1. Home
  2. ISO-31000-CLA Free Questions
Free Demo Questions

Test Online Free GAQM ISO-31000-CLA Exam Questions and Answers

Practice a live sample before buying full access. This page keeps the free ISO-31000-CLA question set organized by page so visitors and search engines can reach the canonical -questions.html URL directly.

Updated Apr 08, 2023 20 Questions 2 Pages
Get ISO-31000-CLA Full Access
Page 2 of 2
Previous Page
Question 16 Selectable Answer
ISO 31000:2018 risk management process is ______________

Answer:
Explanation:
ISO 31000:2018 risk management process is descriptive6. This means that it provides guidance on what should be done for effective risk management, but not how it should be done. The process can be customized to any organization and its context.
Question 17 Selectable Answer
When defining the success measures for the organization’s risk strategy, the risk management professional will include which of the following steps?

Answer:
Explanation:
A review of the goals and objectives of the risk strategy is part of defining the success measures for the organization’s risk strategy1. This helps to ensure that the risk strategy aligns with the organization’s purpose, vision, mission and values.
Question 18 Selectable Answer
Risk management as defined by OCEG GRC model is:

Answer:
Explanation:
According to 1, OCEG GRC model is “a framework for integrating governance, risk management, compliance and ethics/culture into a single capability”. It defines risk management as “the capability that enables an organization to understand how uncertainty affects its ability to achieve objectives” 2.
Question 19 Selectable Answer
As part of the ISO 31000 risk management process, ‘monitoring and review’ is best thought of as which of the following?

Answer:
Explanation:
According to 3, clause 6.5., monitoring and review “is intended as a feedback loop for checking whether any change has occurred either internally or externally that may affect performance against objectives”. It helps to ensure that the risk management process remains relevant and effective over time.
Question 20 Selectable Answer
Which step is the last part of the risk assessment process, which started with risk identification then moved to risk assessment, and finally risk evaluation?

Answer:
Explanation:
the last step of the risk assessment process, which starts with risk identification, moves to risk assessment, and finally risk evaluation, is Risk evaluation. Risk evaluation involves comparing the estimated level of risk against the risk criteria established during the risk assessment phase, to determine the significance of the risk and whether it is acceptable or not. This decision is made in consultation with stakeholders, who may provide additional context and information to inform the decision.
The American Society for Quality (ASQ) describes risk evaluation as "the process of comparing an estimated risk against given risk criteria to determine the acceptability of the risk." [1]
Similarly, ISO/IEC 27001:2013 (Information technology ― Security techniques ― Information security management systems ― Requirements) defines risk evaluation as "the process of comparing the estimated risk against given risk criteria in order to determine the significance of the risk." [2]
References: [1] ASQ Glossary - Risk evaluation, https://asq.org/quality-resources/risk-evaluation [2] ISO/IEC 27001:2013, Clause 6.1.3(c), https://www.iso.org/standard/54534.html
Showing page 2 of 2
Previous Page

All copyrights reserved 2026 PassQuestion NETWORK CO.,LIMITED. All Rights Reserved.

Passquestion doesn't offer Real Microsoft, Amazon, Cisco Exam Questions. All Passquestion content is sourced from the Internet.