RIMS-CRMP EXAM STUDY GUIDE 2026/2027 | Common
Terms & Definitions | Already Graded A+ | Certified Risk
Management Professional | Pass Guaranteed - A+ Graded
Section 1: Foundational Risk Management Terms (Q1-15)
Q1
According to ISO 31000, risk is defined as:
A. The chance of financial loss occurring in an organization
B. The effect of uncertainty on objectives
C. The probability of a negative event multiplied by its severity
D. The deviation from expected returns in investment portfolios
Correct Answer: B. The effect of uncertainty on objectives [CORRECT]
Rationale: ISO 31000 defines risk as the effect of uncertainty on objectives,
encompassing both positive and negative effects. A is too narrow (financial only), C
describes EMV calculation, and D is investment-specific.
Q2
A manufacturing plant identifies that without any safety systems, the probability of a
major equipment failure is 35%. After installing monitoring systems and redundant
controls, the probability drops to 8%. The 8% represents:
A. Inherent risk
B. Residual risk
C. Risk appetite
D. Risk capacity
Correct Answer: B. Residual risk [CORRECT]
,Rationale: Residual risk is the risk remaining after controls are implemented; inherent
risk was 35% before controls. A is the pre-control level, C is willingness to take risk, and
D is maximum absorbable risk.
Q3
An organization's board states they are willing to accept up to $50M in potential losses
from expansion activities. The CFO notes that the company could technically absorb
$100M before insolvency. The operations team is instructed to keep quarterly losses
below $5M. Which term describes the $5M limit?
A. Risk appetite
B. Risk capacity
C. Risk tolerance
D. Risk culture
Correct Answer: C. Risk tolerance [CORRECT]
Rationale: Risk tolerance is the acceptable variation around risk appetite ($50M); the
$5M quarterly limit is a tolerance threshold. A is the overall willingness ($50M), B is
maximum absorbable ($100M), and D is behavioral values.
Q4
The shared values, beliefs, attitudes, and behaviors toward risk within an organization
best describe:
A. Risk governance
B. Risk framework
C. Risk culture
D. Risk infrastructure
Correct Answer: C. Risk culture [CORRECT]
Rationale: Risk culture encompasses the human elements—values, beliefs, and
behaviors—that shape how risk is perceived and managed. A refers to oversight
structures, B is the structured approach, and D is systems/tools.
,Q5
The individual who is ultimately accountable for ensuring a specific risk is managed
appropriately is the:
A. Risk manager
B. Risk owner
C. Chief Risk Officer
D. Internal auditor
Correct Answer: B. Risk owner [CORRECT]
Rationale: The risk owner is the accountable individual with authority and resources to
manage a specific risk. A may support but doesn't own, C oversees enterprise risk, and
D provides independent assurance.
Q6
Coordinated activities to direct and control an organization with regard to risk define:
A. Risk governance
B. Risk management
C. Risk assessment
D. Risk treatment
Correct Answer: B. Risk management [CORRECT]
Rationale: This is the ISO 31000 definition of risk management as coordinated
activities. A is the oversight framework, C is a component of risk management, and D is
also a component.
Q7
A board approves a strategic plan to enter emerging markets, acknowledging potential
losses up to 8% of revenue. The executive team is directed to halt expansion in any
market where losses exceed 2% quarterly. The 8% figure represents:
A. Risk tolerance
B. Risk capacity
C. Risk appetite
, D. Risk threshold
Correct Answer: C. Risk appetite [CORRECT]
Rationale: Risk appetite is the total amount of risk the organization is willing to pursue
(8% of revenue); the 2% quarterly is tolerance. A is the variation limit, B is maximum
absorbable, and D is a specific trigger value.
Q8
Before implementing a new cybersecurity firewall, a hospital's probability of a data
breach was assessed at 40%. After installation, the probability is 12%. The 40% figure is
the:
A. Residual risk
B. Target risk
C. Inherent risk
D. Controlled risk
Correct Answer: C. Inherent risk [CORRECT]
Rationale: Inherent risk is the raw risk before any controls are applied; residual is the
12% remaining. B is aspirational, and D is not a standard risk term.
