Test Online Free GAQM ISO-31000-CLA Exam Questions and Answers
Practice a live sample before buying full access. This page keeps the free ISO-31000-CLA question set organized by page so visitors and search engines can reach the canonical -questions.html URL directly.
Answer: Explanation:
According to ISO/IEC Guide73 (2009), clause B., causes are “elements which alone or in combination have potential to give rise to risk”. Health, safety, environment, finance and chemical breakdown are examples of causes that can create risks for an organization or an individual 1. Insurance is not a cause but a method of transferring or mitigating some types of risks 1.
Question 2Selectable Answer
Risk management is tailored.
Answer: Explanation:
Risk management is tailored4. Tailored means that risk management takes into account the specific needs, objectives, and characteristics of each organization and its context.
Question 3Selectable Answer
Who is expected to take a more focused oversight role with respect to risk management control and governance process?
Answer: Explanation:
According to 3, page 7, one of the current trends in auditing, risk management and compliance is “increasing expectations for internal auditors to take a more focused oversight role with respect to enterprise-wide governance processes”. Internal auditors can provide independent assurance on how well an organization manages its risks using various tools such as audits, reviews, assessments and evaluations.
Question 4Selectable Answer
How many types of potential risk strategies exist?
Answer: Explanation:
According to 1, there are four types of potential risk strategies for threats: avoid (eliminate or change), transfer (share or outsource), mitigate (reduce or control), accept (retain or monitor). There are also four types of potential risk strategies for opportunities: exploit (ensure or enhance), share (allocate or collaborate), enhance (increase or maximize), accept (acknowledge or watch).
Question 5Selectable Answer
Which of the following documents information are relevant to the organization’s risk management framework, process, and system?
Answer: Explanation:
Recording and reporting documents information that are relevant to the organization’s risk management framework, process, and system2. These activities help to provide evidence, feedback, learning, and improvement for risk management.
Question 6Selectable Answer
Risk management theory that considers an organization-wide approach to risk management is known as what type of approach?
Answer: Explanation:
According to, page 4, a holistic approach to risk management is “one that considers all sources and types of risks across all organizational units and activities”. It aims to integrate governance, strategy, performance, culture and ethics into a coherent framework for managing uncertainty 2.
Question 7Selectable Answer
Which element is often the biggest challenge in risk implementation?
Answer: Explanation:
Human element is often the biggest challenge in risk implementation. Human element involves overcoming resistance to change, engaging stakeholders, building trust and commitment, and fostering a positive risk culture.
Question 8Selectable Answer
Which of the following statement about operations risk management is incorrect?
Answer: Explanation:
According to ISO31000 (2018), clause 4., one of the principles of effective risk management is “taking human and cultural factors into account”. This means that risk management should consider how people’s behaviors, perceptions, values and attitudes influence or are influenced by risk .
Question 9Selectable Answer
Enterprise Risk Management (ERM) is considered to have a significant difference compared with traditional risk management approaches because ERM
Answer: Explanation:
According to 2, domain 1, ERM “is a coordinated set of activities and methods that is used by organizations to manage risks across the enterprise”. It takes an integrated or holistic approach that considers all types of risks and their interrelationships across the organization’s functions and levels.
Question 10Selectable Answer
ISO 31000:2018 offers a generic outline for the design of the risk management framework and process.
Answer: Explanation:
ISO 31000:2018 offers a generic outline for the design of the risk management framework and process. ISO 31000:2018 provides guidelines that can be adapted to any organization’s situation and circumstances.
Question 11Selectable Answer
Which management ensures that value is created by identifying opportunities for investment, mergers, or acquisition.
Answer: Explanation:
Risk management ensures that value is created by identifying opportunities for investment, mergers, or acquisition. Risk management helps to assess the potential benefits, costs, and risks of different options and make informed decisions.
Question 12Selectable Answer
Which management can be used in varied and complex settings?
Answer: Explanation:
Risk management can be used in varied and complex settings2. Risk management can help organizations deal with uncertainty and complexity in any type of activity, industry, or sector.
Question 13Selectable Answer
Hopkin states “most standard definitions of risk refer to risks being attached to corporate objectives”.
What is another important factor to consider when linking risk to an organisation?
Answer: Explanation:
According to 1, page 11, core processes are “the activities that an organization performs in order to deliver its products or services”. They are essential for achieving the organization’s objectives and creating value for its stakeholders. Therefore, core processes should be considered when linking risk to an organization.
Question 14Selectable Answer
Which teams are composed of cross functional subject matter experts, risk experts, and process owners?
Answer: Explanation:
Risk assessment teams are composed of cross functional subject matter experts, risk experts, and process owners. Risk assessment teams conduct risk assessments for specific areas or projects within the organization.
Question 15Selectable Answer
The ISO 31000:2018 process can be used to identify stakeholder risk requirements, needs, and expectations.
Answer: Explanation:
The ISO 31000:2018 process can be used to identify stakeholder risk requirements, needs, and expectations4. This is part of establishing the context for risk management, which involves defining the scope, objectives, criteria, roles and responsibilities for risk management.
