Part 2  Gleim  Questions  2020

Study Unit 2: Fraud and Risk Management

Study Unit 2: Fraud and Risk Management | Subunit 1: Fraud and the Fraud Risk
Model (Fraud Triangle)
Question: 1Misappropriation of assets is most often perpetrated by

A. Employees.

B. Customers.

C. Suppliers.

D. Auditors.
Question: 2Inappropriate earnings management is typically considered one form of

A. Embezzlement.

B. Fraudulent financial reporting.

C. Theft of assets.

D. Misappropriation of assets.
Question: 3How can a management accountant use the Fraud Triangle to identify and manage the risk of fraud?

A. The Fraud Triangle provides a model for explaining the pressures, rationalizations, and opportunities that
influence people to commit fraud.

B. The Fraud Triangle provides a SOX-compliant model for examining the company’s internal control
environment in terms of its risk of fraud.

C. The Fraud Triangle provides a model for explaining the motives, means, and opportunities that influence
people to commit fraud.

D. The Fraud Triangle provides a model for explaining how persuasion, coercion, and conviction influence
people to commit fraud.
Question: 4When none of the three fraud risk factors are present, an accountant

A. Can rule out the presence of fraud.

B. Should consider the likelihood of fraud to be high.

C. Should not rule out the presence of fraud completely.

D. Will likely search more diligently for fraud.

‫ﻛﻝ ﺍﻟﻛﺗﺏ ﻭﺍﻻﺳﺋﻠﻪ ﺍﻟﻠﻲ ﺗﺣﺗﺎﺟﻭﻫﺎ ﺣﺗﻼﻗﻭﻫﺎ ﻋﻠﻰ ﺍﻟﻘﻧﺎﺗﻳﻥ ﺩﻭﻝ‬

https://t.me/CMA_part1 https://t.me/CMA_part2
Part 2  Gleim  Questions  2020
Study Unit 2: Fraud and Risk Management
Question: 5Management is often able to rationalize the commission of fraud by

A. Blaming it on others.

B. Forcing staff to perpetrate it.

C. Hiding it.

D. Reasoning that it is in the best interests of the company.

Question: 6High risk of employee fraud is most likely when there is pressure, rationalization, and

A. Opportunity.

B. Internal control.

C. Personal integrity.

D. Limited responsibility.

Question: 7The fraud risk factor that may be mitigated by internal controls is

A. Rationalization.

B. Motive.

C. Pressure.

D. Opportunity.

Question: 8A company has a strong internal control structure in its accounting department. It has a high degree of
duty segregation, regular reconciliations, strict reviews, and comprehensive internal audits. A disgruntled fixed
assets accountant has been contemplating the embezzlement of cash receipts processed by the accounts receivable
department. The accountant plans to use these funds to sustain his gambling problem. Using the Fraud Triangle
model, what is the best assessment of fraud risk for the company’s situation?

A. Low, because both opportunity and rationalization are absent.

B. Medium, because opportunity is absent.

C. Medium, because rationalization is absent.

D. High, because pressure, opportunity, and rationalization are all present.

‫ﻛﻝ ﺍﻟﻛﺗﺏ ﻭﺍﻻﺳﺋﻠﻪ ﺍﻟﻠﻲ ﺗﺣﺗﺎﺟﻭﻫﺎ ﺣﺗﻼﻗﻭﻫﺎ ﻋﻠﻰ ﺍﻟﻘﻧﺎﺗﻳﻥ ﺩﻭﻝ‬

https://t.me/CMA_part1 https://t.me/CMA_part2
Part 2  Gleim  Questions  2020
Study Unit 2: Fraud and Risk Management
Question: 9In the fraud risk model, rationalization relates to

A. The ability of a person not only to perpetrate but also to conceal fraud.

B. The need for cash or other resources.

C. A person’s ability to justify actions as consistent with his or her personal code of ethics.

D. The belief that the ends justify the means.

Question: 10The term or expression most associated with misappropriation of assets is

A. Fraudulent financial statements.

B. Stealing.

C. Earnings management.

D. Failure to file a tax return.

Question: 11Most employee fraud cases involve

A. Misstatement of financial statements.

B. Overstatement of revenues.

C. Need for social acceptance.

D. Financial or vice-related pressures.

Question: 12Who is responsible for minimizing the opportunity to misappropriate assets in an organization?

A. The external auditor.

B. Employees.

C. Law enforcement.

D. Management.
Question: 13Rationalization of a fraud by an employee may be in the form of all the following except

A. Pressure from one’s spouse.

B. Feelings of being underpaid.

C. Belief in being overworked.

‫ﻛﻝ ﺍﻟﻛﺗﺏ ﻭﺍﻻﺳﺋﻠﻪ ﺍﻟﻠﻲ ﺗﺣﺗﺎﺟﻭﻫﺎ ﺣﺗﻼﻗﻭﻫﺎ ﻋﻠﻰ ﺍﻟﻘﻧﺎﺗﻳﻥ ﺩﻭﻝ‬

https://t.me/CMA_part1 https://t.me/CMA_part2
Part 2  Gleim  Questions  2020
Study Unit 2: Fraud and Risk Management

D. Belief that rank has its privileges.

Question: 14Which of the fraud risk factors related to employee fraud can be effectively controlled by the
organization?

