ISO 31000:2018 PROFFICIENCY EXAM

Generate an image of a professional man or woman analyzing risk management data and charts, with a futuristic office background, symbols of risk management like gears and risk assessment documents in the scene.

ISO 31000:2018 Proficiency Exam

Test your knowledge and understanding of ISO 31000:2018 risk management principles and frameworks with this comprehensive quiz. Whether you are a risk management professional or just looking to enhance your understanding of risk management standards, this quiz is designed for you.

Key Features:

  • 86 engaging questions
  • Multiple choice format
  • Immediate results and feedback
86 Questions22 MinutesCreated by ManagingRisk47
One of the Main Components of Risk Management Framework is
Threat
Principles
Protocols
Opportunity
All of the following are qualities of a risk, EXCEPT
Event
Uncertainty
Future
Threat and Opportunity
The major role of PSE Risk Coordinator is
Managing Risk
Technical Support
Mitigating Risks
Assessment of Risks
There are ..... Principles of ISO 31000:2018 Principles
3
13
8
5
One of the following is a component of risk culture
Policy
Framework
Attitude
Protocol
Risk Identification Technique includes all, EXCEPT on of the following
Brainstorming
Questionnaires
Balanced Scorecard
Delphi Techniques
All of the following are qualities of a good Risk Management Champion, EXCEPT
Good Interpresonal Skills
Public Speaking Skills
Political Skills
Intergrity
Which of the following is Risk Component
An event that may or may not happen
The Probability of occurrence of that event
The Impact of occurance of that event
All Answers are correct
Since Risk is something that can bring negative effect to the organisation, every risk is owned. Risk that is not assigned, is owned by the organisation’s
Risk Manager
IT Manager
IT Manager
Directors and Board of Directors
Which of the following is not a Risk Management Model or Standard
Brainstorming
ISO 31000
COCO
COSO
Which of the following is true about the different between COSO ERM vs ISO 31000
COSO ERM is lengthy while the ISO 31000 is short
COSO ERM stated risk already exist and inherent while ISO 31000 Risk is tied to achieving objectives
COSO ERM is more sequential process while ISO 31000 is more iterate process
All Answers are correct
One of the following is NOT a main component of Risk Management Framework
Risk Management Protocols
Risk Management Architecture
Risk Management Principles
Risk Management Policy
One of the following is not a treatment of Risk as an opportunity
Terminate
Enhance
Explore
Share
All Risks are uncertainties
True
False
Operational Risk is embedded within the systems, processes and procedures. Which of the following is true for the role of IT in organisations:
IT Supports the business organisation
IT enables the business organisation
IT drivers the business organisation
All Answers are correct
The new definition of risk under ISO 31000 and ISO 31010 is
Danger, damage, or loss will occur
Possibility of investment loss
Probability of loss and insurer
Probability of an event that will have impact on objectives
Causes of risk include all of the following, EXCEPT
Health, Safety and environment
Finance
Insurance
Chemical Breakdown
Which of the following does not apply to ISO 31000?
It is the first standard issued by ISO for Risk Management
It can be used by any organisation regardless of size, activity or sector
It can be used for certification purposes
It cannot be used for certification purposes
Clause 5.2 of ISO 31000 the top management of the organisation should demonstrate leadership and commitment and ensure risk management is integrated into all organisation activities. One of the following is not the means to ensure risk is integrated:
Customizing and implementing all components of the framework
Issuing a statement or policy that establishes a risk management approach, plan or course of action
Appointment of formal chief risk officer to manage risk of each activity
Assigning authority, responsibility and accountability at appropriate levels withing the organisation
Business Continuity Management is NOT part of Risk Mitigation Strategies
True
False
Risk assessment techniques help organisations in identifying risk, its consequence and reducing the risk probability. Which of the following is not a risk assessment technique?
Decision tree analysis
Delphi techniques
Critical path analysis
Brainstorming
Mhilu is on a tight deadline to submit his risk identification report to his director. He is considering the identification process without speaking to any of the stakeholders. What could be the immediate outcome for Mhilu in his organization if he proceeded with this decision?
