1. Right Answer: A
Explanation: The project development team and appropriate end users perform a post-project review jointly after the project has been completed and the system has been in production for a sufficient time period to assess its effectiveness.Incorrect Answers:B: The post-project review of project for accessing effectiveness cannot be done during the project as effectiveness can only evaluated after setting the project in process of production.C: It is not done immediately after the completion of the project as its effectiveness cannot be measured until the system has been in production for certain time period.D: Post-project review for evaluating the effectiveness of the project can only be done after the completion of the project and the project is in production phase.

2. Right Answer: A,C,D
Explanation: Following are the tasks that are involved in articulating risk: Communicate risk analysis results. Report risk management activities and the state of compliance. Interpret independent risk assessment findings. Identify business opportunities.

3. Right Answer: A,C,D
Explanation: The result of risk analysis process is being communicated to relevant stakeholders. The steps that are involved in communication are: The results should be reported in terms and formats that are useful to support business decisions. Coordinate additional risk analysis activity as required by decision makers, like report rejection and scope adjustment. Communicate the risk-return context clearly, which include probabilities of loss and/or gain, ranges, and confidence levels (if possible) that enable management to balance risk-return. Identify the negative impacts of events that drive response decisions as well as positive impacts of events that represent opportunities which should channel back into the strategy and objective setting process. Provide decision makers with an understanding of worst-case and most probable scenarios, due diligence exposures and significant reputation, legal or regulatory considerations.Incorrect Answers:B: Both the negative and positive risk impacts are being communicated to relevant stakeholders. Identify the negative impacts of events that drive response decisions as well as positive impacts of events that represent opportunities which should channel back into the strategy and objective setting process.

4. Right Answer: A
Explanation: Risk communication is a critical part in the risk management process. People are naturally uncomfortable talking about risk and tend to put off admitting that risk is involved and communicating about issues; incidents; and; eventually, even crises.If risk is to be managed and mitigated, it must first be discussed and effectively communicated throughout an enterprise.Incorrect Answers:B: Auditing is done to test the overall risk management process and the planned risk responses. So it is the very last phase after completion of risk management process.C: Risk monitoring is the last phase to complete risk management process, and for proper management of risk it should be communicated properly. Hence risk communication is the most crucial step.D: Risk mitigation is one of the phases of risk management process for effective mitigation of risk it should be first communicated throughout an enterprise.

5. Right Answer: B
Explanation: Segregation of duties (SOD) is a key component to maintaining a strong internal control environment because it reduces the risk of fraudulent transactions. When duties for a business process or transaction are segregated it becomes more difficult for fraudulent activity to occur because it would involve collusion among several employees.Incorrect Answers:A: An RMIS can be a very effective tool in monitoring all risk factors that impact the enterprise. The danger is that many important classes of risk may be omitted from consideration by the system. hence it doesn't ensure strong internal control environment.C: Manual controls usually not form strong internal control environment. By not automating SOD controls, there is, potentially, the issue of these controls becoming a barrier in serving the customer. As manual authorizations are often time consuming and require another step in any business process, this takes time away from serving the customer.Automated compliance solutions aim to provide enterprises with timely and efficient internal controls that do not disrupt their normal business process.D: It is not directly related in maintaining strong internal control environment. The automated tools are typically used to address SOD and also to provide the enterprise with reporting functionality on SOD violations (i.e., detective controls) and to put in place preventive controls.