Question No : 1
Causes of risk include all the following except:

• A.Health, safety and environment
• B.Finance
• C.Insurance
• D.Chemical breakdown

Show Answers

Answer:
Explanation:
According to ISO/IEC Guide73 (2009), clause B., causes are “elements which alone or in combination have potential to give rise to risk”. Health, safety, environment, finance and chemical breakdown are examples of causes that can create risks for an organization or an individual 1. Insurance is not a cause but a method of transferring or mitigating some types of risks 1.

Question No : 2
Risk management is tailored.

• A.True
• B.False

Show Answers

Answer:
Explanation:
Risk management is tailored4. Tailored means that risk management takes into account the specific needs, objectives, and characteristics of each organization and its context.

Question No : 3
Who is expected to take a more focused oversight role with respect to risk management control and governance process?

• A.Internal auditors
• B.External auditors
• C.Audit committee
• D.None of the above

Show Answers

Answer:
Explanation:
According to 3, page 7, one of the current trends in auditing, risk management and compliance is “increasing expectations for internal auditors to take a more focused oversight role with respect to enterprise-wide governance processes”. Internal auditors can provide independent assurance on how well an organization manages its risks using various tools such as audits, reviews, assessments and evaluations.

Question No : 4
How many types of potential risk strategies exist?

• A.2
• B.3
• C.4
• D.5

Show Answers

Answer:
Explanation:
According to 1, there are four types of potential risk strategies for threats: avoid (eliminate or change), transfer (share or outsource), mitigate (reduce or control), accept (retain or monitor). There are also four types of potential risk strategies for opportunities: exploit (ensure or enhance), share (allocate or collaborate), enhance (increase or maximize), accept (acknowledge or watch).

Question No : 5
Which of the following documents information are relevant to the organization’s risk management framework, process, and system?

• A.Reporting and auditing
• B.Recording and reporting
• C.Visualizing and conceptualizing
• D.Rationalizing and reporting

Show Answers

Answer:
Explanation:
Recording and reporting documents information that are relevant to the organization’s risk management framework, process, and system2. These activities help to provide evidence, feedback, learning, and improvement for risk management.

Question No : 6
Risk management theory that considers an organization-wide approach to risk management is known as what type of approach?

• A.Cross-functional
• B.Comprehensive
• C.Interrelational
• D.Holistic

Show Answers

Answer:
Explanation:
According to, page 4, a holistic approach to risk management is “one that considers all sources and types of risks across all organizational units and activities”. It aims to integrate governance, strategy, performance, culture and ethics into a coherent framework for managing uncertainty 2.

Question No : 7
Which element is often the biggest challenge in risk implementation?

• A.human
• B.computation

Show Answers

Answer:
Explanation:
Human element is often the biggest challenge in risk implementation. Human element involves overcoming resistance to change, engaging stakeholders, building trust and commitment, and fostering a positive risk culture.

Question No : 8
Which of the following statement about operations risk management is incorrect?

• A.Transparent and inclusive
• B.Dynamic, iterative and responsive to change
• C.Disregarding human factors
• D.Capable of continual improvement and enhancement

Show Answers

Answer:
Explanation:
According to ISO31000 (2018), clause 4., one of the principles of effective risk management is “taking human and cultural factors into account”. This means that risk management should consider how people’s behaviors, perceptions, values and attitudes influence or are influenced by risk .

Question No : 9
Enterprise Risk Management (ERM) is considered to have a significant difference compared with traditional risk management approaches because ERM

• A.ensures that an organisation’s objectives will be achieved.
• B.takes an integrated or holistic approach.
• C.addresses strategic, tactical and operational risk management.

Show Answers

Answer:
Explanation:
According to 2, domain 1, ERM “is a coordinated set of activities and methods that is used by organizations to manage risks across the enterprise”. It takes an integrated or holistic approach that considers all types of risks and their interrelationships across the organization’s functions and levels.

Question No : 10
ISO 31000:2018 offers a generic outline for the design of the risk management framework and process.

• A.True
• B.False

Show Answers

Answer:
Explanation:
ISO 31000:2018 offers a generic outline for the design of the risk management framework and process. ISO 31000:2018 provides guidelines that can be adapted to any organization’s situation and circumstances.