The security budget is not calculated appropriately
The donors refuse to allow the project to continue
Risk Control measures are not properly applied
Potential risks could be overlooked
A program officer and a security manager are planning a focus group discussion with community members on potential risks related to projects on female empowerment in local secondary schools. What is the best approach for them to take to define the context?
Identify any increase of risk with the introduction of female empowerment project
Review the roles of the humanitarian principles in relation to education
Define gender equality in school environment
Discuss the role of girls and how they viewed by community members
Organisation information systems, information flows, and formal and informal decision-making processes are all part of establishing which type of context in regard to the organisation?
External
Internal
Technological
Local
Which one of the following is not a component of risk assessment process?
Risk Treatment
Risk Identification
Risk Evaluation
Risk Analysis
Application of risk assessment techniques requires specific criteria to choose an appropriate method. Which of the following is not a criteria for choosing the risks assessment technique:?
Stakeholders needs
Legal, regulatory and contractual requirement
Intergrity of the Board
Available expertise
The ISO Standard on risk management TECHNIQUES is called:
ISO 31000:2018
ISO 31000: 2009
IEC 31010: 2009
IEC 31010: 2019
Which of the following is a limitation of risk matrices?
Relatively easy to use
Provided a clear visual display of the relevant significant risks
Involves high degree of subjectivity
Allows comparing risk with different types of consequences
Which one of the following statement is not true about the main reasons for managing risks?
Managing risk means forward thinking
Managing risks means responsible thinking
Managing risks means balanced thinking
Managing risks means avoiding risks
Who is the risk Owner?
A risk coordinator of the PSE
Chief Risk Officer
A person or entity with accountability and authority to manage a risk
A risk Champion who understands risks above the average person in the PSE
ISO 31000: 2018 is intended for all of the following except:
Those responsible for implementing risk management within their PSE
Those who need to ensure that an organisation manages risks
Risk Management coordinators and risk champions as owners of risks
Developers of the standards, guides and procedures
One of the following is not a principle of risk management
Creates and protects value
Increases organisation profitability
Part of decision making
Systematic and structured
The risk management framework development involves all of the following processes except:
Mandate and Commitment
Implementing Risk Management
Recording and Reporting
Monitoring and review
The main components of Governance are all of the following, EXCEPT
Directing
Controlling
Risk Management
ISO 31000:2018
One of the following statement is not true about Corporate Governance
The system by which entities are directed and controlled
Process by which organisations are directed, controlled and held to account
The Board and Management authority over staff and resources
Authority, accountability, stewardship, leadership, direction and control
Risk Management is separate from the wider corporate governance and internal control system of an organisation.
True
False
Risk Management is a process, affected by the entity board of directors, management and other personnel, applied to strategy setting and across the enterprise designed to identify potential events that may affect entity, and manage risks within its risk appetite and to provide absolute assurance regarding the achievement of entity objectives.
