(Question): Hopkin states “most standard definitions of risk refer to risks

being attached to corporate objectives”. What is another important factor

to consider when linking risk to an organization?

(A): Core processes.

(B): Hazard management.

(C): Risk correlation.

(Correct): A

(Question): As part of the ISO 31000 risk management process, ‘monitoring

and review’ is best thought of as which of the following?

(A): An extra stage.

(B): A feedback loop.

(C): Part of risk assessment.

(Correct): B

(Question): An international bank has identified the risks associated with

economic changes in the countries in which it operates. Which of the
following correctly describes these risks?

(A): Internal – Infrastructure.

(B): External – Reputational.

(C): External – Marketplace.

(Correct): C
(Question): Relying on historic analysis when assessing potential risks and
possible impacts implies that

(A): should adverse events occur, the impact can be accurately modelled.

(B): all significant risks can be confidently analysed.

(C): management believe that the future will behave much like the past.

(Correct): C

(Question): Which of the following statements about captive insurance

companies are correct?

1. A captive cannot act as a reinsurer.

2. A captive can access reinsurance markets.

3. A captive can sometimes offer greater cover than is available in the

insurance market.

4. A captive must be located in the same country as its parent company.

(A): 1 and 4.

(B): 1 and 2.

(C): 2 and 3.

(Correct): C
(Question): Which of the following is the current trend in auditing, risk
management and compliance?

(A): Providing assurance over threats

(B): Performing discrete audits in compliance with internal control

(C): Front office function providing leading indicators about risk

(Correct): C

(Question): Which of the following statements does not apply to ISO

31000?

(A): It is the first standard issued by ISO for risk management

(B): It can be used by any organization regardless of its size, activity or

sector

(C): It can be used for certification purposes

(Correct): C

(Question): Who is expected to take a more focused oversight role with

respect to risk management control and governance process?

(A): Internal auditors

(B): External auditors

(C): Audit committee

(D): None of the above

(Correct): A
(Question): Where does an internal auditor typically spend most of his time
auditing today?

(A): People

(B): Process

(C): Technology

(D): Infrastructure

(Correct): B

(Question): Which of the following statement about operations risk

management is incorrect?

(A): Transparent and inclusive

(B): Dynamic, iterative and responsive to change

(C): Disregarding human factors

(D): Capable of continual improvement and enhancement

(Correct): C
(Question): A systemic risk involves:

(A): A risk that loss in one area of an organization may cause loss in another
area of the organization

(B): A risk that all of the current suppliers of an organization’s inputs will be
unable to produce the inputs

(C): A risk that an event will cause multiple key people in an organization to
leave at once

(D): A potential major disruption in the function of an entire market or

financial system

(Correct): A

(Question): Which type of risk presents only the chance of loss or no loss?

(A): Hazard risk

(B): Operational risk

(C): Financial risk

(D): Strategic risk

(Correct): A
(Question): Due to the nature of crises, the management of a Crisis
Management Team (CMT) usually requires which type of decision making
structure?

(A): Centralized

(B): Networked

(C): Bottom-up

(D): Consensus-based

(Correct): A

(Question): A program officer and a security manager are planning a focus

group discussion with community members on potential risks related to
projects on female empowerment in local secondary schools. What is the
best approach for them to take to define the context?

(A): Identify any increase of risk with the introduction of a female

empowerment project.

(B): Review the roles of the humanitarian principles in relation to education.

(C): Define gender equality in the school environment.

(D): Discuss the role of girls and how they are viewed by community
members.

(Correct): D
(Question): Which risk identification involves creating alternative ways to
achieve an objective?

(A): Scenario Based

(B): Objectives-Based

(Correct): A

(Question): What does the probability of occurrence multiplied by the

impact of the event, equals to

(A): Risk Tangent

(B): Risk Scale

(C): Risk Level

(D): Risk Magnitude

(Correct): D

(Question): Which type of risk management technique does insurance

belongs to?

