All

Question 1

The decision to make a financial investment is an example of what type of risk?

Answer 1

Speculative.

Question 2

When considering an emerging risk, what typical outcome will always be in evidence?

Answer 2

Uncertainty.

Question 3

Rafiq chooses to accept the risks associated with his favourite pastime of deep-sea diving. This choice is an example of

Answer 3

risk voluntariness.

NOT
Risk perception

Question 4

When applying probability theory to a specific period of time, a measurement of 1 indicates that the event

Answer 4

will occur.

Question 5

One of the levels of Renn and Rohrmann’s structured framework on risk perception is

Answer 5

emotional factors.

Question 6

What form of risk is most likely to have a positive influence on an individual’s perception of driving a car?

Answer 6

Controlled risks.

Question 7

What is a key difference between pure and speculative risks?

Answer 7

Speculative risks may result in a benefit to the risk-taker, whilst pure risks will only result in a loss
or a break-even position.

Question 8

When considering the likelihood that a risk event may occur, a risk manager should primarily review the probability of its occurrence alongside

Answer 8

frequency.

Question 9

What must a Chief Risk Officer do, if anything, when identifying a significant new and emerging risk to the business?

Answer 9

Report details of the new risk to the Board of Directors in a timely manner to agree additional budgets and actions.

Question 10

Within a large organisation, the responsibility for monitoring and advising on the effectiveness of risk management decisions is primarily the responsibility of the

Answer 10

internal audit function.

Question 11

A key development of the evolution of risk management theory in the fifteenth century was the (share)

Answer 11

invention of the printing press to share ideas and information.

NOT
development of mathematical models.

introduction of probability theory.

Question 12

A key benefit of effective risk management to a manufacturing company is likely to be

Answer 12

a reduction in insurance costs.

Question 13

A key factor that an audit team will consider when assessing a large global organization’s enterprise (timing)

Answer 13

relevant risk information is captured and communicated in a timely manner across the organisation.

Question 14

Where an organisation is unable to assess a risk impact in financial terms, it may typically

Answer 14

measure the risk in qualitative terms.

Question 15

In a risk management context, internal control activities within an organisation typically relate to

Answer 15

policies and procedures that help ensure that risk actions are taken.

Question 16

For a risk committee to function effectively within a large organisation, it must

Answer 16

have unrestricted access to accurate risk information.

Question 17

Succession planning for senior management within an organisation is an example of

Answer 17

risk reduction.

Question 18

A key disadvantage of relying on risk registers for effective risk management controls within an organisation is that they

Answer 18

may fail to take account of correlations between risks.

NOT

are based on risk models that do not consider all circumstances.

Question 19

Where a simple risk description table is contained within a risk register, ‘scope of risk’ relates to

Answer 19

a description of associated possible events that might materialise.

Question 20

The ISO 31000 risk management standard contains a process section which covers

Answer 20

risk identification, assessment and management.

Question 21

Published international risk management standards should always aim to

Answer 21

establish a benchmark of best practice in the main areas of risk management.

NOT

provide detailed guidance on the effective implementation of enterprise risk management
frameworks.

ensure risk management laws and regulations are fully adhered to.

Question 22

Where an organisation adopts an internal control approach to risk management, it means that it will always

Answer 22

concentrate on reducing the uncertainty of outcomes by controlling risks.

Question 23

1

Answer 23

1

Question 24

When an organisation is looking to expand into a new business market, the emergency services may be able to provide the organisation with useful information on

Answer 24

identified risks and risk trends.

Question 25

When an organisation is reviewing its risk management concerns, a key limitation of a physical survey is that it is typically

Answer 25

focused narrowly on one specific aspect of the risk.

Question 26

What method is the insurance risk manager of a large commercial airline most likely to use when categorizing all risks faced by the organisation?

Answer 26

The airline’s own classification system.

NOT

The standardised global classification system for all risks.

Question 27

A risk manager is analysing the cause and effect of a recent risk event which has occurred within the organisation. The risk manager should consider that (connections)

Answer 27

there may be multiple unconnected causes.

Question 28

When operating within a risk management framework, identifying risks that are unacceptable to an
organisation is known as risk …

Answer 28

evaluation.

Question 29

In an organisation, operational risk is typically defined as a risk of loss resulting from

Answer 29

inadequate processes and systems.

Question 30

Within a large manufacturing company, financial risks are most commonly associated with

Answer 30

liquidity and profitability issues.

NOT

loans and consumer credit defaults.

Question 31

Within a large organisation, why might a risk manager find it difficult to categorise risks?

Answer 31

There is no universally accepted definition of individual risks.

NOT

There is never a clear purpose for such risk categorisations.