True
False
One of the following is NOT part of soft side of risks management
Risk Awareness
People
Skills
Policies and procedures
€Is a set of components that provides the foundation and organisation arrangements for designing, implementing, monitoring, reviewing and continually improving risk management throughout the organisation” This infers to:
Risk Management Policy
Risk Management Framework
Risk Management Guidelines
Risk Management Program
One of the following is not risk management model
COSO
Deep Learning Framework
ISO 31000
BSC
One of the following features that distinguish risk from a challenge and a problem
Extrapolation
Uncertainty
Accumulation of past experiences
Event
In general terms “risk management” refers to the architecture (principles, framework and process) for managing risks effectively, while “ managing risk” refers to applying architecture to particular risks
True
False
Risk must be defined and assessed before setting objectives as a prerequisite
True
False
One of the components of risk management policy is
Risk Governance Structure
Risk Protocols
Risk Strategy
Scope
Main components of Risk Management Framework are
Risk policy, Risk Architecture and Risk Strategy
Risk Strategy, protocols and policy
Risk Policy, Architecture and Protocosl
Risk Architecture, Protocols and Governance Structure
In accordance with ISO 31000, Risk Management comprises of
Principles, Framework and Structure
Principles, Framework and Process
Policy, Procedures and Protocols
Framework, Structure and Protocols
According to Clause 5 of the ISO 31000:2018, the main steps in creating the framework include each of the following except:
Leadership and Commitment
Design
Implementation
Process
ISO 31000:2018 Risk Management process comprises of six main stages which are conducted in the following order:
A) Communication and Consultations, Scope, Context, Criteria; , Risk Treatment, Recording and reporting; and Monitoring/Review
B) Scope, Context, Criteria; , Communication and Consultations, Risk Assessment, Risk Treatment, Recording & Reporting; and Monitoring &Review
C) Monitoring & Review, Communication & Consultation, Risk Assessment, Risk Treatment, Recording &Reporting; and Monitoring &Review
D) Communication & Consultations, Scope, Context and Criteria; , Risk Assessment, Risk Treatment, Recording & Reporting; and Monitoring & Review
€Set out the organisation’s risk strategy by documenting statements of the overall philosophy, commitment, appetite, attitudes, intentions and direction of an organisation related to risk management” This represents:
Risk Management Framework
Risk Management Policy
Risk Management Protocols
Risk Management Process
€These are the risk management procedures which define the risk management guidelines, rules and procedures, as well as the risk management methodologies, tools and techniques that should be used to the organisation” This represents:
Risk Management Policy
Risk Management Structure
Risk Management Protocols
Risk management Principles
€Is the systematic application of management policies, procedures and practices to the activities of communicating, consulting, establishing the context, and identifying, analysing, evaluating, treating, monitoring and reviewing risk” This represents:
Risk Management Process
Risk Management Protocols
Risk Management Structure
Risk Management Policy
The approach for developing risk management framework includes all except one of the following activities:
Risk awareness at Board, Council or highest governance unit and entire team
Appoint Risk Champions and conduct a Training of Trainers
Appoint Chief Risk Manager for entire organisation
The formulation of Risk Management Policy
The content of the organisation risk management framework document is usually in the following order:
A) Chapter 1: Introduction, Chapter 2: Risk Management Policy, Chapter 3: Risk Management Governance Structure and Risk Management Procedures
B) Chapter 1: Risk Management Policy, Chapter 2: Risk Management Governance Structure, Chapter 3: Risk Management Procedures, Chapter 4: Risk Management Templates
C) Chapter 1: Definitions, Chapter 2: Risk Management Governance Structure, Chapter 3: Risk Management Protocols, Chapter 4: Risk Management Policy
D) None of the above
Risk Management Implementation Plan helps to align risk management process with the strategic planning process
True
False
In defining external and internal context, the following consideration should be included:
Vision, mission and values
Likelihood criteria
Consequence Criteria
Organisation Capacity
Risk assessment process includes considering the following key issues
Risk identification
Risk Criteria
Risk Evaluation
Risk Analysis
Risk identification, should consider all risks whether, their sources are under or not its control. There may be tangible and intangible consequences
True
False
Which of the following is not a technique used for risk identification?
Brainstorming
Strategic Plan
Sneak Analysis
Cost Benefit Analysis
The purpose of risk analysis is to comprehend the nature of risks and its characteristics including where appropriate, the level of risk.
True
False
Which of the following is NOT the purpose of risk evaluation
Do nothing
Consider risk treatment options
Reconsider objectives
Define the likelihood and impact
Risk Treatment involves each of the following, EXCEPT
Formulation and selecting risks treatment options
Planning and implementing risk treatment
Maintain existing controls
Deciding whether the remaining risk is acceptable
Risk Treatment should consider values, perceptions and potential involvement of stakeholders and most appropriate ways to communicate and consult.
True
False
The purpose of risk monitoring and review is to assure and improve the quality of process design, implementation and outcomes. It should be the last step in all stages of the risk management process.
