Risky Business!
(Impact of the risk)
Control Patrol!
(Effective control?)
Test Quest!
(To test a control or Not?)
Finding Frenzy!
(Risk level classification)
Trivia Time!
(General knowledge)
100

A data breach at a hospital exposes patient records.

What is loss of confidentiality?

100

All purchase orders require dual signatures and are compared with actual deliveries.

What is effective?

100

Checking documentation to see if reconciliations are performed monthly.

What is testing control?

100

Data backups are performed, but not regularly tested for recovery.

What is a medium-risk finding?

100

This element has the chemical symbol ‘AU’.

What is gold?

300

Supply chain disruption halts production for two weeks.

What is operational downtime?

300

The CEO approves all expense reports before reimbursement.

What is ineffective?

300

Recalculating the total value of invoice amounts for accuracy.

What is substantive testing?

300

Unrestricted access to financial systems for all staff.

What is a high-risk finding?

300

The largest mammal on Earth.

What is the blue whale?

500

The CEO’s unethical action was publicized by the media.

What is loss of stakeholder trust?

500

Only the Internal Audit team can authorize access to sensitive files within the organization.

What is ineffective?

500

Reviewing system logs to check if access restrictions were enforced.

What is a test of control?

500

Some monthly reconciliations are performed late, but are always complete.

What is a medium-risk finding?

500

The largest organ in the human body.

What is the skin?