Download ARM 400 EXAM LATEST EXAM 2024 | ALL QUESTIONS AND CORRECT ANSWERS (GRADED A+) | VERIFIED A and more Exams Risk Analysis in PDF only on Docsity!
ARM 400 EXAM LATEST EXAM 2024 |
ALL QUESTIONS AND CORRECT
ANSWERS (GRADED A+) | VERIFIED
ANSWERS
An organization's goals and objectives are met by establishing and attaining measurable standards for the many activities it pursues. Which one of the following statements is correct with respect to those standards? A. A key performance indicator (KPI) answers the question, "What will make our organization a success?" B. Organizations with key performance indicators (KPIs) established for critical success factors (CSFs) will typically achieve organizational goals. C. For each key performance indicator (KPI), there is a tolerance level for how much deviation from the standard established in the KPI will be acceptable. D. Generally, an organization's risk tolerance has little impact on its critical success factors (CSFs) and key performance indicators (KPIs). ------ CORRECT ANSWER---------------C. For each key performance indicator (KPI), there is a tolerance level for how much deviation from the standard established in the KPI will be acceptable. The service representatives for Tauton Insurance will be eligible for a bonus only if the customer retention rate is increased by 5%. This is an example of which one of the following standards? A. A key performance indicator based on financial ratios B. A corrective measure linked with an identified tolerance level C. A severe risk tolerance level D. A critical success factor derived from a strategic objective ------ CORRECT ANSWER---------------B. A corrective measure linked with an identified tolerance level
Which one of the following terms refers to information used as a basis for measuring the significance of a risk? A. Risk appetite B. Risk threshold C. Risk criteria D. Risk tolerance ------CORRECT ANSWER---------------C. Risk criteria Which one of the following is a main characteristic of effective key risk indicators (KRIs)? A. They define the boundaries of risk tolerance. B. They are lagging in nature. C. They are based on quantifiable information. D. They measure progress toward achieving objectives. ------CORRECT ANSWER---------------C. They are based on quantifiable information. Successful organizations have goals and objectives. A financial or nonfinancial measurement that defines how successfully an organization is progressing toward its long-term goals is referred to as A. An operating standard (OS). B. A key performance indicator (KPI). C. A critical success factor (CSF). D. An objective gauge (OG). ------CORRECT ANSWER---------------B. A key performance indicator (KPI). An organization's goals and objectives are met by establishing and attaining measurable standards for the many activities it pursues. Which one of the following statements is correct with respect to those standards? A. Organizations with key performance indicators (KPIs) established for critical success factors (CSFs) will typically achieve organizational goals. B. A key performance indicator (KPI) answers the question, "What will make our organization a success?" C. Generally, an organization's risk tolerance has little impact on its critical success factors (CSFs) and key performance indicators (KPIs).
D. The model is driven by the collaboration of human and technological input. ------CORRECT ANSWER---------------D. The model is driven by the collaboration of human and technological input. Which one of the following is an example of an internal key risk indicator (KRI) that a contractor might monitor? A. Availability of skilled labor B. Cost of lumber C. Budget variances D. Interest rates ------CORRECT ANSWER---------------C. Budget variances Organizations use key risk indicators (KRIs) to plan for and respond to risk. Which one of the following statements is correct with respect to KRIs? A. KRIs are based on quantifiable information and support management decisions. B. To be effective, KRIs should be detailed and specific. C. To best manage risk, an organization should have as many KRIs as possible. D. KRIs are usually only established for the executive level within an organization. ------CORRECT ANSWER---------------A. KRIs are based on quantifiable information and support management decisions. Which one of the following measures the progress an organization has made toward attaining its goals within a specific amount of time? A. Key performance indicator B. Key risk indicator C. Critical success factor D. Risk tolerance level ------CORRECT ANSWER---------------A. Key performance indicator
One of the strategic objectives for Cromley Insurance Group is customer satisfaction. Which one of the following is a critical success factor (CSF) that would help refine this strategic objective? A. Reduce claim activity by 4 to 6% B. High customer retention C. High profitability D. Increase retention ratio by 5% ------CORRECT ANSWER---------------B. High customer retention Some best practices models call for the formation of a risk committee with a risk management focus at the organization's executive management level. Which one of the following statements best describes one of the responsibilities of an executive-level risk committee? A. To approve the organization's risk management strategies, including their design and implementation. B. To oversee exposures of the organization's critical risks and advise the board on risk strategy. C. To assist the board in establishing the organization's risk appetite and risk tolerance levels D. To monitor the organization's compliance with established risk limits and how noncompliance is addressed ------CORRECT ANSWER---------------A. To approve the organization's risk management strategies, including their design and implementation. One corporate governance issue is accountability of directors. One method to increase accountability of directors is to A. Include more inside directors. B. Decrease the independence of audit and compensation committees. C. Conduct regular meetings of outside directors without management being present. D. Ensure that the chief executive officer serves as board chairman. ------ CORRECT ANSWER---------------C. Conduct regular meetings of outside directors without management being present.