A. Pressure.

B. Motive.

C. Rationalization.

D. Opportunity.

Question: 15Fraudulent financial reporting is most often committed by

A. Management to deceive financial statement users.

B. An auditor while performing an audit.

C. Employees stealing assets.

D. Customers.

Question: 16Public record searches may be effective in certain instances. Which of the following is a limitation
on public record searches?

A. It is often very costly to search public records.

B. Very few types of information are available.

C. The information from public sources is most often incorrect.

D. Availability of records may be limited.

Question: 17Based on the fraud risk model, which of the following is the most likely motive for employee theft?

A. Gambling losses.

B. Ineffective internal controls.

C. Belief that rank has its privileges.

D. Ineffective supervision.

‫ﻛﻝ ﺍﻟﻛﺗﺏ ﻭﺍﻻﺳﺋﻠﻪ ﺍﻟﻠﻲ ﺗﺣﺗﺎﺟﻭﻫﺎ ﺣﺗﻼﻗﻭﻫﺎ ﻋﻠﻰ ﺍﻟﻘﻧﺎﺗﻳﻥ ﺩﻭﻝ‬

https://t.me/CMA_part1 https://t.me/CMA_part2
Part 2  Gleim  Questions  2020
Study Unit 2: Fraud and Risk Management
Question: 18The Public Company Accounting Oversight Board and the SEC would be most interested in an
organization’s activities related to

A. The misappropriation of assets.

B. Failure to adequately compensate employees.

C. Effectiveness of internal controls.

D. Fraudulent financial reporting.

Question: 19Based on the fraud risk model, which of the following most likely is not an opportunity to commit
employee fraud?

A. Lack of transaction authorizations.

B. Living beyond one’s means.

C. Poor accounting records.

D. Lack of physical controls.

Question: 20Which of the following are red flags indicating misappropriation of assets?

I. Unexplained budget variances

II. Poor supervision
III. Failure of certain employees to take vacations

A. I and II only.

B. II and III only.

C. I and III only.

D. I, II, and III.

Question: 21An employee is stealing office supplies and believes that everybody else is doing it. The fraud risk
factor represented by the employee is

A. Opportunity.

B. Ability.

C. Rationalization.

D. Motive.

‫ﻛﻝ ﺍﻟﻛﺗﺏ ﻭﺍﻻﺳﺋﻠﻪ ﺍﻟﻠﻲ ﺗﺣﺗﺎﺟﻭﻫﺎ ﺣﺗﻼﻗﻭﻫﺎ ﻋﻠﻰ ﺍﻟﻘﻧﺎﺗﻳﻥ ﺩﻭﻝ‬

https://t.me/CMA_part1 https://t.me/CMA_part2
Part 2  Gleim  Questions  2020
Study Unit 2: Fraud and Risk Management

Question: 22Ghosting employees is a form of fraud that

A. Expects employees to work for nothing.

B. Understates labor expense by failing to record payroll.

C. Records payroll to another account in an attempt to understate payroll expense.

D. Maintains employees on the payroll who no longer work for the organization.

Question: 23Which of the following is a motive for fraudulent financial reporting?

A. Oversight of management is lacking.

B. There is no internal auditing function.

C. The board of directors includes a number of related parties.

D. A manager’s compensation is tied to reported financial results.

Question: 24What is the most likely reason for management to overstate expenses?

A. To minimize tax liability.

B. To earn a bonus.

C. To maximize net income.

D. To maximize cash on hand.

Question: 25A manufacturing entity, located in a sparsely populated region of the country, has a policy of leaving
its raw material inventory warehouse doors open during normal business hours to optimize workflow. The controller
for the entity has just noticed that some raw material inventory is missing. Using the Fraud Triangle model, the
controller has determined that the entity’s policy most likely increases the risk of fraud by

A. Incentivizing employees to commit the fraud.

B. Increasing the ease of rationalization of the fraudulent activity.

C. Assisting employees to perceive a financial need.

D. Increasing the opportunity to commit the fraud.

‫ﻛﻝ ﺍﻟﻛﺗﺏ ﻭﺍﻻﺳﺋﻠﻪ ﺍﻟﻠﻲ ﺗﺣﺗﺎﺟﻭﻫﺎ ﺣﺗﻼﻗﻭﻫﺎ ﻋﻠﻰ ﺍﻟﻘﻧﺎﺗﻳﻥ ﺩﻭﻝ‬

https://t.me/CMA_part1 https://t.me/CMA_part2
Part 2  Gleim  Questions  2020
Study Unit 2: Fraud and Risk Management
Study Unit 2: Fraud and Risk Management | Subunit 2: Managing the Risk of
Fraud
Question: 26A proper segregation of duties requires that an individual