Question 32

A car dealer is arranging insurance cover for the majority of the risks it faces to protect itself against identified potential losses. The dealer will typically NOT be able to arrange insurance for

Answer 32

losses from reputational damage.

WRONG

credit losses.

Correlated losses

Loses from fraud

Question 33

A financial services organisation has reviewed its decision-making processes and has found risk management failings relating to data protection and anti-money laundering policies. As a result of … (what sort of risks are these)

Answer 33

Compliance and regulatory risk.

NOT

Legal and operational risk.

Question 34

A risk manager is reviewing two separate risks within the organisation. She believes that they could
be interrelated, which could result in greater damage than if the risks had remained completely
separate. She is therefore most likely to be considering the concept of

Answer 34

aggregation and correlation.

Question 35

The Compliance Director within a large organisation is considering implementing a governance, risk and compliance framework. The primary objective she would be seeking to achieve is to

Answer 35

eliminate inherent conflict between the compliance, risk and audit functions.

Question 36

Enterprise Risk Management within a large financial organisation is regarded as

Answer 36

a holistic approach to risk management.

Question 37

In a large international bank, to whom would the Chief Risk Officer typically report to in respect of an assessment of risks for the bank?

Answer 37

The Chief Executive Officer, the Board of Directors and appropriate senior management committees.

Question 38

As a result of recent flooding, a delivery company’s vehicles have all been destroyed. The company now faces losses in respect of its vehicles, revenue and reputational damage. These are examples of

Answer 38

aggregated losses.

NOT

Correlated losses

Question 39

The main way in which governance, risk and compliance improves operational efficiency within a
manufacturing organisation is by

Answer 39

aligning strategy, processes, technology and staff.

Question 40

What method of risk retention involves setting up a separate company which is owned and controlled by the parent organisation?

Answer 40

Captive insurance arrangement.

Question 41

A small plant hire company is seeking to protect itself against responsibility for the legal liability incurred as a result of bodily injury to third parties. In terms of risk transfer, the organisation is most likely to

Answer 41

purchase public liability insurance.

Question 42

A large global organisation has employed an insurance intermediary to assist the organisation in achieving its risk management objectives. The organisation will therefore most likely require the intermediary to advise an insurer on

Answer 42

facilitate risk surveys, advise on insurer selection and implement appropriate insurance arrangements.

Question 43

A global organisation has established a captive insurance arrangement rather than transferring all insured risks externally. A key disadvantage of this course of action is

Answer 43

increased risk retention.

NOT

increased short-term cashflow requirements.

reduced margin from insurance programmes.

Question 44

A motor insurer has established processes to assess a commercial insured’s dependency on the insured’s suppliers and how it achieves safe and appropriate fleet risk management. The insurance broker, acting on behalf of the insurer, will typically attain these through the use of

Answer 44

business interruption reviews and a check of the driver handbook.

Question 45

A risk manager is considering the likelihood that the risk management systems employed within his
organisation might fail. He should be aware that

Answer 45

risk management systems will typically fail because of human behaviour.

Question 46

When considering the likely consequences of the failure of an organisation’s risk management systems, the organisation should be aware that the (secondary)

Answer 46

secondary consequences may be far more severe than primary consequences.

NOT

secondary consequences will be reduced if the appropriate governance risk and compliance
framework is introduced immediately after the risk event has occurred.

Question 47

A large company is considering its risk management standards following an extensive risk management review. What is the company most likely to utilise to assess whether its risk management processes will fail?

Answer 47

Key control indicators.

NOT

Key risk indicators.

Fault trees.

Question 48

What is the key consideration by a large international bank when assessing global risks using computer-based risk modelling?

Answer 48

Assumptions used may not be correct and outcomes may not be correctly interpreted.

Question 49

For what key reason may risk management systems typically fail in a large organisation?

Answer 49

The attitudes of key personnel.

Question 50

The Chief Risk Officer within a large manufacturing organisation has been asked by the Board of
Directors to provide an example of a pure risk. A suitable example would be

Answer 50

a fire occurring in a new manufacturing process line.

Question 51

Within an organisation, when attempting to manage and control risk, the organisation should be aware that

Answer 51

uncertainty must be taken into account.

Question 52

When applying probability theory to a specific period of time, a measurement of 0.85 indicates that the event

Answer 52

is very likely to occur.

Question 53

Which type of risks are characterised by a perceived lack of control and catastrophic potential?

Answer 53

Dread risks.

Question 54

An organisation following the Renn and Rohrmann structured framework should be aware that an individual’s risk perception is influenced by common sense, which is also referred to as

Answer 54

collective reasoning strategies.

