The practice of obtaining critical information from a company in good faith and then

using that information for one's own personal financial gain is called:
Financial trading.
Insider trading.
Shareholder
trading.
Investor trading.
Incorrect. Refer to the correct answer.
Correct. That is the definition of insider trading. Insider trading perpetrated by
corporate executives and managers should be prohibited and reported to the
board through whistle-blowing activity. The other three choices can result from
insider trading as outcomes or tools (IIA Standard 2110—Governance).
Incorrect. Refer to the correct answer.
Incorrect. Refer to the correct answer.
Which of the following has been determined to be a reasonable level of risk?
Minimum risk.
Acceptable
risk.
Residual risk.
Total risk.
Incorrect. This is the reduction in the total risk that results from the impact of
in-place safeguards or controls.
Correct. Acceptable risk is the level of residual risk that has been determined
to be a reasonable level of potential loss or disruption for a specific computer
system (IIA Standard 2120—Risk Management).
Incorrect. This results from the occurrence of an adverse event after adjusting
for the impact of all safeguards in-place.
Incorrect. The potential for the occurrence of an adverse event if no mitigating
action is taken (i.e., the potential for any applicable threat to exploit system
vulnerability).

Organizations do not view enterprise risk management (ERM) as a(n):

 Analytical tool.
Risk mapping tool.
Optimization software tool.
Performance management system
tool.

Incorrect. This is a valid view.

Incorrect. This is a valid view.
Incorrect. This is a valid view.
Correct. The IIA survey indicated that some organizations see ERM as an
analytical tool rather than as a performance management system. Other tools
of importance include risk mapping or optimization software.