Sign in to practice all 70 questions with progress tracking and AI explanations.
1. Which statement best describes how governance, risk management, and control interrelate within an organization?
- A.Governance sets direction and oversight, risk management enables achieving objectives within risk appetite, and controls provide activities that keep risks within tolerance.✓ Correct
- B.Risk management sets strategic direction, governance designs controls, and control functions report quarterly to the operations manager.
- C.Controls define objectives and risk appetite, while governance executes processes and risk management audits performance annually.
- D.Governance and controls are interchangeable terms, and risk management is a specialized audit performed by compliance only.
Explanation
Governance provides direction and oversight; risk management supports objectives within appetite; controls are activities to keep risk within limits. Others invert roles or misuse terms.
2. A board delegates execution to management but remains accountable for governance. Which action most clearly reflects the board's fiduciary role?
- A.Approving risk appetite and monitoring whether management operates within it through regular, independent reporting.✓ Correct
- B.Designing detailed process controls for revenue recognition and approving step-by-step procedures.
- C.Writing departmental KPIs and directly supervising frontline staff scheduling during quarter end.
- D.Issuing management memos instructing teams on daily risk responses for vendor invoices.
Explanation
Fiduciary duty centers on setting risk appetite and overseeing adherence. The other actions are operational tasks that belong to management, not the board.
3. In the Three Lines Model, a sales VP implements controls to reduce credit risk. Which role is primarily being performed?
- A.First line, because management owns risks, designs controls, and is accountable for performance and control outcomes.✓ Correct
- B.Second line, because compliance functions always manage operational controls across all business processes.
- C.Third line, because internal audit supports control design decisions before implementation across functions.
- D.Board oversight line, because directors execute control activities to demonstrate fiduciary accountability.
Explanation
Owning and managing risk with controls is the first line role. Second line advises and monitors; third line provides independent assurance; boards oversee, not execute controls.
4. Which arrangement best preserves internal audit's independence while enabling effective assurance?
- A.Functional reporting of the CAE to the audit committee with administrative reporting to the CEO for resources and day-to-day matters.✓ Correct
- B.Direct functional and administrative reporting of the CAE to the CFO who is frequently the audit subject for financial controls.
- C.Functional reporting of the CAE to the controller and administrative reporting to the head of operations to expedite issue remediation.
- D.Rotating the CAE between leading audit and leading compliance so assurance can be combined with policy ownership.
Explanation
Functional reporting to the audit committee supports independence; admin to CEO is acceptable. Reporting to audit subjects or combining assurance with ownership impairs independence.
5. A company aligns to King principles. Which practice most reflects triple bottom line governance?
- A.Integrating financial, environmental, and social outcomes into decisions and reporting, with transparent trade-offs disclosed to stakeholders.✓ Correct
- B.Focusing exclusively on quarterly earnings growth while planning to address environmental issues after fiscal year close.
- C.Deferring social impact measurement to a philanthropy team that publishes a separate, unaudited brochure annually.
- D.Keeping environmental metrics internal to management to avoid confusing external stakeholders about strategic priorities.
Explanation
King emphasizes integrated consideration of financial, social, and environmental outcomes with transparency. The distractors isolate, defer, or hide nonfinancial impacts.
Practice all 70+ questions in this domain
Start free practice →