CRISC Certified in Risk and Information Systems Control – Question169

Which of the following actions assures management that the organization's objectives are protected from the occurrence of risk events?

A.
Internal control
B. Risk management
C. Hedging
D. Risk assessment

Correct Answer: A

Explanation:

Explanation:
Internal controls are the actions taken by the organization to help to assure management that the organization’s objectives are protected from the occurrence of risk events. Internal control objectives are applicable to all manual or automated areas. Internal control objectives include:

  • Internal accounting controls- They control accounting operations, including safeguarding assets and financial records.
  • Operational controls- They focus on day-to-day operations, functions, and activities. They ensure that all the organization’s objectives are being accomplished.
  • Administrative controls- They focus on operational efficiency in a functional area and stick to management policies.
  • [/*]
  • Incorrect Answers:
  • B: Risk management is the identification, assessment, and prioritization of risks followed by coordinated and economical application of resources. It is done to minimize, monitor, and control the probability and impact of unfortunate events or to maximize the realization of opportunities.
  • C: Hedging is the process of managing the risk of price changes in physical material by offsetting that risk in the futures market. In other words, it is the avoidance of risk. So, it only avoids risk but can not assure protection against risk.
  • D: Risk assessment is a process of analyzing the identified risk, both quantitatively and qualitatively. Quantitative risk assessment requires calculations of two components of risk, the magnitude of the potential loss, and the probability that the loss will occur. While qualitatively risk assessment checks the severity of risk. The assessment attempts to determine the likelihood of the risk being realized and the impact of the risk on the operation. This provides several conclusions:
  • [*]
  • Probability-establishing the likelihood of occurrence and reoccurrence of specific risks, independently and combined.
  • Interdependencies-the relationship between different types of risk. For instance, one risk may have greater potential of occurring if another risk has occurred. Or probability or impact of a situation may increase with combined risk.