Application Questions


& Explanations


Here you will find the answers and explanations for the approximately 160 sample questions

1) You can click a link to within the Application Questions module to check your answer and receive feedback in this module about why the one answer is the best

2) You can also review the material in this module sequentially or in any order you like

3) Use the sample question that follows for an example of how this works

Click the BACK button of your browser to return to the Overview Page



89.  The Vice President of Operations and the Vice President of Finance have expressed concern about the working relationships among various business units within the company.  The change in upper management six years ago recognized the opportunities for new markets and aggressively went after those markets.  As a result, the company has grown from a $2 Million gross income to a $12 Million gross income in five years.  The organization’s overall philosophy has changed from one of complacence to an aggressively competitive organization.  This new excitement of success and business outlook has enhanced the competitiveness among departments.  Hence, in the opinion of some members of upper management, this new environment has caused uncertainty about the continued future success of the company.  In the words of one Vice President, “It seems now that the numbers are what is strived for not the vision.”  The concerned executives have asked their risk and control team to develop a model that would help refocus the overall mission.  Which of the following would be the best model to address the over all picture and the portfolio of success inhibitors?


a. COSO; The Integrated Control Framework Of The Treadway Commission
b. a risk model that will completely address the probability and the impact of the risk upon the vision and objectives
c. an expanded control model that will help address the entire organization and all of the internal and external risk, as well as the strategic plan
d. control models that will ensure that preventive and corrective controls are adequately in place to address the vision                                                                         


There is a substantial amount of “fluff” (extra material) in this question.  However, there are some keys that can be identified which can help with the selection of the best answer.  There are suggestions that the organization has grown at a rapid rate in a short time.


Risk increases proportionally with volatility and change.  There are concerns of increased competition and less teamwork among departments.  This is systemic of a substantial decrease in communications.  Communication is a major component in both the COSO and ERM models.  Communication is an interrelationship issue woven throughout the organization.  COSO addresses this interrelationship of communication.  However, COSO does not expand on the effective interrelationship requirement.  Finally, the question suggests a concern for vision and strategic management.  Strategic management is not specifically addressed in the COSO model.  Strategic management is specifically emphasized in the ERM model.     


The best answer is c. This answer is a definition of the expanded COSO model now named Enterprise Risk Management (ERM).  ERM addresses the portfolio of risk including the risks among sub-functions of an organization, along with the internal and external risks.  It also includes the COSO philosophy and the basic risk model of probability and impact.  ERM adequately addresses controls in all dimensions, hard and soft.


In essence ERM looks at all types of risk that can impact the achievement of objectives.  The term portfolio of risk is defined specifically in the ERM model documentation.  In addition, the ERM documentation addresses the strategic plan of an organization.  Strategic planning includes the impacts on success by external forces, such as competition, technology changes, and rapid growth. 


ERM does not replace nor is it intended to replace COSO or other existing risk and control models.  It is intended to enhance these other models and the perspective of risk and control management.      


This is the end of this module.