IRM Level 1 Exam Questions and
Answers26
Low consequences of threats and opportunities - ANSWERS-Financial impact on the
organisation is likely to be less than Ly.
Low impact on the organization's strategy or operational activities.
Low stakeholder concern.
Probability - Not likely to occur in a ten-year period or less than 25% chance occurrence.
In terms of likelihood, almost certain means - ANSWERS-Once every 24 hours or >80% or 2/3
In terms of likelihood, likely means - ANSWERS-Weekly or 1/2
In terms of likelihood, possible means - ANSWERS-Monthly or 1/5
In terms of likelihood, unlikely means - ANSWERS-Yearly or 1/10
In terms of likelihood, rare means - ANSWERS-Once every 10 years or <5% or 1/100
Risk type rating - ANSWERS-Total (inherent/gross with no controls in place)
CURRENT ( residual/net with controls in place)
Target (within the tolerance and appetite of the organisation)
Any system of risk treatment should provide as a minimum - ANSWERS-• effective and efficient
operation of the organisation
,• effective internal controls
• compliance with laws and regulations.
The purpose of risk action plans is to document how the chosen options for action will be
implemented. Information should include - ANSWERS-• a description of what the planned
action is• expected benefit(s) to be gained
• accountabilities (risk owners and control owners)
• reporting and monitoring requirements
• resourcing requirements
• timing and scheduling
effectiveness of internal control - ANSWERS-the degree to which the risk will either be
eliminated or reduced by the proposed control measures
examples of uninsured costs - ANSWERS-associated with work-related health or safety, which
may include damage to employee morale and the organisation's reputation
what is the purpose of risk action plans? - ANSWERS-to document how the chosen options for
action will be implemented
what information should the risk action plan include? - ANSWERS-• a description of what the
planned action is
• expected benefit(s) to be gained
• accountabilities (risk owners and control owners) • reporting and monitoring requirements
• resourcing requirements
• timing and scheduling
, Business Continuity Management - ANSWERS-- identifies those products and services on which
the organisation depends for its survival.
- can identify what is required for the organisation to continue to meet its objectives and
obligations to stakeholders
- a complimentary subset of risk management - both deal with managing risks in an
organisation, but ERM is broader
- sets out to understand the risks to operations or business, and the consequences of those risks
what does risk avoidance involve? - ANSWERS-exiting a product line, declining expansion to a
new geographical market, or selling a division.
what does risk reduction involve? - ANSWERS-Action is taken to reduce the risk likelihood or
impact, or booth. This typically, involves any of a myriad of everyday business decisions.
What does Accountability help to ensure? - ANSWERS-'ownership' of the risk is recognised and
the appropriate management resource allocated.
What should a monitoring and review process determine? - ANSWERS-• the measures adopted
resulted in what was intended
• the procedures adopted and information gathered for undertaking the assessment were
appropriate
• improved knowledge would have helped to reach better decisions and identify what lessons
could be learned for future assessments and management of risks
Challenges in Reporting - ANSWERS-Local reporting versus group reporting
The level of detail to be included in reports
Frequency and timeliness• Formats of reports
Emerging issue - viability statements in company accounts
Answers26
Low consequences of threats and opportunities - ANSWERS-Financial impact on the
organisation is likely to be less than Ly.
Low impact on the organization's strategy or operational activities.
Low stakeholder concern.
Probability - Not likely to occur in a ten-year period or less than 25% chance occurrence.
In terms of likelihood, almost certain means - ANSWERS-Once every 24 hours or >80% or 2/3
In terms of likelihood, likely means - ANSWERS-Weekly or 1/2
In terms of likelihood, possible means - ANSWERS-Monthly or 1/5
In terms of likelihood, unlikely means - ANSWERS-Yearly or 1/10
In terms of likelihood, rare means - ANSWERS-Once every 10 years or <5% or 1/100
Risk type rating - ANSWERS-Total (inherent/gross with no controls in place)
CURRENT ( residual/net with controls in place)
Target (within the tolerance and appetite of the organisation)
Any system of risk treatment should provide as a minimum - ANSWERS-• effective and efficient
operation of the organisation
,• effective internal controls
• compliance with laws and regulations.
The purpose of risk action plans is to document how the chosen options for action will be
implemented. Information should include - ANSWERS-• a description of what the planned
action is• expected benefit(s) to be gained
• accountabilities (risk owners and control owners)
• reporting and monitoring requirements
• resourcing requirements
• timing and scheduling
effectiveness of internal control - ANSWERS-the degree to which the risk will either be
eliminated or reduced by the proposed control measures
examples of uninsured costs - ANSWERS-associated with work-related health or safety, which
may include damage to employee morale and the organisation's reputation
what is the purpose of risk action plans? - ANSWERS-to document how the chosen options for
action will be implemented
what information should the risk action plan include? - ANSWERS-• a description of what the
planned action is
• expected benefit(s) to be gained
• accountabilities (risk owners and control owners) • reporting and monitoring requirements
• resourcing requirements
• timing and scheduling
, Business Continuity Management - ANSWERS-- identifies those products and services on which
the organisation depends for its survival.
- can identify what is required for the organisation to continue to meet its objectives and
obligations to stakeholders
- a complimentary subset of risk management - both deal with managing risks in an
organisation, but ERM is broader
- sets out to understand the risks to operations or business, and the consequences of those risks
what does risk avoidance involve? - ANSWERS-exiting a product line, declining expansion to a
new geographical market, or selling a division.
what does risk reduction involve? - ANSWERS-Action is taken to reduce the risk likelihood or
impact, or booth. This typically, involves any of a myriad of everyday business decisions.
What does Accountability help to ensure? - ANSWERS-'ownership' of the risk is recognised and
the appropriate management resource allocated.
What should a monitoring and review process determine? - ANSWERS-• the measures adopted
resulted in what was intended
• the procedures adopted and information gathered for undertaking the assessment were
appropriate
• improved knowledge would have helped to reach better decisions and identify what lessons
could be learned for future assessments and management of risks
Challenges in Reporting - ANSWERS-Local reporting versus group reporting
The level of detail to be included in reports
Frequency and timeliness• Formats of reports
Emerging issue - viability statements in company accounts
