Corporate Governance Risk Management & Internal Controls 2

Question 1

What is the 'three lines of defense' model in risk management?

Accepted Answer

A risk governance structure where business units, risk/compliance functions, and internal audit provide layered oversight

Answer

A cybersecurity framework using firewalls, encryption, and monitoring

Answer

A board governance model with independent directors, audit committee, and external auditors

Answer

A regulatory model using company filings, SEC review, and judicial enforcement

Question 2

What is a 'key risk indicator' (KRI)?

Accepted Answer

A metric that provides an early warning signal about increasing risk exposure

Answer

A financial ratio used in credit underwriting decisions

Answer

A compliance checklist item required by regulatory bodies

Answer

An internal audit finding that requires remediation within 30 days

Question 3

What does 'risk appetite' mean in corporate governance?

Accepted Answer

The amount and type of risk an organization is willing to accept in pursuit of its objectives

Answer

The maximum financial loss a company can survive in a crisis scenario

Answer

The risk tolerance set by regulators for a specific industry

Answer

The level of risk reflected in a company's insurance coverage limits

Question 4

What is the purpose of an internal audit function?

Accepted Answer

To provide independent assurance that internal controls, risk management, and governance processes are effective

Answer

To prepare the annual financial statements for external review

Answer

To negotiate insurance contracts on behalf of the company

Answer

To conduct criminal investigations into employee fraud

Question 5

What is a 'whistleblower program' and why is it important to corporate governance?

Accepted Answer

A system allowing employees to report misconduct confidentially, helping detect fraud and control failures early

Answer

A program that pays bonuses to external auditors who find material misstatements

Answer

A regulatory requirement for companies to publicly report all employee complaints

Answer

A software system that monitors employee communications for policy violations

Question 6

What is 'cyber risk governance' in the context of board responsibilities?

Accepted Answer

The board's oversight of cybersecurity strategy, incident response preparedness, and disclosure obligations

Answer

The IT department's management of firewall and intrusion detection systems

Answer

The CFO's reporting of cyber insurance premiums to the audit committee

Answer

The SEC's annual review of company cybersecurity filings