Encouraging the expression of feelings as well as facts and following up with employees on the problems they report are two ways that managers and supervisors can A. Cultivate two-way communication. B. Facilitate active listening. C. Support diverse groups. D. Maintain control of the conversation. ------CORRECT ANSWER------------ ---A. Cultivate two-way communication. Before speaking with a group or individual, the speaker should think about what he or she wants the other person(s) to do as a result of the conversation. Which one of the following steps in the communication process does the speaker complete by doing this? A. Analyze your audience B. Set aside judgement C. Set a clear communication objective D. Deliver a message the recipient(s) want to hear - -----CORRECT ANSWER---------------C. Set a clear communication objective According to the law of large numbers, as the number of exposure units insured increases, A. The size of the average loss declines. B. The relative accuracy of predictions about future losses increases. C. The probability of an underwriting loss increases. D. Fewer losses are expected to occur. ------CORRECT ANSWER------------ ---B. The relative accuracy of predictions about future losses increases. When communicating a decision up the organization's chain of command, consulting with outside experts can help a risk management professional do which one of the following? A. Define the organization's risk appetite B. Stay focused on the organization's objectives
C. Enhance stakeholders' confidence in the process D. Seek feedback from stakeholders ------CORRECT ANSWER--------------- C. Enhance stakeholders' confidence in the process Company G is a manufacturer of high profile golf equipment. The risk management professional for Company G is concerned about loss of business related to product design. Failing to respond to changing customer demand and preferences in the design of golf clubs could cost Company G significant market share. Categorized according to the quadrants of risk, this exposure to loss is classified as A. An operational risk. B. A strategic risk. C. A financial risk. D. A hazard risk. ------CORRECT ANSWER---------------B. A strategic risk. Which one of the following risk management objectives is critical for a manufacturer seeking new capital from investors, stockholders, and creditors? A. Social responsibility B. Anticipate and recognize emerging risks C. Eliminate downside risk D. Reduce the deterrent effects of hazard risks ------CORRECT ANSWER-- -------------D. Reduce the deterrent effects of hazard risks In addition to metal detectors, many airports have installed a second type of scanning technology for checked baggage and cargo. The checked bags and cargo pass through a portal with scanners programmed to detect and test for explosive trace fumes. These scanners, which detect explosives based on air samples, are an example of what type of sensor used for risk assessment and control? A. Radiant sensors. B. Mechanical sensors. C. Biochemical sensors.
Southwest Interstate Railroad (SIR) is concerned about the number derailments in recent years. It's not cost effective to use human assets to inspect tracks, bridges, and trestles. Instead, SIR has started to use drones. A drone can fly low over tracks and above/below bridges and trestles. The drones record video that is transmitted to corporate headquarters where it is simultaneously scanned for derailment hazards. In the past six months, the drones detected a track blockage caused by a rock slide and damage to tracks in a remote area cause by an earthquake. SIR dispatched work crews to make the tracks once again passable, and no derailments occurred. SIR's use of drones, video, real-term video scanning, and computer analysis illustrates which one of the following? A. Risk management information systems B. Insurtech C. Preventative analytics D. Big data analytics ------CORRECT ANSWER---------------C. Preventative analytics A risk management professional is identifying the organization's key stakeholders as part of the enterprise risk management program. Which one of the following would be considered an internal stakeholder? A. Unions B. General public C. Stockholders D. Suppliers ------CORRECT ANSWER---------------C. Stockholders Parker International tends to communicate only the information that stakeholders need to complete their tasks and achieve goals. The management style at Parker International is A. Responsive. B. Directive. C. Delegating. D. Supportive. ------CORRECT ANSWER---------------B. Directive.