A. Authorizing a transaction records it.

B. Authorizing a transaction maintain custody of the asset that resulted from the transaction.

C. Maintaining custody of an asset be entitled to access the accounting records for the asset.

D. Recording a transaction not compare the accounting record of the asset with the asset itself.

Question: 27The frequency of the comparison of recorded accountability with assets (for the purpose of
safeguarding assets) should be determined by

A. The amount of assets independent of the cost of the comparison.

B. The nature and amount of the asset and the cost of making the comparison.

C. The cost of the comparison and whether the susceptibility to loss results from errors or fraud.

D. The auditor in consultation with client management.

Question: 28Internal control cannot be designed to provide reasonable assurance regarding the achievement of
objectives related to

A. Reliability of financial reporting.

B. Elimination of all fraud.

C. Compliance with applicable laws and regulations.

D. Effectiveness and efficiency of operations.

Question: 29An adequate system of internal controls is most likely to detect a fraud perpetrated by a

A. Group of employees in collusion.

B. Single employee.

C. Group of managers in collusion.

D. Single manager.

‫ﻛﻝ ﺍﻟﻛﺗﺏ ﻭﺍﻻﺳﺋﻠﻪ ﺍﻟﻠﻲ ﺗﺣﺗﺎﺟﻭﻫﺎ ﺣﺗﻼﻗﻭﻫﺎ ﻋﻠﻰ ﺍﻟﻘﻧﺎﺗﻳﻥ ﺩﻭﻝ‬

https://t.me/CMA_part1 https://t.me/CMA_part2
Part 2  Gleim  Questions  2020
Study Unit 2: Fraud and Risk Management
Question: 30Internal controls may be preventive, detective, corrective, or directive. Which of the following is
preventive?

A. Requiring two persons to open mail.

B. Reconciling the accounts receivable subsidiary file with the control account.

C. Using batch totals.

D. Preparing bank reconciliations.

Question: 31Segregation of duties is a fundamental concept in an effective system of internal control.
Nevertheless, the internal auditor must be aware that this safeguard can be compromised through

A. Lack of training of employees.

B. Collusion among employees.

C. Irregular employee reviews.

D. Absence of internal auditing.

Question: 32The reporting of accounting information plays a central role in the regulation of business operations.
The importance of sound internal control practices is underscored by the Foreign Corrupt Practices Act of 1977,
which requires publicly owned U.S. corporations to maintain systems of internal control that meet certain minimum
standards. Preventive controls are an integral part of virtually all accounting processing systems, and much of the
information generated by the accounting system is used for preventive control purposes. Which one of the following
is not an essential element of a sound preventive control system?

A. Separation of responsibilities for the recording, custodial, and authorization functions.

B. Sound personnel practices.

C. Documentation of policies and procedures.

D. Implementation of state-of-the-art software and hardware.

Question: 33A retail company is required to perform a stock count to identify shortages at least once per month.
What type of control is this?

A. Preventive Control

B. Detective Control

C. Corrective Control

D. Directive Control

‫ﻛﻝ ﺍﻟﻛﺗﺏ ﻭﺍﻻﺳﺋﻠﻪ ﺍﻟﻠﻲ ﺗﺣﺗﺎﺟﻭﻫﺎ ﺣﺗﻼﻗﻭﻫﺎ ﻋﻠﻰ ﺍﻟﻘﻧﺎﺗﻳﻥ ﺩﻭﻝ‬

https://t.me/CMA_part1 https://t.me/CMA_part2
Part 2  Gleim  Questions  2020
Study Unit 2: Fraud and Risk Management

Question: 34Which of the following sets of duties would not be performed by a single individual in a company
with the most effective segregation of duties in place?

A. Posting accounts payable transactions and entering additions and terminations to payroll.

B. Having custody of signed checks yet to be mailed and maintaining depreciation schedules.

C. Approving sales returns on customers’ accounts and depositing customers’ checks in the bank.

D. Preparing monthly customer statements and maintaining the accounts payable subsidiary ledger.

Question: 35Which of the following is the best way to compensate for the lack of adequate segregation of duties
in a small organization?

A. Disclosing lack of segregation of duties to the external auditors during the annual review.

B. Replacing personnel every 3 or 4 years.

C. Requiring accountants to pass a yearly background check.

D. Allowing for greater management oversight of incompatible activities.

Question: 36An organization relied heavily on e-commerce for its transactions. Evidence of the organization’s
security awareness manual would be an example of which of the following types of controls?

