SHRM-CP - RISK MANAGEMENT
EXAM QUESTIONS & ELABORATED
COMPLETE SOLUTIONS
ISO- International Organization for Standardization - Correct Answer ✔✔ presented
definitions related to risk, principles for organizations to follow in making themselves
more resilient and capable of managing risk and a risk management process. ISO 3000
is applicable to a broader range of orgs; defines risk as the effect of uncertainty on
objectives
COSO- Committee of Sponsoring Organization - Correct Answer ✔✔ approach to rish
management- enterprise risk management (ERM) was created in the US primarily for
the needs of the financial industry and to support financial auditing. Compliance
oriented ; defines risk as having an adverse effect
Risk Management - Correct Answer ✔✔ System for identifying, evaluating, and
controlling actual and potential risks to an
organization, and which typically
incorporate mitigation and/or response
strategies, including the use of
insurance.
the barriers to risk management are - Correct Answer ✔✔ Structural, cognitive, cultural:
-Structural: respond to risk in an operational manner. they overlook dependencies within
the org that create risks and/or interfere with proactive risk management
- Cognitive: imagination and openness to change
- cultural: cultural barriers involve what types of mindset are sought, instilled and
rewarded.
Categories of risk - Correct Answer ✔✔ "known known", known unknown, unknown
unknown.
Kaplan and Mikes 3 categories of risk - Correct Answer ✔✔ -Internal and preventable,
strategy, external
Kaplan and Mikes 3 categories of risk : strategy - Correct Answer ✔✔ a desirable
uncertainty that an org willingly accepts when it commits to a strategy (ex. whether
loans can be repaid or employees will be fully productive)
Kaplan and Mikes 3 categories of risk: External - Correct Answer ✔✔ uncertaintyy are
outside of the org and beyond its control (ex. changes in the economy or laws,
disruptive technologies, availability of trained employees)
, COSO ERM framework divides risks into 4 categories - Correct Answer ✔✔ Strategy,
operations, financial reporting, compliance
COSO ERM framework categories of risk: strategy - Correct Answer ✔✔ risks that
affect the orgs ability to achieve its objectives ( investment, innovation, competitive
behavior, employee engagement and diversity). HR process area: recruitment,
succession planning, training and development
COSO ERM framework categories of risk: operations - Correct Answer ✔✔ risks that
affect the myriad ways in which the org creates value ( supply chain, health and safety,
date privacy) HR process area: workplace safety, global assignments, benefits admin)
COSO ERM framework categories of risk: financial reporting - Correct Answer ✔✔ risks
that affect the accuracy and timeliness of information about the orgs financial
performance and condition ( growth of assets)
HR process areas: technology
COSO ERM framework categories of risk: compliance - Correct Answer ✔✔ risks
associate with meeting the requirements of laws and regulations ( workplace and
reporting requirements) HR process area: filing required reports, communication with
employees)
ISO framework that supports the creation of risk aware - Correct Answer ✔✔ 1.
Management committment
2. The orgs governance layer of policies- the orgs ethics and values
3. implementing risk management
4. periodic monitoring
5. continual improvement that could involve realigning the framework to a new org
strategy for risk management
Risk Management process: 1. establish the context of risk - Correct Answer ✔✔ the
orgs tries to gain a sense of how prominent risk plays in the org. SWOT, PESTLE
risk position - Correct Answer ✔✔ the orgs desired gain or loss in value
risk apetite - Correct Answer ✔✔ the amount of uncertainty the org is willing to pursue
or accept -a high level of acceptable risk (ex. we will not risk having open managerial
positions due to poor recruitment)
risk tolerance - Correct Answer ✔✔ the amount of uncertainty the org is willing to
pursue or accept - sets a more defined range above and below a target risk position.
(ex. we will need to take necessary steps to make sure that managament positions are
filled within 30-45 days)
EXAM QUESTIONS & ELABORATED
COMPLETE SOLUTIONS
ISO- International Organization for Standardization - Correct Answer ✔✔ presented
definitions related to risk, principles for organizations to follow in making themselves
more resilient and capable of managing risk and a risk management process. ISO 3000
is applicable to a broader range of orgs; defines risk as the effect of uncertainty on
objectives
COSO- Committee of Sponsoring Organization - Correct Answer ✔✔ approach to rish
management- enterprise risk management (ERM) was created in the US primarily for
the needs of the financial industry and to support financial auditing. Compliance
oriented ; defines risk as having an adverse effect
Risk Management - Correct Answer ✔✔ System for identifying, evaluating, and
controlling actual and potential risks to an
organization, and which typically
incorporate mitigation and/or response
strategies, including the use of
insurance.
the barriers to risk management are - Correct Answer ✔✔ Structural, cognitive, cultural:
-Structural: respond to risk in an operational manner. they overlook dependencies within
the org that create risks and/or interfere with proactive risk management
- Cognitive: imagination and openness to change
- cultural: cultural barriers involve what types of mindset are sought, instilled and
rewarded.
Categories of risk - Correct Answer ✔✔ "known known", known unknown, unknown
unknown.
Kaplan and Mikes 3 categories of risk - Correct Answer ✔✔ -Internal and preventable,
strategy, external
Kaplan and Mikes 3 categories of risk : strategy - Correct Answer ✔✔ a desirable
uncertainty that an org willingly accepts when it commits to a strategy (ex. whether
loans can be repaid or employees will be fully productive)
Kaplan and Mikes 3 categories of risk: External - Correct Answer ✔✔ uncertaintyy are
outside of the org and beyond its control (ex. changes in the economy or laws,
disruptive technologies, availability of trained employees)
, COSO ERM framework divides risks into 4 categories - Correct Answer ✔✔ Strategy,
operations, financial reporting, compliance
COSO ERM framework categories of risk: strategy - Correct Answer ✔✔ risks that
affect the orgs ability to achieve its objectives ( investment, innovation, competitive
behavior, employee engagement and diversity). HR process area: recruitment,
succession planning, training and development
COSO ERM framework categories of risk: operations - Correct Answer ✔✔ risks that
affect the myriad ways in which the org creates value ( supply chain, health and safety,
date privacy) HR process area: workplace safety, global assignments, benefits admin)
COSO ERM framework categories of risk: financial reporting - Correct Answer ✔✔ risks
that affect the accuracy and timeliness of information about the orgs financial
performance and condition ( growth of assets)
HR process areas: technology
COSO ERM framework categories of risk: compliance - Correct Answer ✔✔ risks
associate with meeting the requirements of laws and regulations ( workplace and
reporting requirements) HR process area: filing required reports, communication with
employees)
ISO framework that supports the creation of risk aware - Correct Answer ✔✔ 1.
Management committment
2. The orgs governance layer of policies- the orgs ethics and values
3. implementing risk management
4. periodic monitoring
5. continual improvement that could involve realigning the framework to a new org
strategy for risk management
Risk Management process: 1. establish the context of risk - Correct Answer ✔✔ the
orgs tries to gain a sense of how prominent risk plays in the org. SWOT, PESTLE
risk position - Correct Answer ✔✔ the orgs desired gain or loss in value
risk apetite - Correct Answer ✔✔ the amount of uncertainty the org is willing to pursue
or accept -a high level of acceptable risk (ex. we will not risk having open managerial
positions due to poor recruitment)
risk tolerance - Correct Answer ✔✔ the amount of uncertainty the org is willing to
pursue or accept - sets a more defined range above and below a target risk position.
(ex. we will need to take necessary steps to make sure that managament positions are
filled within 30-45 days)