Lucy is a chef at a restaurant. She is growing tired of working such long hours and not reaping the financial benefits. Lucy has been saving money with the goal of opening her own restaurant. She recently talked to a financial advisor about the options market as a way to grow her savings quickly. The financial advisor explained that it is a risky choice, but could potentially allow her to reach her goal of owning a restaurant in the near future. Lucy has decided to invest her savings in the options market. Which one of the following types of risk attitude does Lucy exhibit? A. Risk obsessed B. Risk managed C. Risk optimizing D. Risk seeking ------CORRECT ANSWER---------------D. Risk seeking Which one of the following statements is correct regarding an organization's code of ethics? A. The code of ethics should primarily consider the social and ethical needs of its external stakeholders. B. The code of ethics should include principles and concepts that are dynamic enough to remain relevant in a rapidly changing business environment. C. The code of ethics should provide an organization with a set of parameters within which it should operate, with little room for interpretation. D. The code of ethics should provide a list of dos and don'ts that employees can use as a framework in making day-to-day decisions. ------ CORRECT ANSWER---------------B. The code of ethics should include principles and concepts that are dynamic enough to remain relevant in a rapidly changing business environment. Which one of the following is an example of an internal key risk indicator (KRI) that a contractor might monitor? A. Availability of skilled labor B. Cost of lumber C. Budget variances D. Interest rates ------CORRECT ANSWER---------------C. Budget variances
D. Comprehensiveness ------CORRECT ANSWER---------------D. Comprehensiveness Encrypting data to block its use if stolen is an example of a A. Cyber-threat inventory approach. B. Incident response plan. C. Hardware-based security solution. D. Software-based security solution. ------CORRECT ANSWER--------------- D. Software-based security solution. In terms of data governance, IT employees hold the role of A. Data custodians. B. Rule developers. C. Data stewards. D. Compliance regulators. ------CORRECT ANSWER---------------A. Data custodians. Sound risk management decisions are predicated on A. Regulations and compliance. B. Effective decision-making. C. Quality data. D. Operational efficiencies. ------CORRECT ANSWER---------------C. Quality data. Which one of the following provides the frame of reference needed so data can be used appropriately for analysis and decision-making? A. Data custodian B. Data virtualization C. Metadata D. Data lineage ------CORRECT ANSWER---------------C. Metadata
The data quality principle of reasonability refers to A. The materiality or relevance of data. B. The systematic process of tracing data. C. The comprehensive nature of data. D. The appropriateness of current data. ------CORRECT ANSWER------------ ---A. The materiality or relevance of data. Which one of the following defines the duties of a data steward? A. A data steward is a project manager. B. A data steward is an experienced business analyst. C. A data steward measures data compliance. D. A data steward provides technological support. ------CORRECT ANSWER---------------B. A data steward is an experienced business analyst. Which one of the following is an element of a data security program? A. Increasing the overall efficiency of data systems. B. Storing data back-ups off site. C. Installing agile project management. D. Implementing a data governance program. ------CORRECT ANSWER---- -----------B. Storing data back-ups off site. There are two types of associated risk for data privacy, individual and general risk. General data privacy risk A. Can be categorized operational or reputational. B. Involves legal and regulatory requirements. C. Varies by the type of business or industry. D. Is of specific concern to the European Union. ------CORRECT ANSWER- --------------A. Can be categorized operational or reputational. Ensuring quality data requires a A. Systematic and purpose-driven review process.
randomly searched all e-mails and text messages sent from on-site, searching for key words. The scanning software detected the words: "gun," "bomb," "revenge," and "kill" in communications sent from the engineer's office. Company security found a loaded assault rifle, two loaded handguns, and a pipe bomb in the engineer's office. He confessed to planning a workplace attack at the company cafeteria later that day. The emerging technology Cheryl deployed is called A. Data analytics. B. Radio frequency identification. C. Natural language processing. D. Computer simulation. ------CORRECT ANSWER---------------C. Natural language processing. Which one of the following best describes why the Institute for Internal Auditors (IIA) has designed standards addressing the need for internal audit to evaluate the effectiveness of risk management? A. Audits may be self-serving to an organization depending on the experience level of an auditor. By indicating specific criteria, an auditor should be able to conduct a valid audit. B. Audits are objective and independent of the politics of an organization. A pronouncement assists the auditor by defining review criteria. C. Audits are conducted under diverse legal and cultural environments. Requiring an auditor to validate particular points ensures that auditors and their activities meet their responsibilities. D. Audits are conducted annually in many organizations. Requiring an auditor to validate the findings of prior years provides a comfort level to stakeholders. ------CORRECT ANSWER---------------C. Audits are conducted under diverse legal and cultural environments. Requiring an auditor to validate particular points ensures that auditors and their activities meet their responsibilities. Martin Pruitt was hired by Regional Bank Company (RBC) to strengthen the company's internal control efforts. Martin implemented a computer scanning program to detect fraud. The scanning program flagged a suspicious account. When Martin investigated the account, he learned that someone in the bank's technology department had created the account.