A. Preventive.

B. Detective.

C. Corrective.

D. Compliance.

‫ﻛﻝ ﺍﻟﻛﺗﺏ ﻭﺍﻻﺳﺋﻠﻪ ﺍﻟﻠﻲ ﺗﺣﺗﺎﺟﻭﻫﺎ ﺣﺗﻼﻗﻭﻫﺎ ﻋﻠﻰ ﺍﻟﻘﻧﺎﺗﻳﻥ ﺩﻭﻝ‬

https://t.me/CMA_part1 https://t.me/CMA_part2
Part 2  Gleim  Questions  2020
Study Unit 2: Fraud and Risk Management
Study Unit 2: Fraud and Risk Management | Subunit 3: Risk Management
Question: 37Organizations face several types of risk in pursuit of their strategic objectives. The risk that the
treasury function will fail to adequately reconcile the organization’s bank statements is an example of

A. Hazard risk.

B. Financial risk.

C. Operational risk.

D. Strategic risk.

Question: 38The risk associated with a project will increase in direct proportion to all of the following except the:

A. Duration of the project.

B. Volatility of the cash flows associated with the project.

C. Uncertainty surrounding the impact of Federal regulation on the project.

D. Capital adequacy of the organization.

Question: 39One technique for quantitatively assessing the risks faced by an organization is to weight the
monetary consequences of a potential event by its probability. The amount by which the maximum potential loss
associated with the event exceeds this weighted amount is called the

A. Expected loss.

B. Unexpected loss.

C. Minimum expected loss.

D. Maximum expected loss.

Question: 40“Self insurance” is a synonym for

A. Risk retention.

B. Risk sharing.

C. Risk transfer.

D. Risk reduction.

‫ﻛﻝ ﺍﻟﻛﺗﺏ ﻭﺍﻻﺳﺋﻠﻪ ﺍﻟﻠﻲ ﺗﺣﺗﺎﺟﻭﻫﺎ ﺣﺗﻼﻗﻭﻫﺎ ﻋﻠﻰ ﺍﻟﻘﻧﺎﺗﻳﻥ ﺩﻭﻝ‬

https://t.me/CMA_part1 https://t.me/CMA_part2
Part 2  Gleim  Questions  2020
Study Unit 2: Fraud and Risk Management
Question: 41A landlord owns an office building in a major floodplain. The landlord has decided to sell the
building to a group of investors. The landlord has adopted a risk strategy of

A. Risk exploitation.

B. Risk transfer.

C. Risk avoidance.

D. Risk reduction.

Question: 42All of the following are potential benefits of risk management except

A. Lower cost of capital.

B. Efficient allocation of resources.

C. Flexibility in responding to unforeseen circumstances.

D. Reduced inherent risk.

Question: 43Which one of the following is not considered a key step in the risk management process?

A. Prioritize risks.

B. Reconsider current risks.

C. Formulate risk responses.

D. Assess risks.

Question: 44A firm can mitigate the risk of financial loss from the possible on-the-job injury of one of its
employees through

A. Hazard insurance.

B. Workers’ compensation insurance.

C. Key employee insurance.

D. Liability insurance.

‫ﻛﻝ ﺍﻟﻛﺗﺏ ﻭﺍﻻﺳﺋﻠﻪ ﺍﻟﻠﻲ ﺗﺣﺗﺎﺟﻭﻫﺎ ﺣﺗﻼﻗﻭﻫﺎ ﻋﻠﻰ ﺍﻟﻘﻧﺎﺗﻳﻥ ﺩﻭﻝ‬

https://t.me/CMA_part1 https://t.me/CMA_part2
Part 2  Gleim  Questions  2020
Study Unit 2: Fraud and Risk Management
Question: 45A farmers’ cooperative has a large amount of grain that it has gathered from its members and has
stored in silos. Prices for grain are high, but none of the cooperative’s customers is prepared to purchase any for the
next 3 months. In order to hedge against an unfavorable change in grain prices over the next 3 months, the
cooperative will employ a financial risk management technique known as a

A. Short hedge.

B. Long hedge.

C. Naked option.

D. Interest rate swap.

Question: 46A large multinational company currently has its information technology department located in
Germany. To reduce the risk of system failure, the company decided to split up the information technology
department into two geographically separate locations and set up a new location in Singapore. The company can still
face a catastrophic system failure, but the risk will be greatly reduced. The risk that remains after the company sets
up the second information technology department in Singapore is best described as

A. Business risk.

B. Residual risk.

C. Hazard risk.

D. Inherent risk.

Question: 47A toothbrush manufacturer has noticed a shift of customer preferences in its growing Asian sales
market toward an electronic battery operated toothbrush from a manual toothbrush. This shifting of customer
tastes best represents what type of risk to the toothbrush manufacturer?

