Mock Summary
0 of 60 questions completed
Questions:
Information
You have already completed the mock before. Hence you can not start it again.
Mock is loading…
You must sign in or sign up to start the mock.
Results
Results
Time has elapsed
You have reached 0 of 0 point(s), (0)
Earned Point(s): 0 of 0, (0)
0 Essay(s) Pending (Possible Point(s): 0)
Categories
- P3A: Enterprise Risk 0%
- P3B: Strategic risk 0%
- P3C: Internal Controls 0%
- P3D: Cybersecurity risks 0%
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- Current
- Review
- Correct
- Incorrect
-
Question 1 of 60
1. Question
The Production Manager has four possible suppliers for a key component. The organisation operates a Just-in-Time manufacturing process and requires parts to be delivered within 4 hours of placing the order. The organisation has a monthly demand of 2.5m for this specific component. The cost of production coming to a halt will cost the organisation £100,000 per 15 minutes and £1.75m in start up costs once production can be resumed.
Consider each proposal, using a 3×3 risk matrix (low medium and high) with impact on the Y axis and likelihood on the X axis, with the criteria: Capacity Issues, Delivery disruption and Infrastructure.
Based on your analysis of the risk matrix which of the following suppliers minimises the potential of the organisation incurring any downside risk?
CorrectIncorrect -
Question 2 of 60
2. Question
An organisation operates as part of a oligopoly within the fleet industry, which naturally comes with high barriers to entry, with fierce competitive behaviour between the companies. Customers tend to be locked into long term contracts and it is known within the oligopoly when customer contracts are due for renewal, with competitors quick to promote their offer to customers. The market size is in excess of 100,000 customers.
Which one of the following would be the weakest competitive strategy to adopt?
CorrectIncorrect -
Question 3 of 60
3. Question
Under the COSO framework, match the element to the principle:
Sort elements
- Sets the tone at the top
- Applies relevant expertise
- Established reporting lines
- Established policies and practices
- Established performance measures and incentives
-
Competence
-
Oversight
-
Accountability
-
Integrity & Ethics
-
Authority
CorrectIncorrect -
Question 4 of 60
4. Question
Which of the following is the first line of defence against a malware attack?
CorrectIncorrect -
Question 5 of 60
5. Question
Which one of the following represents the greatest operational risk for a national telecoms company?
CorrectIncorrect -
Question 6 of 60
6. Question
An established organisation who has become a byword for quality and service in their industry and has been rewarded with a very high market share is looking to grow over the next few years.
Which Product-Market strategy would be the most appropriate?
CorrectIncorrect -
Question 7 of 60
7. Question
An organisation has analysed the amount it is spending on raw materials and does not understand how it has increased so much more than revenue despite the price per unit being fixed.
Which type of management control system could be introduced to analyse this issue further?
CorrectIncorrect -
Question 8 of 60
8. Question
Some hackers are called Grey Hat, what makes Grey Hat hackers different to Black and White Hat hackers?
CorrectIncorrect -
Question 9 of 60
9. Question
An American company needs to reduce costs, they are considering approaching Asian companies to manufacture their products.
Which of the following generates the most downside risk?
CorrectIncorrect -
Question 10 of 60
10. Question
Scenario planning is used in risk mitigation, as it removes which two of the following from the decision making process?
CorrectIncorrect -
Question 11 of 60
11. Question
Under COSO, an organisation’s effective internal communication of issues is dependent on which of the following?
Select all that apply
CorrectIncorrect -
Question 12 of 60
12. Question
Which of the following are characteristics of good cybersecurity policy?
Select all that apply
CorrectIncorrect -
Question 13 of 60
13. Question
An organisation has a risk which has a 40% probability of occurring and would require extensive renovations to the projects lasting 26 weeks.
On further analysis, it is confirmed that of the 40% probability, this is made up of a 20% probability of requiring a 26-week renovation and a 20% probability of only needing minor remedial work, there is a 50% chance the remedial work could be delivered within 5 weeks and a 50% chance of it taking 10 weeks.
If this risk was to occur what is the exposure?
Enter your answer to one decimal places in the field below.
CorrectIncorrect -
Question 14 of 60
14. Question
A business-to-consumer organisation is concerned over a possible recession and has asked the accounting department to conduct stress testing on its liquidity.
Which one of the following should not be considered?
CorrectIncorrect -
Question 15 of 60
15. Question
An organisation has a policy where management can sign purchases off up to a value of £500. To do this they need to ensure that the invoice arrives with a purchase order number, they need to sign the invoice and hand it to the accounting department two weeks before the payment is due. The accounting department will issue purchase orders verbally via the telephone, which sometimes leads to issues as the purchase orders on the invoice don’t always match the number the accounting department is expecting.
