GAQM ISO-31000-CLA ISO 31000 - Certified Lead Risk Manager Exam Practice Test

According to 2, domain 1, ERM “is a coordinated set of activities and methods that is used by organizations to manage risks across the enterprise”. It takes an integrated or holistic approach that considers all types of risks and their interrelationships across the organization’s functions and levels.

Scoping framework boundaries is a major challenge in implementing the ISO 31000:2018 risk management framework. Scoping framework boundaries involves defining the scope of application of risk management within the organization’s context,

structure, and objectives.

KPIs (Key Performance Indicators) and KRIs (Key Risk Indicators) are measured extensively throughout the organization and into the supply chain1. These indicators help to monitor and evaluate the performance and effectiveness of risk management.

According to 1, there are four types of potential risk strategies for threats: avoid (eliminate or change), transfer (share or outsource), mitigate (reduce or control), accept (retain or monitor). There are also four types of potential risk strategies for opportunities: exploit (ensure or enhance), share (allocate or collaborate), enhance (increase or maximize), accept (acknowledge or watch).

 Risk treatment is the risk process step to manage, control, or remediate risk1. Risk treatment involves selecting and implementing options to modify or control risks.

According to 1, page 9, pure risk is “a situation where there are only two possible outcomes: loss or no loss”. Buying lottery tickets and selling a house are examples of speculative risk, where there is a possibility of gain or loss. Going horse riding without a helmet is an example of pure risk, where there is only a possibility of loss (injury) or no loss.

According to 1, page 15-16, external risks are “those arising from events outside the organization” and marketplace risks are “those arising from changes in market conditions such as customer demand, competition, regulation”. Economic changes in different countries can affect the market conditions for an international bank’s operations.

According to 2, FIRM scorecard is “a tool for measuring risk performance”. It uses four dimensions: financial impact, internal processes, reputation and market position (FIRM). Loss of income and financial gain are examples of financial impact risks that can be quantified using monetary values or ratios. Reputational damage is an example of reputation risk that is more difficult to quantify using objective measures.

Control is not a set of systematic, deliberate, and actionable steps to manage risk, but rather a measure or action that modifies risk1. Process is a set of systematic, deliberate, and actionable steps to manage risk2. Process involves establishing context, identifying risks, analyzing risks, evaluating risks, and treating risks.

Risk management is a strategic management process2. Risk management helps organizations to align their objectives, strategies, and actions with their external and internal environment.

Records are one of the tools used by risk managers for communication between stakeholders and interested parties2. Records help to share information, insights, recommendations, and decisions related to risk management.

According to 3, page 7, one of the current trends in auditing, risk management and compliance is “increasing expectations for internal auditors to take a more focused oversight role with respect to enterprise-wide governance processes”. Internal auditors can provide independent assurance on how well an organization manages its risks using various tools such as audits, reviews, assessments and evaluations.

According to 1, systemic risk is “the possibility that an event at the company level could trigger severe instability or collapse an entire industry or economy”. It is different from other types of risks that affect only specific parts or aspects of an organization 2.

According to , page 4, a holistic approach to risk management is “one that considers all sources and types of risks across all organizational units and activities”. It aims to integrate governance, strategy, performance, culture and ethics into a coherent framework for managing uncertainty 2.

Understanding the potential causes of risk events will primarily help an organisation to reduce the frequency of loss. This is because identifying and analysing the sources and drivers of risks can enable an organisation to implement preventive or mitigating measures.