A. Strategic risk.

B. Operational risk.

C. Financial risk.

D. Business risk.

‫ﻛﻝ ﺍﻟﻛﺗﺏ ﻭﺍﻻﺳﺋﻠﻪ ﺍﻟﻠﻲ ﺗﺣﺗﺎﺟﻭﻫﺎ ﺣﺗﻼﻗﻭﻫﺎ ﻋﻠﻰ ﺍﻟﻘﻧﺎﺗﻳﻥ ﺩﻭﻝ‬

https://t.me/CMA_part1 https://t.me/CMA_part2
Part 2  Gleim  Questions  2020
Study Unit 2: Fraud and Risk Management
Question: 48A company has developed a new technologically advanced paper-thin solar panel for residential
home use. The company has decided to start selling this solar panel worldwide next month. As this is a
technologically innovative product, one risk that the company faces to sell the solar panel is possible product failure.
This risk of product failure is best representative of what type of risk to the company?

A. Inherent risk.

B. Operational risk.

C. Residual risk.

D. Business risk.

Question: 49The best description of scenario analysis as a risk analysis technique is that it is a method that

A. Changes a key variable to assess the impact.

B. Applies predetermined probability distributions to estimate risky outcomes.

C. Evaluates the impact of changing a group of assumptions.

D. Combines negatively correlated assets to reduce overall risk.

Question: 50A company identifies supply chain risks as part of its enterprise risk management (ERM) process.
After identification of this risk, the company wants to determine how much of an impact this risk could have on its
objectives. Its risk assessment should focus on

A. Both inherent and residual risk.

B. External but not inherent factors.

C. Only expected events.

D. Residual but not inherent risk.

Question: 51Which one of the following is not considered a quantitative risk assessment technique?

A. Self-assessment questionnaires.

B. Benchmarking.

C. Cash-flow at risk.

D. Scenario analyses.

‫ﻛﻝ ﺍﻟﻛﺗﺏ ﻭﺍﻻﺳﺋﻠﻪ ﺍﻟﻠﻲ ﺗﺣﺗﺎﺟﻭﻫﺎ ﺣﺗﻼﻗﻭﻫﺎ ﻋﻠﻰ ﺍﻟﻘﻧﺎﺗﻳﻥ ﺩﻭﻝ‬

https://t.me/CMA_part1 https://t.me/CMA_part2
Part 2  Gleim  Questions  2020
Study Unit 2: Fraud and Risk Management
Question: 52Communicating information related to risks is very important in enterprise risk management. Which
individual is most likely in the best position to recognize problems as they arise related to customer product design
needs?

A. Risk manager.

B. Sales representative.

C. Internal auditor.

D. Production manager.

Question: 53The CFO at a manufacturer of computer equipment learned last week that the accounting department
has not completed any bank reconciliations for the last 6 months due to the implementation of a new accounting
software package. What type of risk has been identified?

A. Financial risk.

B. Hazard risk.

C. Operational risk.

D. Strategic risk.

Question: 54A corporation has established a risk management process to help it create, protect, and enhance
shareholder value. Which of the following reflects the best order for that risk process?

A. Objective setting, event identification, risk assessment, risk response.

B. Event identification, objective setting, risk assessment, risk response.

C. Risk assessment, risk response, objective setting, event identification.

D. Risk assessment, objective setting, event identification, risk response.

Question: 55A new apartment building was almost complete. There were a few inspections left to pass, and they
did not have a certificate of occupancy. However, the owner felt that they were close enough that he allowed new
tenants to begin moving in. The risk that the owner has created in this situation is best described as

A. Operational risk because the owner was not in compliance with laws and regulations.

B. Strategic risk because the owner was not in compliance with laws and regulations.

C. Strategic risk because the remaining inspections could determine that the building is uninhabitable.

D. Operational risk because the remaining inspections could determine that the building is uninhabitable.

‫ﻛﻝ ﺍﻟﻛﺗﺏ ﻭﺍﻻﺳﺋﻠﻪ ﺍﻟﻠﻲ ﺗﺣﺗﺎﺟﻭﻫﺎ ﺣﺗﻼﻗﻭﻫﺎ ﻋﻠﻰ ﺍﻟﻘﻧﺎﺗﻳﻥ ﺩﻭﻝ‬

https://t.me/CMA_part1 https://t.me/CMA_part2
Part 2  Gleim  Questions  2020
Study Unit 2: Fraud and Risk Management
Question: 56A company’s accounting manager estimated a 5% probability of a significant financial loss due to
failures in the company’s systems and procedures. The accounting manager has identified what type of risk?

A. Business risk.

B. Operational risk.

C. Hazard risk.

D. Strategic risk.
Question: 57A company sells medical devices used in cardiac surgery. All its products after packaging are sent
out for gamma irradiation for sterilization. While conducting an enterprise risk management evaluation, the
company’s CFO determined that the company faced an operation risk from having only one supplier for this service.
There were additional concerns that the company faced the risk that gamma irradiation could be subject to adverse
regulatory or consumer perception changes. The CFO started the processes of qualifying another vendor to supply
gamma irradiation services to minimize the supplier risk. The remaining risk is best described as

A. Inherent risk.

B. Residual risk.

C. Open supplier risk.

D. Political risk.

Question: 58If a company’s assets are funded totally by equity, the company has no

A. Business risk.

B. Credit risk.

C. Financial risk.

D. Unsystematic risk.

Question: 59A manufacturing firm identified that it would have difficulty sourcing raw materials locally, so it
decided to relocate its production facilities. According to COSO, this decision represents which of the following
responses to the risk?