What, if any, is a control weakness in this system?
CorrectIncorrect -
Question 16 of 60
16. Question
Which one of the following is not a security method for managing third party vendor security risks:
CorrectIncorrect -
Question 17 of 60
17. Question
An organisation has a policy of reporting only risks with a score of 9 or above to the Non-Executive Directors.
Which of the following would need to be reported?
Select all that apply
CorrectIncorrect -
Question 18 of 60
18. Question
Which one of the following would not result in reputational risk?
CorrectIncorrect -
Question 19 of 60
19. Question
A temporary recruitment company has developed an automated system to record the workers time sheets. Workers are employed within the haulage sector where 10 hour days, 5 days a week are the norm and most contracts allow the agency to pay an overtime rate for any hours in excess of 10 hours per day. The system has the following criteria:
- No more than 10 normal hours per day
- No more than 5 overtime hours per day
- Total Normal hours between 0 and 48
- Total Overtime hours not in excess of 36
Which of the following statements are true?
CorrectIncorrect -
Question 20 of 60
20. Question
Many online services require the employee to select the security question ‘Mother’s maiden name’, where is the weak link in this security question?
CorrectIncorrect -
Question 21 of 60
21. Question
An organisation responsible for the design and installation of a new software system, which must be complete within the next eight weeks for the company is facing a overrun resulting in a penalty of £15,000 for each week the project is late, current projections are the project is between 8 and 12 weeks delayed. On further analysis, there is a probability of achieving the project by week 8 of 40% and by week 12 of 60%.
The organisation could bring in a number of freelance programmers to help catch up, the cost of this would be £25,000 per week and the project manager believes they would need the freelance programmers for 4 to six weeks. On further analysis there is a 60% probability of being caught up in four weeks and a 40% chance of it taking six weeks.
Which of the following statements is true?
CorrectIncorrect -
Question 22 of 60
22. Question
Which one of the following would have the greatest reputational impact for an auditing firm?
CorrectIncorrect -
Question 23 of 60
23. Question
Which one of the following does not require the legal business name of a company to be displayed?
CorrectIncorrect -
Question 24 of 60
24. Question
To implement an ISO 27001 compliant system, which of the following steps must be taken?
Select all that apply
CorrectIncorrect -
Question 25 of 60
25. Question
Which non-executive committee is often tasked with providing risk oversight?
CorrectIncorrect -
Question 26 of 60
26. Question
A high street retailer known for low prices and quality that was reflective of the price was found to be mistreating its staff in its warehouses.
What impact will this have on the organisation’s strategy?
CorrectIncorrect -
Question 27 of 60
27. Question
An organisation is constantly calculating an adverse variance on raw material. Production volumes and efficiency have remained consistent and the price has actually fallen over the past six months.
There is a growing belief that a number of staff are stealing the raw material from the company. Which of the following detective controls would allow the company to identify if this is the case?
CorrectIncorrect -
Question 28 of 60
28. Question
Which one of the following is not part of a Cyber Security Incident Response Plan?
CorrectIncorrect -
Question 29 of 60
29. Question
Under IFRS 7 – Financial Instruments: Disclosure, which of the following must management disclosure to shareholders?
Select all that apply.
CorrectIncorrect -
Question 30 of 60
30. Question
What is the role of the CEO when it comes to risk?
CorrectIncorrect -
Question 31 of 60
31. Question
What type of audit being being described below:
This procedure is more detailed than a normal audit, since some issues involving smaller amounts of money and other assets that they might fall below the standard materiality thresholds
CorrectIncorrect -
Question 32 of 60
32. Question
Which one of the following would identify if an employee has accessed a database which has recently been involved in a security breach?
CorrectIncorrect -
Question 33 of 60
33. Question
An charitable organisation is putting together a bid for a project. The amount the charity is asking for will exactly cover the costs of the project. As part of the project the charity is at risk of incurring a significant additional expense, which the charity would find difficult to cover. The charity is relatively small and as such is quite risk averse.
Which of the following should the charity do?
CorrectIncorrect -
Question 34 of 60
34. Question
For a listed company the UK Corporate Governance Code suggests what fraction of the board should be independent non-executive directors?
CorrectIncorrect -
Question 35 of 60
35. Question
A Social and Environmental Audit would consider which of the following:
Select all that apply
CorrectIncorrect -
Question 36 of 60
36. Question
If an organisation is affected by a malware attack, sort the following steps of response from once the attack is known:
-
Monitor online behaviour
-
Scan
-
Backup
-
Disconnect
-
Reinstall operating system
CorrectIncorrect -
-
Question 37 of 60
37. Question
If an organisation was to compile a COSO ERM report, which of the following must the organisation cover?