True
False
The aim of risk recording and reporting are as follows except one which is
Communicate risk management activities and outcomes across the organisation
Provide information for decision making
Gathering and analysis of information and providing feedback
Assist interaction with the stakeholders, including those with responsibility and accountability for risk management activities
Risk appetite is the amount of risk on a board level that an entity is willing to accept in pursuit of value. Which one of the following is not one of the Risk Appetite Best Practices:
A) Formal Policy Structure with Board ownership, line management, accountability and oversight is required
B) Risk appetite articulated explicitly and calibrated to company’s targeted financial performance indicators
C) Use of quantitative and qualitative terms and consider risk tolerance
D) Systematic identification of risk
Which of the following is not part of establishing internal communication:
Ongoing awareness, education and training
Information management
Stakeholders engagement
Use reporting to build confidence
Inherent Risk is the risk by its nature
True
False
Inherent Risk is the risk with full controls
True
False
Which of the following is not part of establishing external communication
Stakeholders engagement
Regulatory reporting requirements
Information management
Business continuity
Risk Management process according to ISO 31000:2018 in full includes six activities which are communication & consultation, Scope, Context & Criteria; Risk identification, Risk treatment, monitoring & review, and Risk reporting & recording.
True
False
Those who carry out risk assessment should be clear about the context and objectives of the organisation, the extent and type of risks that are tolerable, and how unacceptable risks are to be treated.
True
False
Managing risk is about creating value out of certinity
True
False
Which of the following is not part of defining risk criteria decision?
The nature and types of consequences to be included on how they will be measured
The way in which probabilities are to be expressed
Considering that different views and appropriately considered
How the level of risk is determined
Structure interview and semi-structured interviews are useful in risk assessment where it is difficult to get people together for a brainstorming session or where free-flowing discussion in a group is not appropriate for the situation or people involved.
True
False
Which one of the following is not a principle of risk management in accordance with Clause 4 of the ISO 31000:2018?
Value Creation and Protection
Best available information
Leadership and Commitment
Intergrated
Development of risk management Framework in accordance with Caluse 5 includes the following steps, EXCEPT
Intergration
Improvement
Human and Cultural Factors
Evaluation
In Accordance with clause 6 of ISO 31000:2018, there are .... Stages of Risk management process
5
6
9
7
Risk Assessment involves three activities which are namely
Risk identification, Risk Analysis and Recording
Risk identification, risk analysis and risk evaluation
Risk identification, Risk Treatmetn and Risk Evaluation
Risk identification, Risk Analysis and Risk Monitoring and Review
Although the risk management process is often presented as sequential, in practice it is iterative. The static and invariable nature of human behaviour an culture should be considered throughout risk management process.
True
False
One of the follwing is not part of risk management process
Value creation and preservation
Risk Assessment
Risk Analysis
Treatment
Risk assessment should be structured systematically, iteratively and collaboratively, drawing on the knowledge and views of stakeholders. It should use any available information, supplemented by further inquiry as necessary.
True
False
Risk Appetite is the type and amount of risk the PSE is ready to take in pursuit of its objectives
True
False
Residual Risk is
Risk before all controls
Risk without any controls
Risk remaining after controls
Risk by nature of organisation
Strategic Risk Assessment should be conducted before strategy formulation
True
False
One of the main cause of of Risk Management failure is
Failure to share information
Establishment of a reliable basis for decision making and planning
Enhanced communication across all levels of management within the PSE
Management will grasp new opportunities in a timely manner
{"name":"ISO 31000:2018 PROFFICIENCY EXAM", "url":"https://www.quiz-maker.com/QPREVIEW","txt":"Test your knowledge and understanding of ISO 31000:2018 risk management principles and frameworks with this comprehensive quiz. Whether you are a risk management professional or just looking to enhance your understanding of risk management standards, this quiz is designed for you.Key Features:86 engaging questionsMultiple choice formatImmediate results and feedback","img":"https:/images/course8.png"}
Powered by: Quiz Maker