A. Risk reduction.

B. Prospect theory.

C. Risk sharing.

D. Risk acceptance.

‫ﻛﻝ ﺍﻟﻛﺗﺏ ﻭﺍﻻﺳﺋﻠﻪ ﺍﻟﻠﻲ ﺗﺣﺗﺎﺟﻭﻫﺎ ﺣﺗﻼﻗﻭﻫﺎ ﻋﻠﻰ ﺍﻟﻘﻧﺎﺗﻳﻥ ﺩﻭﻝ‬

https://t.me/CMA_part1 https://t.me/CMA_part2
Part 2  Gleim  Questions  2020
Study Unit 2: Fraud and Risk Management

Study Unit 2: Fraud and Risk Management | Subunit 4: COSO Enterprise Risk
Management (ERM) Framework

Question: 60According to COSO, which component of enterprise risk management (ERM) addresses an entity’s
operating structures and core values?

A. Review and revision.

B. Governance and culture.

C. Strategy and objective-setting.

D. Information, communication, and reporting.

Question: 61Each of the following is a limitation of enterprise risk management (ERM), except

A. ERM deals with risk, which relates to the future and is inherently uncertain.

B. ERM operates at different levels with respect to different objectives.

C. ERM can provide absolute assurance with respect to objective categories.

D. ERM is as effective as the people responsible for its functioning.

Question: 62According to COSO, the benefits of enterprise risk management (ERM) include all of the
following except

A. Decreased performance variability.

B. Elimination of all risks.

C. Improved resource allocation.

D. Improved risk identification and management.

Question: 63Management considers risk appetite for all of the following reasons except

A. Aligning with development of strategy.

B. Aligning with business objectives.

C. Implementing risk responses.

D. Setting risk capacity.

‫ﻛﻝ ﺍﻟﻛﺗﺏ ﻭﺍﻻﺳﺋﻠﻪ ﺍﻟﻠﻲ ﺗﺣﺗﺎﺟﻭﻫﺎ ﺣﺗﻼﻗﻭﻫﺎ ﻋﻠﻰ ﺍﻟﻘﻧﺎﺗﻳﻥ ﺩﻭﻝ‬

https://t.me/CMA_part1 https://t.me/CMA_part2
Part 2  Gleim  Questions  2020
Study Unit 2: Fraud and Risk Management
Question: 64Which of the following components are supporting aspects of the COSO ERM framework?

A. Governance and culture; review and revision.

B. Performance; review and revision.

C. Governance and culture; information, communication, and reporting.

D. Strategy and objective-setting; performance.

Question: 65The components of enterprise risk management (ERM) should be present and functioning. What
does “present” mean?

I. Components exist in the design of ERM.

II. Components exist in the implementation of ERM.
III. Components continue to operate to achieve strategy and business objectives.

A. I only.

B. II only.

C. I and II.

D. I, II, and III.

Question: 66Limitations of ERM may arise from all of the following except:

A. Faulty human judgment.

B. Cost-benefit considerations.

C. Collusion.

D. Failure to achieve objectives.

Question: 67According to COSO, the component of enterprise risk management (ERM) that best relates to
continuous improvement is

A. Monitoring.

B. Information, communication, and reporting.

C. Strategy and objective-setting.

D. Review and revision.

‫ﻛﻝ ﺍﻟﻛﺗﺏ ﻭﺍﻻﺳﺋﻠﻪ ﺍﻟﻠﻲ ﺗﺣﺗﺎﺟﻭﻫﺎ ﺣﺗﻼﻗﻭﻫﺎ ﻋﻠﻰ ﺍﻟﻘﻧﺎﺗﻳﻥ ﺩﻭﻝ‬

https://t.me/CMA_part1 https://t.me/CMA_part2
Part 2  Gleim  Questions  2020
Study Unit 2: Fraud and Risk Management
Question: 68According to COSO, a risk profile is a view of the relationship between

A. Risk capacity and risk appetite.

B. Inherent risk and target residual risk.

C. Tolerance and risk appetite.

D. Risk and performance.

Question: 69Inherent risk is

A. A potential event that may affect the achievement of strategy and business objectives.

B. A risk response.

C. The risk after management takes action to alter its severity.

D. The risk when management has not taken action to reduce the impact or likelihood of an adverse event.

Question: 70Which risk response reflects a change from acceptance to sharing?

