RIMS - CRMP COMPLETE STUDY
N
GUIDE; QUESTIONS AND ANSWERS
Risks - The effect of uncertainty on objectives
The chance of something happening that will have an impact on objectives
Being prepared for the worst and being poised to exploit opportunities as they are discovered
Enterprise Risk Management - A strategic business discipline that supports the achievement of an
organization's objectives by addressing the full spectrum of its risks and managing the combined impact
of those risks as an interrelated risk portfolio.
Support Function: Business continuity and crisis management - Risk identification, assessment and
creation of emergency response and recovery plans related to threats or hazards that might lead to
operational disruptions
Analysis - A systematic examination and evaluation of data or information by breaking it into its
component parts to uncover their relationships. An examination of data and facts to uncover and
understand cause-effect relationships, thus providing basis for problem solving and decision making.
To embed risk management in both routine and strategic decision, what should managers be able to
recognize? - The type of decision being made; Who should be included in the decision making process;
Where in the process decisions are being made
Risk management strategies' general focus - Meeting or exceeding an organization's objectives
Adhering to control-based objectives, rules and/or controls
Complying with regulatory requirements
Support Function: Internal Audit - Risk identification, assessment and treatment through audit plans with
focus on fraud, corruption, regulatory noncompliance and/or misrepresentation related to the
organization's internal control systems, financial operations, financial statements and reporting as well as
enterprise risk and the organization's risk management framework and process.
What steps can the risk management professional take to embed risk management in decision making? -
Include risk assessment in planning process; Leverage cross-functional risk assessment team and subject
matter experts to identify enterprise risks; Consider cascading and cumulative effects
Gap Analysis - Technique that can be used to determine what steps might need to be taken to improve
the organization's capacity to move from a current state to a desired future state.
Risk appetite - The total exposed amount that an organization wishes to undertake on the basis of risk-
return trade-offs for one or more desire and expected outcomes.
Communication and Consultation - Risk management professional's role in Implementing Risk Strategies
,Support Function: Legal - Risk identification, assessment and treatment of risks related to the obligation
an organization undertakes and transfers through contracting, as well as its compliance with applicable
laws and regulatory obligations.
What are the typical failures in risk management which can be avoided if it is embedded in the decision
making process? - Program not integrated into strategy or its execution; Focused on the wrong risks; Not
executed in a repeatable process; Risk management is practiced in a silo; Activity not viewed as being
value added
Strategic Plan - Determines that actions the organization will take at any stage of the planning period as
circumstances change.
Risk owner - The individual who is ultimately accountable for ensuring that risk is managed
appropriately, including the implementation of selected responses.
Risk Identification Process - Finding, Recognizing and Recording Risks
Support Function: Compliance - Risk identification, assessment and treatment of risk related to
regulations that may affect the organization's ability to operate in its respective jurisdictions, as well as
activities that fall within its compliance and ethics programs.
To successfully integrate risk management into decision making, risk management professionals will rely
on strategies that draw on personal and technical skills in - Building organizational awareness; .
Differentiating the different types of decisions used in varying situations using elements of decision
quality; Performing various roles in the taking risk into account in decision-making process
Strategy - A complete plan of action for whatever situations might arise in achieving an organization's
goals within the established time.
Risk tolerance - The amount of uncertainty an organization is prepared to accept in total or more
narrowly within a certain business unit, a particular risk category or for a specific initiative.
Strategic Risk Management - A business discipline that drives deliberation and action regarding
uncertainties and untapped opportunities that affect an organization's strategy and strategic execution.
Value Chain - The series of functions, processes, materials and activities (inputs) from concept to the
eventual end user that creates and builds value at every step in order to deliver a product or service.
To build organizational awareness, the risk management professional needs to do the following: - Be a
persuasive communicator and facilitator; Have a clear communication plan; Engage interested parties,
including primary and secondary audiences; Demonstrate that risk management creates the most value ;
Develop feedback loops for continuous learning
Risk Analysis - The process of characterizing and understanding the nature of risk and of considering the
level of risk in the context of the organization's willingness to accept risk.
Support Function: Safety - Risk identification, assessment and treatment of risks focused on preserving
the physical well-being of employees and third parties.