Q9
A nonprofit organization has endowment funds of $20M and annual operating reserves
of $3M. Their maximum potential financial loss before ceasing operations is
approximately $23M. This represents the organization's:
A. Risk appetite
B. Risk tolerance
C. Risk capacity
D. Risk budget
Correct Answer: C. Risk capacity [CORRECT]
Terms & Definitions | Already Graded A+ | Certified Risk
Management Professional | Pass Guaranteed - A+ Graded
Section 1: Foundational Risk Management Terms (Q1-15)
Q1
According to ISO 31000, risk is defined as:
A. The chance of financial loss occurring in an organization
B. The effect of uncertainty on objectives
C. The probability of a negative event multiplied by its severity
D. The deviation from expected returns in investment portfolios
Correct Answer: B. The effect of uncertainty on objectives [CORRECT]
Rationale: ISO 31000 defines risk as the effect of uncertainty on objectives,
encompassing both positive and negative effects. A is too narrow (financial only), C
describes EMV calculation, and D is investment-specific.
Q2
A manufacturing plant identifies that without any safety systems, the probability of a
major equipment failure is 35%. After installing monitoring systems and redundant
controls, the probability drops to 8%. The 8% represents:
A. Inherent risk
B. Residual risk
C. Risk appetite
D. Risk capacity
Correct Answer: B. Residual risk [CORRECT]
,Rationale: Residual risk is the risk remaining after controls are implemented; inherent
risk was 35% before controls. A is the pre-control level, C is willingness to take risk, and
D is maximum absorbable risk.
Q3
An organization's board states they are willing to accept up to $50M in potential losses
from expansion activities. The CFO notes that the company could technically absorb
$100M before insolvency. The operations team is instructed to keep quarterly losses
below $5M. Which term describes the $5M limit?
A. Risk appetite
B. Risk capacity
C. Risk tolerance
D. Risk culture
Correct Answer: C. Risk tolerance [CORRECT]
Rationale: Risk tolerance is the acceptable variation around risk appetite ($50M); the
$5M quarterly limit is a tolerance threshold. A is the overall willingness ($50M), B is
maximum absorbable ($100M), and D is behavioral values.
Q4
The shared values, beliefs, attitudes, and behaviors toward risk within an organization
best describe:
A. Risk governance
B. Risk framework
C. Risk culture
D. Risk infrastructure
Correct Answer: C. Risk culture [CORRECT]
Rationale: Risk culture encompasses the human elements—values, beliefs, and
behaviors—that shape how risk is perceived and managed. A refers to oversight
structures, B is the structured approach, and D is systems/tools.
,Q5
The individual who is ultimately accountable for ensuring a specific risk is managed
appropriately is the:
A. Risk manager
B. Risk owner
C. Chief Risk Officer
D. Internal auditor
Correct Answer: B. Risk owner [CORRECT]
Rationale: The risk owner is the accountable individual with authority and resources to
manage a specific risk. A may support but doesn't own, C oversees enterprise risk, and
D provides independent assurance.
Q6
Coordinated activities to direct and control an organization with regard to risk define:
A. Risk governance
B. Risk management
C. Risk assessment
D. Risk treatment
Correct Answer: B. Risk management [CORRECT]
Rationale: This is the ISO 31000 definition of risk management as coordinated
activities. A is the oversight framework, C is a component of risk management, and D is
also a component.
Q7
A board approves a strategic plan to enter emerging markets, acknowledging potential
losses up to 8% of revenue. The executive team is directed to halt expansion in any
market where losses exceed 2% quarterly. The 8% figure represents:
A. Risk tolerance
B. Risk capacity
C. Risk appetite
, D. Risk threshold
Correct Answer: C. Risk appetite [CORRECT]
Rationale: Risk appetite is the total amount of risk the organization is willing to pursue
(8% of revenue); the 2% quarterly is tolerance. A is the variation limit, B is maximum
absorbable, and D is a specific trigger value.
Q8
Before implementing a new cybersecurity firewall, a hospital's probability of a data
breach was assessed at 40%. After installation, the probability is 12%. The 40% figure is
the:
A. Residual risk
B. Target risk
C. Inherent risk
D. Controlled risk
Correct Answer: C. Inherent risk [CORRECT]
Rationale: Inherent risk is the raw risk before any controls are applied; residual is the
12% remaining. B is aspirational, and D is not a standard risk term.
Q9
A nonprofit organization has endowment funds of $20M and annual operating reserves
of $3M. Their maximum potential financial loss before ceasing operations is
approximately $23M. This represents the organization's:
A. Risk appetite
B. Risk tolerance
C. Risk capacity
D. Risk budget
Correct Answer: C. Risk capacity [CORRECT]