(A): Sharing

(B): Reduction

(C): Retention

(Correct): A
(Question): Which ISO Standard is used for hazard identification and risk
assessment?

(A): ISO 15776

(B): ISO 16776

(C): ISO 17776

(D): ISO 18776

(Correct): C

(Question): What is the role of risk management in the strategic planning

process?

(A): Challenge the decisions made.

(B): Develop risk treatment plans.

(C): Draft the decisions to be made.

(D): Identify threats and opportunities.

(Correct): D
(Question): Which activity does the risk management professional perform
immediately after obtaining internal and external information about the
organization?

(A): Analyze the information.

(B): Organize the information

(C): Prioritize the information

(D): Report the information.

(Correct): B

(Question): When defining the success measures for the organization’s risk
strategy, the risk management professional will include which of the
following steps?

(A): A review of the goals and objectives of the risk strategy

(B): A selection of appropriate media for communicating the risk strategy

(C): An analysis of the organization’s total cost of insurable risk

(D): The development of timelines for implementing the risk strategy

(Correct): A
(Question): When an operational area develops a treatment for a critical
risk, the risk management professional MUST

(A): add the risk to the risk map.

(B): communicate the treatment plan directly with internal audit.

(C): evaluate the dollar savings associated with the treatment.

(D): evaluate the impact upon other areas.

(Correct): D

(Question): Within an organisation, when attempting to manage and

control risk, the organisation should be aware that

(A): consideration of risk perception is not required.

(B): consideration should be given to internal controls only.

(C): uncertainty must be taken into account

(D): uncertainty need not be considered.

(Correct): C
(Question): The Chief Risk Officer within a large manufacturing organisation
has been asked by the Board of Directors to provide an example of a pure
risk. A suitable example would be

(A): a fire occurring in a new manufacturing process line.

(B): entering into a contract to purchase a new factory.

(C): making a strategic decision that affects the long-term future of the
organisation.

(D): the purchase of a currency derivative.

(Correct): A

(Question): What could a financial organisation make primary use of, to

assess whether its risk management systems are likely to fail?

(A): Key control indicators.

(B): Key risk indicators.

(C): Silo-based risk management.

(D): Physical inspections.

(Correct): A
(Question): A broker is undertaking a business interruption review on behalf
of a client. This would most commonly include an evaluation of the

(A): effectiveness of a business continuity plan.

(B): effectiveness of risk reserving.

(C): level of risk tolerance.

(D): level of self insurance.

(Correct): A

(Question): A train has crashed and is badly damaged. There have been
numerous claims from injured passengers as well as a loss of revenue for
the train operator. This is an example of

(A): risk aggregation.

(B): risk categorisation.

(C): risk probability.

(D): risk severity.

(Correct): A
(Question): What is typically the day-to-day responsibility of a Chief Risk
Officer within a large organisation?

(A): Ensuring that all key risks are adequately managed and reported.

(B): Preparing and maintaining individual insurance arrangements

(C): Producing policies on compliance matters

(D): Providing assurance that individual risk management processes are

effective.

(Correct): A

(Question): Which type of risk framework is expected to improve efficiency

by aligning strategy, processes, technology and people?

(A): Controls, risk and supervision.

(B): Corporate, governance and control.

(C): Governance, risk and compliance.

(D): Supervision, audit and compliance

(Correct): C
(Question): Which of the following consists of risk management principles,
framework, and process that have been adopted as a national risk
management standard by more than 60 countries?

(A): ISO 9001:2015

(B): ISO 27001:2013

(C): ISO 31000:2018

(D): ISO 14001:2018

(Correct): C

(Question): Which of the following are Critical Elements of a Risk

Management Framework? (choose four)

(A): Architect the system

(B): Design the system

(C): Strategize the system

(D): Implement the system

(E): Assure the system

(F): Organize the system

(Correct): A,B,D,E
(Question): Which of the following are measured extensively throughout
the organization and into the supply chain?

