IIA-CRMA Exam Question 101

An internal auditor is conducting an assessment of the organization's fraud prevention program using the COSO enterprise risk management framework. According to this framework, which of the following activities would fall under the control environment component for preventing fraud?
1. The organization uses an automated authority approval matrix to control payments.
2. The organization has a whistleblower hotline that is available to employees.
3. Annually, every manager completes a comprehensive fraud assessment of his or her department.
4. Annually, the organization reviews and communicates the code of expected behavior.
  • IIA-CRMA Exam Question 102

    An organization is beginning to implement an enterprise risk management program. One of the first steps is to develop a common risk language. Which of the following statements about a common risk language is true?