Question 55

How can the perception of risk by senior management have a fundamental effect on the future direction of a manufacturing organisation?

Answer 55

It will shape the organisation’s risk appetite and attitude towards risk acceptance.

Question 56

As part of an organization’s risk management process, when considering risk and uncertainty, the risk team should be aware that (both)

Answer 56

risk can apply to both opportunities and threats to the organisation.

Question 57

How does a pure risk differ from a speculative risk?

Answer 57

A pure risk only leads to the possibility of a loss, whereas a speculative risk may lead to a gain.

Question 58

A risk manager in an organisation is calculating a risk factor. The two components in the calculation
are

Answer 58

probability and impact.

Question 59

How did the large fluctuations in prices of many raw materials and commodities in the 1970’s influence the evolution of risk management?

Answer 59

The use of derivatives as a risk management tool increased.

NOT

Business continuity planning was developed.

Question 60

An influence on the evolution of risk management theory in the 19th Century was based on

Answer 60

mathematicians collecting measurements to provide statistical data.

NOT

placing a greater emphasis on the human element of decision making.

Question 61

When considering risk management within a manufacturing organisation, what is a benefit of
conducting a detailed structured analysis of the entire organisation?

Answer 61

It would uncover weaknesses and provide valuable information that can be used to improve
processes.

Question 62

Why is it important that an organisation attempts to measure the benefits of risk management in
financial terms?

Answer 62

It will quantify the level of internal and external resources that are required.

Question 63

Within a large global organisation, who has the primary responsibility of identifying individual risk owners and making sure appropriate risk control activities are carried out?

Answer 63

The Chief Risk Officer.

Question 64

In relation to a large organisation’s risk management process, what does the internal audit function
typically have responsibility for?

Answer 64

Providing detailed assurance that risk management processes are effective.

Question 65

Within a large global organisation, the compliance function is part of what?

Answer 65

a part of both the risk management and audit functions.

Question 66

An organisation operates with separate and independent risk management, compliance and audit
functions. The organisation’s board of directors should be aware that

Answer 66

work will often be duplicated and costs will usually be increased.

Question 67

What is typically the day-to-day responsibility of a Chief Risk Officer within a large organisation?

Answer 67

Ensuring that all key risks are adequately managed and reported.

Question 68

A large organisation is using a typical risk management process and has just established and
identified the risks to which it is exposed. What is likely to be the next stage in the process?

Answer 68

Analysing risks.

Question 69

One of the reasons that an organisation should monitor and regularly review its risk management process is to

Answer 69

consider whether lessons could be learned for future management of risks.

Question 70

A risk register has been produced for a large engineering company. What is a key difficulty of using
such a register?

Answer 70

It may fail to take account of correlations between risks.

Question 71

What is a key consideration when designing an organisational risk register? (risk profile)

Answer 71

The organisation’s risk profile should be captured.

NOT

All staff must receive training on updating the register.

All staff must be able to update and accept new risks.

Question 72

The ISO 31000 standard separates risk management areas into

Answer 72

frameworks, principles and processes.

Question 73

Which risk management standard is mainly concerned with the US legal requirements for reporting
accurate financial data?

Answer 73

COSO.

Question 74

One reason for a risk manager to review an organisational chart is to

Answer 74

establish a decision-making route.

NOT

establish the potential impact of a possible risk incident.

Question 75

In a manufacturing organisation, what is a fault tree designed to show?

Answer 75

It identifies the likelihood of an interruption arising.

Question 76

A logistics manager for a supermarket chain identifies that there is a continual delay in the deliveries
to stores. What is the most appropriate technique to identify the cause of the problem?

Answer 76

Flow chart.

Question 77

To comply with the UK Corporate Governance Code, to which body must all UK-listed companies provide information concerning solvency, liquidity, risk management and viability on an annual basis?

Answer 77

The Financial Reporting Council.

Question 78

Where an insurance organisation has failed to keep up with new legislation governing its day-to-day
activities, it primarily increases its exposure to

Answer 78

compliance and regulatory risk.

Question 79

A large organisation is assessing the financial strength of one of its customers. Which types of risk
are being assessed?

Answer 79

Credit and liquidity.

Question 80

Within an organisation, business risk can be categorised as the

Answer 80

probability of a loss being inherent in an organisation’s operations and environment.

NOT

alleged or actual breach of contract between an organisation and counterparty.

uncertainty relating to the occurrence of an insured event.

Question 81

Why can it be difficult for an organisation to categorise risks?

Answer 81

There is no universally accepted definition of individual risks.

Question 82

Understanding the potential causes of risk events will help an organisation to

Answer 82

reduce the frequency of loss.