When the bank credits monthly interest on depositor accounts, any fractional cents are rounded-down to the nearest cent. The technology department official programmed the system so that any fractional cents lost due to rounding were deposited to the account owned by the technology department official. The scanning program Martin Pruitt implemented used computers to learn from the data analyzed. This application of emerging technology illustrates the use of A. Artificial intelligence. B. Machine learning. C. Risk management information systems. D. Computer simulation. ------CORRECT ANSWER---------------B. Machine learning. Colossal Casualty Insurance Company decided to conduct an internal audit of the company's operations. As part of the internal audit, several fictitious claims were submitted to the claims department to see if the claims would be approved and paid. Which one of the Committee of Sponsoring Organizations of the Treadway Commission's (COSO's) components of internal control was examined by this internal audit test? A. Control environment. B. Information and communication. C. Monitoring activities. D. Risk assessment. ------CORRECT ANSWER---------------A. Control environment. It is necessary to define functions that should be performed by internal audit rather than the enterprise risk management (ERM) team because A. Clarification of functions helps avoid redundancy and foster a strong working relationship. B. ERM is all encompassing and if not controlled will absorb internal audit functions. C. Internal audit and risk managers share responsibilities for governance and compliance for the organization. D. The Institute of Internal Auditors (IIA) guidelines are used to avoid confusion in an organization and clarify financial compliance issues. ------
The importance of strong control environments with independent oversight have become increasingly important A. Because international trade is dependent upon consistent accounting processes. B. As business complied with the provisions of the Sarbanes Oxley Act. C. As organizations became more complex. D. Because the Federation of European Risk Management Associations (FERMA) made it a requirement for international trade. ------CORRECT ANSWER---------------C. As organizations became more complex. The Committee of Sponsoring Organizations of the Treadway Commission's (COSO's) Internal Control—Integrated Framework provides A. International standards to help ensure that organizations meet the needs of customers and stakeholders while also complying with statutory and regulatory requirements. B. Not a system of controls, but a framework for auditors to provide independent, objective, and reasonable assurances that management has adopted a system of controls that is effective and functioning as intended. C. Common standards designed to increase effectiveness and efficiency of operations and reliability of financial reporting while ensuring compliance with applicable laws and regulations. D. Guidance on assessing risk and evaluating internal controls to government agencies but not to other organizations. ------CORRECT ANSWER---------------C. Common standards designed to increase effectiveness and efficiency of operations and reliability of financial reporting while ensuring compliance with applicable laws and regulations. Which one of the following is true regarding internal audit involvement with enterprise risk management (ERM) efforts? A. Internal audit is increasingly asked to evaluate organizational risks, including strategic, financial and hazard risks. B. Internal audit is not becoming more involved with ERM efforts because internal audit must remain independent and objective. C. Internal audit is responsible for reviewing controls in an organization which includes ERM programs.
D. Internal audit is responsible for the organization's compliance with all governance issues, including ERM compliance. ------CORRECT ANSWER- --------------A. Internal audit is increasingly asked to evaluate organizational risks, including strategic, financial and hazard risks. The Committee of Sponsoring Organizations of the Treadway Commission (COSO) describes internal control as consisting of five essential components, one of which is risk assessment. This component A. Verifies adherence to control results and assists in identifying other procedures that the entity may wish to adopt. B. Should be included in the audit as an internal control to minimize unforeseen events. C. Considers management's efforts to identify and analyze risks relevant to achieving predetermined objectives. D. Sets the tone for internal control by providing resources, discipline, and structure. ------CORRECT ANSWER---------------C. Considers management's efforts to identify and analyze risks relevant to achieving predetermined objectives. Colossal Casualty Insurance Company decided to conduct an internal audit of the company's operations. As part of the internal audit, several fictitious claims were submitted to the claims department to see if the claims would be approved and paid. Which one of the Committee of Sponsoring Organizations of the Treadway Commission's (COSO's) components of internal control was examined by this internal audit test? A. Risk assessment. B. Monitoring activities. C. Information and communication. D. Control environment. ------CORRECT ANSWER---------------D. Control environment. Emerging technologies such as artificial intelligence and machine learning are being applied by some businesses as part of their internal audit and control process. A key benefit of such applications is
