CRISC Certified in Risk and Information Systems Control – Question196

Which of the following items is considered as an objective of the three dimensional model within the framework described in COSO ERM?

A.
Risk assessment
B. Financial reporting
C. Control environment
D. Monitoring

Correct Answer: B

Explanation:

Explanation:
The COSO ERM (Enterprise Risk Management) frame work is a 3-dimensional model. The dimensions and their components include:

  • Strategic Objectives – includes strategic, operations, reporting, and compliance.
  • Risk Components – includes Internal Environment, Objectives settings, Event identification, Risk assessment, Risk response, Control activities, Information and communication, and monitoring.
  • Organizational Levels – include subsidiary, business unit, division, and entity-level.
  • [/*]
  • The COSO ERM framework contains eight risk components:
  • [*]
  • Internal Environment
  • Objective Settings
  • Event Identification
  • Risk Assessment
  • Risk Response
  • Control Activities
  • Information and Communication Monitoring

Section 404 of the Sarbanes-Oley act specifies a three dimensional model- COSO ERM, comprised of Internal control components, Internal control objectives, and organization entities. All the items listed are components except Financial reporting which is an internal control objective.
Incorrect Answers: A, C, D: They are the Internal control components, not the Internal control objectives.