Select all that apply
CorrectIncorrect -
Question 38 of 60
38. Question
Which of the following senior managers have powers of day-to-day management of the company that are exercisable without reference to the board?
Select all that apply
CorrectIncorrect -
Question 39 of 60
39. Question
The three primary purposes of analytical review are:
Select three
CorrectIncorrect -
Question 40 of 60
40. Question
If an organisation wanted to develop an app which followed industry guidelines on software security, which body could they turn to for guidance?
CorrectIncorrect -
Question 41 of 60
41. Question
CorrectIncorrect -
Question 42 of 60
42. Question
Which one of the following statements is true regarding the Nomination Committee?
CorrectIncorrect -
Question 43 of 60
43. Question
What type of risk is being defined below:
is the probability that an auditor will fail to find material misstatements that exist in an organisation’s financial statements
CorrectIncorrect -
Question 44 of 60
44. Question
A Trust Gap exists between the Board and C-Suite on matters of cyber security, which one of the following should be adopted to overcome this issue?
CorrectIncorrect -
Question 45 of 60
45. Question
Consider the Risk Register below:
Click to Open Risk Register in New Window
Which Risk is yet to be agreed?
CorrectIncorrect -
Question 46 of 60
46. Question
The shareholders of an organisation want the share price to increase over the next five years, which of the following compensation packages for the CEO offers the lowest risk to this strategy?
CorrectIncorrect -
Question 47 of 60
47. Question
Which of the following are elements of effective internal audits according to the COSO framework?
Select all that apply
CorrectIncorrect -
Question 48 of 60
48. Question
When writing a cyber risk report, rearrange the following into a suitable structure:
-
Treat risks that exceed the organisations risk appetite
-
Analyse and evaluate identified risks and their relevance to the organisation
-
Monitor risks and their relevance to the organisation
-
Identify top risks, appetite for risks and assess controls and vulnerability
CorrectIncorrect -
-
Question 49 of 60
49. Question
Rearrange the following to reflect the correct format of a Risk Report
-
Notes
-
Priority
-
Likelihood
-
Risk
-
Impact
-
Amount
CorrectIncorrect -
-
Question 50 of 60
50. Question
A national manufacturer is looking to strength its non-executive directors. The CEO has asked the nominations committee to consider a recently retired partner from the accounting firm the organisations currently uses for consultancy.
If this partner was to be appointed, where might a conflict exist?
CorrectIncorrect -
Question 51 of 60
51. Question
Rank the following three internal audit findings from highest to lowest risk.
-
A review of current purchasing arrangements found: The school is not preparing purchase order forms for all items ordered in school. These costs are not recorded as a committed expense, and accurate budget monitoring is not possible.
-
The school's business continuity plan should be approved by the Governing Body.
-
A review of current banking arrangements found: a) The school arranged Insurance and signed a finance agreement with Close Brothers Premium Finance to pay the policy with interest in instalments. The Scheme for financing schools section 3.7 states that Governing Bodies may borrow monies, (which includes finance leases) only with the written permission of the Secretary of State. There was no evidence of such permission being granted
CorrectIncorrect -
-
Question 52 of 60
52. Question
An organisation has three subsidiaries, the internal auditors of each subsidiary also complete auditors at the other subsidiaries. Two of the internal auditors have a romantic relationship.
What is the ethical threat in the above scenario?
CorrectIncorrect -
Question 53 of 60
53. Question
Which one of the following is an indicator that there is an issue with ineffective risk oversight?
CorrectIncorrect -
Question 54 of 60
54. Question
A small independent online retailer has taken the action to make the website unavailable, why might the retailer do this?
Select all that apply
CorrectIncorrect -
Question 55 of 60
55. Question
Which of the following will influence the mitigation technique an organisation will adopt?
CorrectIncorrect -
Question 56 of 60
56. Question
Which one of the following is not the responsibility of the Risk Manager?
CorrectIncorrect -
Question 57 of 60
57. Question
Which one of the following is not a characteristic of a digital organisation?
CorrectIncorrect -
Question 58 of 60
58. Question
A UK organisation has just completed an update to its five year strategy, when a USA based supplier announced it plans to open operations in the UK.
Which underlying Strategic assumptions changed significantly?
CorrectIncorrect -
Question 59 of 60
59. Question
Which model provides a framework covering operations, reporting and compliance?
CorrectIncorrect -
Question 60 of 60
60. Question
According to the UK Government’s guidance ‘Reducing the Cyber Risk in 10 Critical Areas’, which one of the following is not one of the ten?
CorrectIncorrect