Likelihood, Consequences, other criteria such as timing, duration, vulnerability and interdependencies -
Risk is typically analyzed on the basis of
, Support Function: Information Security - Risk Identification, assessment and treatment of risk arising our
of or affecting information and technology infrastructure.
To build organizational awareness, risk management creates the most value when - Risk management
Aligns with strategic goals; Takes corporate culture into account; Involves key enterprise functions
Financial Statements - Internal source of information that includes financial analytics or projections
strategic planning team - The risk manager should be a part of the _______________________ to
provide the structure discipline for consideration of risks in a strategic portfolio.
Internal Audit Reports - Internal source of information that focuses on business practices important to
the goals and reflection of regulatory environment of the organization
risk management - __________________ should be an agenda item at every strategy session.
Support Function: Facilities - Risk identification, assessment and treatment of the organization's
properties, equipment and physical infrastructure systems.
Simple and frequent - A type of decision that are automatic, taken in the moment. These decisions
generally rely on the knowledge and capability of the decision maker using the back-of-the-napkin
technique.
Bow tie analysis - hazard analysis technique (cause and consequence)
Business impact analysis - consider business impacts at a location or from a specific process
Support Functions: Quality - Risk identification, assessment and treatment of risks related to products
and services.
Significant importance or complex - A type of decision that require more deliberate effort. These
decisions generally have some period of planning and a longer decision timeline.
Organizational Structure - Internal source of information that reports from different departments (HR,
Legal, risk, operations, HS, environment, etc.)
Review the existing strategic plan - The first step for the risk manager is to
__________________________ to identify and understand the organization's goals.
key performance indicators - Each high-level strategy objective should be broken down into more
tactical, operational _____________________ for analysis.
External Organization Information - External source of information that includes external audit reports,
competitive analysis, rating agency, consumer reports, legal matters, media coverage
Strategic importance and complex - A type of decision that call for formal planning process over a longer
timeline in which multiple risk management techniques can be applied. Decision quality elements should
be embedded in the process. Due to the importance of the decision, biases should be formally
considered by the entire planning team.
Support Function: Project Management - Assess and identify project risks, mitigate threats and capitalize
on opportunities that my affect the success of a specific project.
N
GUIDE; QUESTIONS AND ANSWERS
Risks - The effect of uncertainty on objectives
The chance of something happening that will have an impact on objectives
Being prepared for the worst and being poised to exploit opportunities as they are discovered
Enterprise Risk Management - A strategic business discipline that supports the achievement of an
organization's objectives by addressing the full spectrum of its risks and managing the combined impact
of those risks as an interrelated risk portfolio.
Support Function: Business continuity and crisis management - Risk identification, assessment and
creation of emergency response and recovery plans related to threats or hazards that might lead to
operational disruptions
Analysis - A systematic examination and evaluation of data or information by breaking it into its
component parts to uncover their relationships. An examination of data and facts to uncover and
understand cause-effect relationships, thus providing basis for problem solving and decision making.
To embed risk management in both routine and strategic decision, what should managers be able to
recognize? - The type of decision being made; Who should be included in the decision making process;
Where in the process decisions are being made
Risk management strategies' general focus - Meeting or exceeding an organization's objectives
Adhering to control-based objectives, rules and/or controls
Complying with regulatory requirements
Support Function: Internal Audit - Risk identification, assessment and treatment through audit plans with
focus on fraud, corruption, regulatory noncompliance and/or misrepresentation related to the
organization's internal control systems, financial operations, financial statements and reporting as well as
enterprise risk and the organization's risk management framework and process.
What steps can the risk management professional take to embed risk management in decision making? -
Include risk assessment in planning process; Leverage cross-functional risk assessment team and subject
matter experts to identify enterprise risks; Consider cascading and cumulative effects
Gap Analysis - Technique that can be used to determine what steps might need to be taken to improve
the organization's capacity to move from a current state to a desired future state.
Risk appetite - The total exposed amount that an organization wishes to undertake on the basis of risk-
return trade-offs for one or more desire and expected outcomes.
Communication and Consultation - Risk management professional's role in Implementing Risk Strategies
,Support Function: Legal - Risk identification, assessment and treatment of risks related to the obligation
an organization undertakes and transfers through contracting, as well as its compliance with applicable
laws and regulatory obligations.