(A): KPI’s and KRI’s

(B): API's and SKD's

(C): PDA's and PBA's

(D): CMP's and CAD's

(Correct): A

(Question): Which of the following significant risks of reporting are outside

the risk appetite of the organization and can impact compliance, which
may also be reportable to regulatory agencies? (Choose two)

(A): External

(B): Vision

(C): Internal

(D): Dynamic

(E): Functional

(Correct): A,C
(Question): Which of the following is an important aspect with stakeholders,
customers, and interested parties is the essential element for maintaining
the relevance of enhanced risk management within the structure of a
changing context?

(A): Interviews

(B): Communication

(C): Brainstorming

(D): Session Storming

(Correct): B

(Question): Which of the following ensures that uncertainty is managed so

the organization can meet its objectives?

(A): Extended risk management

(B): Enhanced risk management

(C): Evasive risk management

(D): Avoidance risk management

(Correct): B
(Question): Which of the following documents information are relevant to
the organization’s risk management framework, process, and system?

(A): Reporting and auditing

(B): Recording and reporting

(C): Visualizing and conceptualizing

(D): Rationalizing and reporting

(Correct): B

(Question): Which of the following tools are used Risk managers for
communication between stakeholders and interested parties?

(A): Database

(B): Records

(C): Bio-data

(D): Resume

(Correct): B
(Question): How many risk management principles exists ISO 31000:2018?

(A): 7

(B): 8

(C): 9

(D): 6

(Correct): B

(Question): Which management ensures that value is created by identifying

opportunities for investment, mergers, or acquisition.

(A): Risk

(B): Quality

(C): Crisis

(D): Safety

(Correct): A
(Question): Which of the following are two ISO 31000:2018 risk
management principles? (Choose two)

(A): Integrated

(B): Customized

(C): Functional

(D): Statistical

(E): Design

(F): Strategy

(Correct): A,B

(Question): Which management can be used in varied and complex

settings?

(A): Crisis

(B): Quality

(C): Safety

(D): Risk

(Correct): D
(Question): Which element is often the biggest challenge in risk
implementation?

(A): human

(B): computation

(Correct): A

(Question): Who serves as the principal adviser to the CEO, business unit
heads, and critical function heads on risk matter?

(A): Chief Risk Officer (CRO)

(B): Chief Information Officer (CIO)

(C): Quality Auditor (QA)

(D): Risk Owner (RO)

(Correct): A

(Question): Which teams are composed of cross functional subject matter

experts, risk experts, and process owners?

(A): Risk assessment teams

(B): Crisis Information teams

(C): Project management teams

(D): Crisis management teams

(Correct): A
(Question): Which of the following is a major challenge in implementing the
ISO 31000:2018 risk management framework?

(A): Scoping framework boundaries

(B): Improvement framework boundaries

(C): Design framework boundaries

(D): Strategic framework boundaries

(Correct): A

(Question): Which of the following is described in terms of consequence

and likelihood?

(A): Level of risk

(B): Level of crisis

(C): Level of uncertainty

(D): Level of cohesiveness

(Correct): A
(Question): Which step is the last part of the risk assessment process, which
started with risk identification then moved to risk assessment, and finally
risk evaluation?

(A): Risk evaluation

(B): Risk outsourcing

(C): Risk acceptance

(D): Risk avoidance

(Correct): A

(Question): Which step is the risk process steps to manage, control, or

remediate risk?

(A): Risk avoidance

(B): Risk identification

(C): Risk evaluation

(D): Risk treatment

(Correct): D
(Question): Which of the is a set of systematic, deliberate, and actionable
steps to manage risk?

(A): Security

(B): Control

(C): Process

(D): Vision

(Correct): B

(Question): Which type of risk remains after risk treatment has been
applied?

(A): Controlled risk

(B): Residual risk

(C): Avoidance risk

(D): Accepted risk

(Correct): B