecturer: Jeffrey Ottevanger · Guest lectures: EY & KU Leuven Internal Audit




Part I (Ch 1-8): Risk management & internal control theory. Part II: the EY guest lectures — Data Analytics &
Process Mining, CSRD/Sustainability, Fraud & Forensics, IT Controls/Cybersecurity/AI, and Business Continuity
Management.




Risk Management & Internal Control — Study Guide | Page 1

,How to use this guide & exam overview
This guide is written so that you can revise from this document alone. It follows the order in which the
course was taught. Each chapter teaches the concepts from scratch, defines every key term, explains
every framework in full, and flags the visual slides you must be able to recognise and reproduce. Shaded
call-out boxes mark the highest-yield exam points.

The exam format (confirmed on the slides)
• Closed-book, written exam with multiple-choice and open-ended questions (Intro slide 11).
• Roughly half the exam comes from EY’s part of the curriculum and half from the risk-
management & controls theory (wrap-up slide). The EY material spans five guest sessions — all
covered in Part II of this guide. Give it equal weight.
• The mock exam shows three question types: (1) yes/no with a justification, (2) multiple-choice,
and (3) large open questions (e.g. “What is the fraud triangle?”). Example open prompts named
on the slides: “Discuss the three lines of defence” and “Discuss the role of corporate governance
in ERM.”

Exam strategy
Be able to (a) state precise definitions (ISO Guide 73 risk, COSO Internal Control, COSO ERM, internal
auditing, audit, materiality), (b) draw and label the recurring diagrams (Three Lines, RASP, COSO
cube, ISO 31000 RMP, risk matrix, bow-tie, Fraud Triangle, double-materiality matrix, IT-control
families), and (c) apply them to short scenarios, exactly as the MCQs and EY case studies do.




Risk Management & Internal Control — Study Guide | Page 2

,Table of Contents
How to use this guide & exam overview......................................................................................................2
The exam format (confirmed on the slides).............................................................................................2
Table of Contents........................................................................................................................................3
Chapter 1 — Introduction to Risk Management & Internal Control............................................................6
1.1 Course objectives (what you should be able to do)...........................................................................6
1.2 A brief history of risk management....................................................................................................6
1.3 What is risk?......................................................................................................................................7
1.4 What is (internal) control?.................................................................................................................8
1.5 Development of ERM: from silos to integration................................................................................8
1.6 Corporate governance and the external regulatory context..............................................................9
1.7 Control responsibilities — who does what......................................................................................10
1.8 Summary: the Three Lines (of Defence) — key visual......................................................................12
Chapter 2 — Linking Strategy and Risk Management (Standards & Frameworks)....................................13
2.1 Standards, process and framework: 8R-4T and RASP......................................................................13
2.2 COSO ERM.......................................................................................................................................14
2.3 ISO 31000.........................................................................................................................................15
2.4 The ISO 31000 Risk Management Process (RMP) — key visual........................................................16
2.5 Linking ERM and strategy development..........................................................................................16
Chapter 3 — Governance & Governing Bodies..........................................................................................18
3.1 Red flags of bad governance — Simons’ Risk Exposure Calculator (key visual)...............................18
3.2 The WorldCom case (worked example)...........................................................................................18
3.3 The external regulatory context: theories behind governance........................................................19
3.4 The Sarbanes-Oxley Act (SOX, 2002) in detail..................................................................................20
3.5 Corporate governance from the internal context: governing bodies...............................................20
3.6 Governance around the world.........................................................................................................21
Chapter 4 — Designing Risk Management & Challenges of ERM Implementation....................................22
4.1 Designing a risk-management framework: the lifecycle..................................................................22
4.2 Implementing the framework: case-study lessons..........................................................................22
4.3 Challenges of ERM implementation.................................................................................................23
4.4 Specific risk categories.....................................................................................................................23
Chapter 5 — Fraud Management..............................................................................................................26
5.1 What is fraud?..................................................................................................................................26
5.2 Who commits fraud, and why?........................................................................................................26


