CIMA P3 - Risk Management
A company has a sound system of internal controls that have been reviewed by the internal audit department.
Which TWO of the following correctly identify reasons why the company's control system might fail to prevent or detect an irregularity?
JNH is a major corporation that stores its customer database in the Cloud JNH has suffered a data breach that has led to customer credit card details being made available for sale on the internet JNH's Head of Security wishes to analyse network traffic at the cloud-based server in order to gain a better understanding of the manner in which the data was intercepted, but has been refused access.
Which of the following is the most likely explanation for the third-party owner's refusal to assist JNH's Head of Security?
M, a manufacturing company, has had some problems with defects in one of the main products it produces. This product has been made by the company for many years and is very profitable. Last month it had over 300 defects reported by customers which is more than 15% of products sold. This is a reputation risk for M and is also affecting profitability.
Which of the following controls could M introduce to reduce defects and also increase profitability?
ABC is an online retail chain which operates on a 24/7 basis It has been updating its Cyber Security processes and has implemented a centralised monitoring process to track activity through its web access portal
Which of the following activities will increase the awareness of its cyber security risk most effectively?
FGT is evaluating the political risks associated with its operations around the world.
Which of the following would indicate that a particular subsidiary has a high level of political risk?
A large, publicly funded university is considering introducing a new information system in order to enhance its ability to store and retrieve academic records for past and current students, including the registration and deregistration of students.
In conducting an evaluation of the system, which THREE features would the management of the college be most likely to consider as essential prerequisites to implementation?
Smalltown had a problem with people parking cars on the town's mam shopping streets instead of in the nearby car parks The parked cars created congestion and made it difficult for delivery vehicles to unload Smalltown's local government had employed traffic wardens to enforce parking regulations by issuing parking fines to motorists who parked for more than the permitted 30 minutes.
The local government took further action to deal with this problem It banned parking on the busiest streets, it introduced parking charges in the remaining streets and it made it free to park m the town's car parks for up to two hours Fewer people now park cars on the streets because of the charges, but those who do generate significant revenues for the local government Fewer traffic wardens are required and so wage costs have reduced
The local goverment auditors have decided to carry out a value for money audit of the parking system
Which of the following is a measure of effectiveness?
M is a multinational IT company with headquarters in Asia and with operations in all continents.
It is now trying to expand its operations in Europe. This is seen as a major challenge as the European market is very well developed with established players in fierce competition against each other.
As well as developing and producing its own products, it sources products across Asia, America and Europe as part of infrastructure deals which have to include as much of its own equipment as possible. In doing this, transfer prices can be set in YEN, USD, EURO, GBP. Transfer prices are revised every month in line with production times as most goods are made on short order times with sales cycles running at 3-4 months.
The longer sales cycle against committed transfer pricing presents problems as customers expect quotes to be valid for 90 days whereas M's suppliers reserve the right to revise pricing at the end of every month with quotes only valid for 8 days in the following month.
How should M deal with this problem?
Y Company wishes to recruit an employee who will have responsibility for the receipt and handling of cash
From the point of view of the internal auditor which THREE of the following would be most likely to provide useful information about the candidate"?
DBB is a mining company. The company's business requires manners to work underground in hazardous conditions DBB takes every possible precaution to protect the safety and wellbeing of its miners, but that does not prevent the occurrence of four or five serious injuries every year. That number is small in relation to the many thousands of owners employed by DBB.
DBB's Board is preparing a risk map Most directors believe that injuries to miners should be classified as high Likelihood and high impact, which Is a category of risk that should be avoided according to the TARA framework One of the directors has suggested that the risk should be classified as low likelihood and high impact because that would move the risk into the quadrant associated with transference or sharing and so could be draft with by, say, insurance
Which TWO of the following are correct?