What are the typical failures in risk management which can be avoided if it is embedded in the decision
making process? - Program not integrated into strategy or its execution; Focused on the wrong risks; Not
executed in a repeatable process; Risk management is practiced in a silo; Activity not viewed as being
value added
Strategic Plan - Determines that actions the organization will take at any stage of the planning period as
circumstances change.
Risk owner - The individual who is ultimately accountable for ensuring that risk is managed
appropriately, including the implementation of selected responses.
Risk Identification Process - Finding, Recognizing and Recording Risks
Support Function: Compliance - Risk identification, assessment and treatment of risk related to
regulations that may affect the organization's ability to operate in its respective jurisdictions, as well as
activities that fall within its compliance and ethics programs.
To successfully integrate risk management into decision making, risk management professionals will rely
on strategies that draw on personal and technical skills in - Building organizational awareness; .
Differentiating the different types of decisions used in varying situations using elements of decision
quality; Performing various roles in the taking risk into account in decision-making process
Strategy - A complete plan of action for whatever situations might arise in achieving an organization's
goals within the established time.
Risk tolerance - The amount of uncertainty an organization is prepared to accept in total or more
narrowly within a certain business unit, a particular risk category or for a specific initiative.
Strategic Risk Management - A business discipline that drives deliberation and action regarding
uncertainties and untapped opportunities that affect an organization's strategy and strategic execution.
Value Chain - The series of functions, processes, materials and activities (inputs) from concept to the
eventual end user that creates and builds value at every step in order to deliver a product or service.
To build organizational awareness, the risk management professional needs to do the following: - Be a
persuasive communicator and facilitator; Have a clear communication plan; Engage interested parties,
including primary and secondary audiences; Demonstrate that risk management creates the most value ;
Develop feedback loops for continuous learning
Risk Analysis - The process of characterizing and understanding the nature of risk and of considering the
level of risk in the context of the organization's willingness to accept risk.
Support Function: Safety - Risk identification, assessment and treatment of risks focused on preserving
the physical well-being of employees and third parties.
Likelihood, Consequences, other criteria such as timing, duration, vulnerability and interdependencies -
Risk is typically analyzed on the basis of
, Support Function: Information Security - Risk Identification, assessment and treatment of risk arising our
of or affecting information and technology infrastructure.
To build organizational awareness, risk management creates the most value when - Risk management
Aligns with strategic goals; Takes corporate culture into account; Involves key enterprise functions
Financial Statements - Internal source of information that includes financial analytics or projections
strategic planning team - The risk manager should be a part of the _______________________ to
provide the structure discipline for consideration of risks in a strategic portfolio.
Internal Audit Reports - Internal source of information that focuses on business practices important to
the goals and reflection of regulatory environment of the organization
risk management - __________________ should be an agenda item at every strategy session.
Support Function: Facilities - Risk identification, assessment and treatment of the organization's
properties, equipment and physical infrastructure systems.
Simple and frequent - A type of decision that are automatic, taken in the moment. These decisions
generally rely on the knowledge and capability of the decision maker using the back-of-the-napkin
technique.
Bow tie analysis - hazard analysis technique (cause and consequence)
Business impact analysis - consider business impacts at a location or from a specific process
Support Functions: Quality - Risk identification, assessment and treatment of risks related to products
and services.
Significant importance or complex - A type of decision that require more deliberate effort. These
decisions generally have some period of planning and a longer decision timeline.
Organizational Structure - Internal source of information that reports from different departments (HR,
Legal, risk, operations, HS, environment, etc.)
Review the existing strategic plan - The first step for the risk manager is to
__________________________ to identify and understand the organization's goals.
key performance indicators - Each high-level strategy objective should be broken down into more
tactical, operational _____________________ for analysis.
External Organization Information - External source of information that includes external audit reports,
competitive analysis, rating agency, consumer reports, legal matters, media coverage
Strategic importance and complex - A type of decision that call for formal planning process over a longer
timeline in which multiple risk management techniques can be applied. Decision quality elements should
be embedded in the process. Due to the importance of the decision, biases should be formally
considered by the entire planning team.
Support Function: Project Management - Assess and identify project risks, mitigate threats and capitalize
on opportunities that my affect the success of a specific project.