A. An insurance policy on a manufacturing plant was not renewed.

B. Management purchased insurance on previously uninsured property.

C. Management sold a manufacturing plant.

D. After employees stole numerous inventory items, management implemented mandatory background
checks on all employees.

Question: 71Enterprise risk management

A. Guarantees achievement of organizational objectives.

B. Requires establishment of risk and control activities by internal auditors.

C. Involves the identification of events with negative impacts on organizational objectives.

D. Includes selection of the best risk response for the organization.

‫ﻛﻝ ﺍﻟﻛﺗﺏ ﻭﺍﻻﺳﺋﻠﻪ ﺍﻟﻠﻲ ﺗﺣﺗﺎﺟﻭﻫﺎ ﺣﺗﻼﻗﻭﻫﺎ ﻋﻠﻰ ﺍﻟﻘﻧﺎﺗﻳﻥ ﺩﻭﻝ‬

https://t.me/CMA_part1 https://t.me/CMA_part2
Part 2  Gleim  Questions  2020
Study Unit 2: Fraud and Risk Management
Question: 72According to COSO’s ERM framework, which view of risk is fully integrated?

A. Portfolio view.

B. Risk view.

C. Risk profile view.

D. Risk category view.

Question: 73An entity determined that its variable interest rate on borrowing will increase significantly in the near
future. Consequently, the entity hedged its variable rate by locking in a fixed rate for the relevant period. According
to COSO, this decision is which type of response to risk?

A. Reduction.

B. Acceptance.

C. Sharing.

D. Avoidance.

Question: 74An entity defines its risk appetite in which component of the COSO ERM framework?

A. Performance.

B. Strategy and objective-setting.

C. Governance and culture.

D. Control environment.

Question: 75The underlying premise of the COSO ERM framework is that every organization exists to

A. Maximize profits.

B. Identify and manage risks.

C. Provide value for its stakeholders.

D. Achieve strategy and business objectives.

‫ﻛﻝ ﺍﻟﻛﺗﺏ ﻭﺍﻻﺳﺋﻠﻪ ﺍﻟﻠﻲ ﺗﺣﺗﺎﺟﻭﻫﺎ ﺣﺗﻼﻗﻭﻫﺎ ﻋﻠﻰ ﺍﻟﻘﻧﺎﺗﻳﻥ ﺩﻭﻝ‬

https://t.me/CMA_part1 https://t.me/CMA_part2
Part 2  Gleim  Questions  2020
Study Unit 2: Fraud and Risk Management
Question: 76According to COSO, ERM is best defined as

A. A process, effected by an entity’s board of directors, management, and other personnel, designed to
provide reasonable assurance regarding the achievement of objectives relating to operations, reporting,
and compliance.

B. A serial process in which one component affects only the next component.

C. A process that takes a control-based approach to an organization.

D. The culture, capabilities, and practices that organizations rely on to manage risk in creating, preserving,
and realizing value.

Question: 77Company management completes event identification and assesses the severity of risk. Management
then acts to alter the severity of risk. According to COSO, which of the following types of risk does this situation
represent?

A. Inherent risk.

B. Actual residual risk.

C. Event risk.

D. Detection risk.

Question: 78According to COSO, an executive’s deliberate misrepresentation to a banker who is considering

whether to make a loan to an enterprise is an example of which of the following internal control limitations?

A. Costs versus benefits.

B. Management override.

C. Breakdown.

D. Collusion.

Question: 79The performance component of the COSO ERM framework addresses an entity’s

A. Performance targets and tolerances.

B. Performance results and consideration of risks.

C. Risk identification, assessment, and prioritization methods.

D. Ability to leverage technology.

‫ﻛﻝ ﺍﻟﻛﺗﺏ ﻭﺍﻻﺳﺋﻠﻪ ﺍﻟﻠﻲ ﺗﺣﺗﺎﺟﻭﻫﺎ ﺣﺗﻼﻗﻭﻫﺎ ﻋﻠﻰ ﺍﻟﻘﻧﺎﺗﻳﻥ ﺩﻭﻝ‬

https://t.me/CMA_part1 https://t.me/CMA_part2
Part 2  Gleim  Questions  2020
Study Unit 2: Fraud and Risk Management
Question: 80According to COSO, which of the following provides oversight of an entity’s enterprise risk
management (ERM)?

A. Management.

B. The risk officer.

C. The board of directors.

D. Financial executives.

Question: 81According to COSO, the difference between inherent risk and actual residual risk results because of
management’s

A. Actions to alter the severity of inherent risk.

B. Actions to alter the severity of actual residual risk.

C. Inability to alter the severity of inherent risk.

D. Inability to share the actual residual risk.

Question: 82The internal auditor who works in enterprise risk management (ERM) may perform each of the
following activities except

A. Auditing ERM.

B. Evaluating the design of the overall entity.

C. Setting the risk appetite of the organization.

D. Identifying improvement opportunities.

Question: 83According to COSO’s ERM framework, which of the following is an essential element of the
governance and culture component?