Question 83

What advantage does a Governance Risk and Compliance framework offer when compared to retaining separate and independent risk control functions?

Answer 83

It provides a consolidated risk management function.

Question 84

Where a large organisation uses enterprise risk management to create a framework to consider all
risks affecting the organisation, this is known as

Answer 84

a holistic approach.

Question 85

Which type of risk framework is expected to improve efficiency by aligning strategy, processes,
technology and people?

Answer 85

Governance, risk and compliance.

NOT

Corporate, governance and control.

Question 86

When implementing an enterprise risk management (ERM) framework, a large organisation should be aware that ERM relies upon what?

Answer 86

relies largely upon the analysis and evaluation of risks against criteria that are set by the Board.

NOT

will always require assessment of risk management processes from both internal and external
auditors.

Question 87

A train has crashed and is badly damaged. There have been numerous claims from injured passengers as well as a loss of revenue for the train operator. This is an example of

Answer 87

risk aggregation.

Question 88

A requirement for successfully implementing a governance risk and compliance framework within
an organisation is for

Answer 88

consistent terminology to be introduced across the organisation’s risk management and
assurance functions.

Question 89

An organisation will typically find that its insurance arrangements will exclude cover for (database)

Answer 89

the value of its computerised database.

NOT

consequential losses following natural disasters.

credit risks

Question 90

Insurance policies issued by a commercial insurer operating solely in the UK are directly governed
under which Act?

Answer 90

Insurance Act 2015.

Question 91

A broker is undertaking a business interruption review on behalf of a client. This would most commonly include an evaluation of the

Answer 91

effectiveness of a business continuity plan.

Question 92

What is a primary benefit of a large commercial organisation self-insuring a risk?

Answer 92

Its short-term cash-flow position is likely to improve.

Question 93

A large manufacturing organisation has renewed an insurance policy and has accepted a significant
increase in the policy deductible. What is this most likely to indicate?

Answer 93

Increased risk retention.

Question 94

A large organisation has entered into a surety arrangement using a counterparty to guarantee certain credit agreements. The main risk to the organisation of the counterparty failing is that the organisation would

Answer 94

be liable for all future losses incurred on these credit agreements.

NOT

be responsible for all of the counterparty’s losses.

Question 95

For what primary reason could enterprise risk management (ERM) systems fail?

Answer 95

Financial constraints could compromise the implementation of ERM systems.

Question 96

What could a financial organisation make primary use of, to assess whether its risk management
systems are likely to fail? (indicators)

Answer 96

Key control indicators.

NOT

Key risk indicators

Question 97

An engineering company is assessing the key risks faced within the manufacturing process. Although cover is in place for most of the potential losses that may arise, the company should be aware that

Answer 97

human error cannot be eliminated.

Question 98

As a direct result of recent disasters in the oil drilling and exploration sector, for companies in this sector there has been an increase in

Answer 98

new regulations and safety controls.

Question 99

An organisation is considering budgets for its risk management activities. Ideally the organisation
will understand that the benefits of such activities should

Answer 99

be measurable in financial terms.

Question 100

Which individual within a global organisation carries out selected duties in relation to risk management and reports to the risk sub‐committee?

Answer 100

Risk officer.

Question 101

The form of risk management typically provided by an organisation’s audit department is known as

Answer 101

an internal control.

Question 102

The most important task of the risk sub‐committee within a large organisation is to

Answer 102

publish and maintain the overall risk management philosophy.

NOT

ensure that all key risks are adequately reported and managed.

Question 103

Risk Officer vs Risk manager vs Chief Risk Officer

Answer 103

Use the term ‘chief risk officer’ to denote the most senior professional risk manager in an organisation.

Risk Manager - no definition. A risk manager could have board status in some organisations, or a middle management or lesser role in others. In some organisations the role may focus on a particular specialist area
of risk, such as operational, financial or IT risk

Risk officer is the title given to a risk management professional who carries out selected duties under the guidance and direction of the chief risk officer.

Question 104

Silo based organization meaning

Answer 104

An organization where business goals, scope of responsibility and control systems are distributed according to the departmental divisions. In such organizations, cross-functional processes are typically not well understood, managed or controlled.

Question 105

Holistic meaning

Answer 105

characterized by the belief that the parts of something are intimately interconnected and explicable only by reference to the whole.

Question 106

Renn and Rohrmann risk perception levels

Answer 106

First level - covers collective and individual reasoning strategies that have evolved over the years, popularly referred to as common sense

Second level - covers knowledge of the risk, or at least what we believe from available information to be true

Third level - concerns the influence of social and political institutions that people associate with a risk or its cause

Forth level - explores cultural factors that affect risk perception and govern many of the lower levels of influence