Risk Management & Internal Control — Study Guide | Page 3

, 5.3 Types of fraud..................................................................................................................................26
5.4 The Fraud Triangle (Donald Cressey) — key visual...........................................................................27
5.5 The COSO Internal Control framework — five components (key visual)..........................................28
5.6 Control Activities in detail................................................................................................................28
5.7 Rationalisation in practice................................................................................................................29
5.8 Fraud prevention & detection..........................................................................................................29
Chapter 6 — Risk Assessment, Cognitive Biases & Risk Response.............................................................31
6.1 The appetite vocabulary..................................................................................................................31
6.2 Inherent vs residual risk...................................................................................................................31
6.3 Risk assessment: definition and three tasks....................................................................................31
6.4 Risk description and the risk register...............................................................................................32
6.5 Risk assessment tools & techniques (ISO 31010) — key table.........................................................32
6.6 Cognitive biases...............................................................................................................................34
6.7 Risk response (risk treatment) — the 4 Ts.......................................................................................34
Chapter 7 — A Closer Look at Risks & Controls.........................................................................................36
7.1 Financial risk....................................................................................................................................36
7.2 Market risk.......................................................................................................................................36
7.3 Credit risk.........................................................................................................................................37
7.4 Operational risk...............................................................................................................................38
7.5 Types of controls — in depth...........................................................................................................38
Chapter 8 — Internal Audit (KU Leuven guest lecture)..............................................................................40
8.1 Internal audit definition & ethics (GIAS, 2025)................................................................................40
8.2 The IIA Three Lines Model (updated) — key visual..........................................................................40
8.3 Internal audit at KU Leuven.............................................................................................................40
8.4 What internal audit does.................................................................................................................41
8.5 Conducting an audit.........................................................................................................................42
8.6 ERM and Internal Audit....................................................................................................................43
EY Guest Lecture I — Audit, Data Analytics & Process Mining...................................................................45
EY.1 What an audit is, and why it exists.................................................................................................45
EY.2 Data analytics — theory and practice............................................................................................46
EY.3 Process mining...............................................................................................................................47
EY Guest Lecture II — CSRD & Sustainability Reporting (“More than a report”).......................................50
EY2.1 Context: why sustainability matters.............................................................................................50
EY2.2 The EU regulatory landscape.......................................................................................................50
EY2.3 ESG risk identification..................................................................................................................51



Risk Management & Internal Control — Study Guide | Page 4

Documentinformatie

Geüpload op
14 juni 2026
Aantal pagina's
67
Geschreven in
2025/2026
Type
SAMENVATTING
€7,96
Krijg toegang tot het volledige document:

Verkeerd document? Gratis ruilen Binnen 14 dagen na aankoop en voor het downloaden kan je een ander document kiezen. Je kan het bedrag gewoon opnieuw besteden.
Geschreven door studenten die geslaagd zijn
Direct beschikbaar na je betaling
Online lezen of als PDF

Maak kennis met de verkoper
Seller avatar
vandekreekesem

Maak kennis met de verkoper

Seller avatar
vandekreekesem Katholieke Universiteit Leuven
Bekijk profiel
Volgen Je moet ingelogd zijn om studenten of vakken te kunnen volgen
Verkocht
4
Lid sinds
3 weken
Aantal volgers
0
Documenten
7
Laatst verkocht
2 weken geleden

0,0

0 beoordelingen

5
0
4
0
3
0
2
0
1
0

Recent door jou bekeken

Waarom studenten kiezen voor Stuvia

Gemaakt door medestudenten, geverifieerd door reviews

Kwaliteit die je kunt vertrouwen: geschreven door studenten die slaagden en beoordeeld door anderen die dit document gebruikten.

Niet tevreden? Kies een ander document

Geen zorgen! Je kunt voor hetzelfde geld direct een ander document kiezen dat beter past bij wat je zoekt.

Betaal zoals je wilt, start meteen met leren

Geen abonnement, geen verplichtingen. Betaal zoals je gewend bent via Bancontact, iDeal of creditcard en download je PDF-document meteen.

Student with book image

“Gekocht, gedownload en geslaagd. Zo eenvoudig kan het zijn.”

Alisha Student

Bezig met je bronvermelding?

Maak nauwkeurige citaten in APA, MLA en Harvard met onze gratis bronnengenerator.

Bezig met je bronvermelding?

Veelgestelde vragen