A. Human capital.

B. Reports on risk and culture.

C. Information systems.

D. Risk responses.

‫ﻛﻝ ﺍﻟﻛﺗﺏ ﻭﺍﻻﺳﺋﻠﻪ ﺍﻟﻠﻲ ﺗﺣﺗﺎﺟﻭﻫﺎ ﺣﺗﻼﻗﻭﻫﺎ ﻋﻠﻰ ﺍﻟﻘﻧﺎﺗﻳﻥ ﺩﻭﻝ‬

https://t.me/CMA_part1 https://t.me/CMA_part2
Part 2  Gleim  Questions  2020
Study Unit 2: Fraud and Risk Management
Question: 84According to COSO, the position or internal entity that is best suited, as part of the enterprise risk
management process, to devise and execute risk procedures for a particular department is

A. The internal audit department.

B. The chief executive officer.

C. A manager within the department.

D. The audit committee.

Question: 85According to the COSO ERM framework, which of following best describes the difference between
strategy and business objectives?

A. Strategy is the plan to achieve business objectives.

B. Business objectives are the steps to achieve strategy.

C. Strategy is the organization’s core purpose, and business objectives are what the organization aspires to
achieve over time.

D. Business objectives are broader in scope than strategy.

Question: 86According to the COSO ERM framework, the characteristic of risk that reflects its nature and scope
is

A. Severity.

B. Velocity.

C. Persistence.

D. Complexity.

Question: 87According to COSO, which of the following has day-to-day responsibility for enterprise risk
management?

A. Management.

B. The board of directors.

C. External auditors.

D. Internal auditors.

‫ﻛﻝ ﺍﻟﻛﺗﺏ ﻭﺍﻻﺳﺋﻠﻪ ﺍﻟﻠﻲ ﺗﺣﺗﺎﺟﻭﻫﺎ ﺣﺗﻼﻗﻭﻫﺎ ﻋﻠﻰ ﺍﻟﻘﻧﺎﺗﻳﻥ ﺩﻭﻝ‬

https://t.me/CMA_part1 https://t.me/CMA_part2
Part 2  Gleim  Questions  2020
Study Unit 2: Fraud and Risk Management
Question: 88Elements of project risk identification include which one of the following?

A. Cost estimates.

B. Actual risk events.

C. Interviews and observations.

D. Activity duration estimates.

Question: 89Which statement below best indicates the order of the risk components that should be implemented
in a new Enterprise Risk Management program?

A. Control risks, set risk management strategy and objectives, and monitor risks.

B. Communicate and monitor risks, identify risks, and treat risks.

C. Assess risks, control risks, and treat risks.

D. Set risk management strategy and objectives, identify risks, and assess risks.

Question: 90A company wants to be “best in class” in terms of enterprise risk management (ERM)
implementation. To achieve this goal, the company plans to identify events that affect the implementation of
strategy and achievement of objectives. Which of the following best reflects an analysis that would help its
identification process?

A. Review of accidents and operational measures.

B. Analysis of default histories and dispersion.

C. Summary of driving records and age.

D. Review of incidents and new market conditions.

Question: 91Enterprise Risk Management (ERM) is closely aligned with corporate governance because it

A. Focuses management’s attention on the risks mitigated.

B. Identifies which of the organizations’ objectives is at greatest risk.

C. Reduces the level of acceptable risks to be taken.

D. Identifies and isolates the silos in which risk exists.

‫ﻛﻝ ﺍﻟﻛﺗﺏ ﻭﺍﻻﺳﺋﻠﻪ ﺍﻟﻠﻲ ﺗﺣﺗﺎﺟﻭﻫﺎ ﺣﺗﻼﻗﻭﻫﺎ ﻋﻠﻰ ﺍﻟﻘﻧﺎﺗﻳﻥ ﺩﻭﻝ‬

https://t.me/CMA_part1 https://t.me/CMA_part2
Part 2  Gleim  Questions  2020
Study Unit 2: Fraud and Risk Management
Question: 92All of the following are key components of the COSO Framework for enterprise risk
management except

A. Risk retention.

B. Risk response.

C. Risk assessment.

D. Objective setting.
Question: 93The controller of Southern Iron Works has been asked by the president to propose an enterprise risk
management program and to identify how the program would fit in the company’s reporting structure. Which
statement below represents the best reporting structure that the controller should propose to the president?

A. An enterprise risk management function that reports to the board of directors with a dotted line to the
internal audit department.

B. An enterprise risk management function that reports to the CEO with a dotted line to the board of
directors.

C. An enterprise risk management function that reports to the internal audit department with a dotted line to
the chief risk officer.

D. An enterprise risk management function that reports to the chief risk officer with a dotted line to the
CEO.

‫ﻛﻝ ﺍﻟﻛﺗﺏ ﻭﺍﻻﺳﺋﻠﻪ ﺍﻟﻠﻲ ﺗﺣﺗﺎﺟﻭﻫﺎ ﺣﺗﻼﻗﻭﻫﺎ ﻋﻠﻰ ﺍﻟﻘﻧﺎﺗﻳﻥ ﺩﻭﻝ‬

https://t.me/CMA_part1 https://t.me/CMA_part2