Download RIMS CRMP Exam Questions and Answers: Risk Management Essentials and more Exams Credit and Risk Management in PDF only on Docsity!
RIMS CRMP EXAM NEWEST EXAM | ALL QUESTIONS
AND CORRECT ANSWERS (VERIFIED ANSWERS) |
ALREADY GRADED A+ | LATEST EXAM (JUST
RELEASED)
A risk management professional advises management on the status of key risks by _______________. A. annually identifying the inventory of risks B. providing information about competitors' risk management plan C. providing insights into the changing characteristics of a risk D. summarizing internal audit reports ---------CORRECT ANSWER------------ -----C. providing insights into the changing characteristics of a risk STEEP is a method used for strategic planning. The acronym STEEP stands for _______________. A. security, technical, emerging, external, profit B. social, technological, economic, environmental, political C. standard, technique, enterprise, environmental, process D. social, theory, external, engaging, program ---------CORRECT ANSWER-----------------B. social, technological, economic, environmental, political Once risks have been analyzed, the risk management professional should evaluate the risks against the risk _______________. A. appetite B. monitoring plan C. treatment D. underwriting criteria ---------CORRECT ANSWER-----------------A. appetite
After validating the training curricula, a risk management professional A. develops training B. develops and schedules training C. matches training to audience D. schedules and conducts training ---------CORRECT ANSWER-------------- ---D. schedules and conducts training What can a risk management professional recommend to management to protect an organization's critical infrastructure from a cyber attack? A. implement password protocols B. buy a tower of cyber liability insurance C. ensure employees do not post on social media D. monitor employees use of the internet ---------CORRECT ANSWER------- ----------A. implement password protocols Risk tolerance is defined as the _______________. A. amount of uncertainty that an organization is prepared to accept B. desired level of risk that an organization believes is optimal to achieve its goals C. amount of risk that an organization can actually assume D. norms and traditions of the individuals of an organization and how they act on risk ---------CORRECT ANSWER-----------------A. amount of uncertainty that an organization is prepared to accept What is the role of risk management in the strategic planning process? A. challenge the decisions made B. develop risk treatment plans C. draft the decisions to be made D. identify threats and opportunities ---------CORRECT ANSWER-------------- ---D. identify threats and opportunities
Which of the following is the BEST example of a reason to revise a risk management program? A. A new exposure arises such as a new merger or acquisition B. Significant turnover within the risk management function C. New product offerings by the insurance industry D. A revision of a company's annual earnings forecast ---------CORRECT ANSWER-----------------A. A new exposure arises such as a new merger or acquisition A business model is a set of assumptions about the ______ A. financial stability of an organization B. organizational structure of a business C. products and services past performance D. way an organization creates value ---------CORRECT ANSWER------------ -----D. way an organization creates value What two analytical tools are particularly useful in analyzing the business model? A. Key performance indicators and total cost of risk B. Key risk indicators and gap analysis C. Pareto analysis and root cause analysis D. Value chain analysis and benchmarking ---------CORRECT ANSWER---- -------------D. Value chain analysis and benchmarking Risk management professionals conduct supply-chain analyses to identify _______________. A. contingent business interruption coverage B. customer technology needs C. international regulatory requirements
D. potential vulnerabilities to the organization ---------CORRECT ANSWER- ----------------D. potential vulnerabilities to the organization Which activity does the risk management professional perform immediately after obtaining internal and external information about the organization? A. analyze the information B. organize the information C. prioritize the information D. report the information ---------CORRECT ANSWER-----------------B. organize the information Which risk identification and analysis technique should a risk management professional use in order to gather information from multiple departments in a brainstorming session that helps to identify shared risks within an organization? A. checklists B. flowcharts C. workshops D. questionnaires ---------CORRECT ANSWER-----------------C. workshops When analyzing an organization's value chain, which of the following would be considered a primary activity? A. technological development B. human resources management C. infrastructure management D. outbound logistics ---------CORRECT ANSWER-----------------D. outbound logistics
D. metrics ---------CORRECT ANSWER-----------------C. media channels Which of the following is considered a risk analysis technique? A. budget allocation B. consensus building C. insurance placement D. Monte Carlo simulation ---------CORRECT ANSWER-----------------D. Monte Carlo simulation When an operational area develops a treatment for a critical risk, the risk management professional MUST _______________. A. add the risk to the risk map B. communicate the treatment plan directly with internal audit C. evaluate the dollar savings associated with the treatment D. evaluate the impact upon other areas ---------CORRECT ANSWER-------- ---------D. evaluate the impact upon other areas A potential DISADVANTAGE of benchmarking is that it A. May limit the type of information obtained if it only considers organizations viewed as a direct competitor B. Focuses primarily on areas of overlap in product or services and does not consider areas in which organizations differ C. Focuses primarily on company best practices and cannot be used to identify areas for possible innovation D. Does not provide useful information about industry and market trends --- ------CORRECT ANSWER-----------------A. May limit the type of information obtained if it only considers organizations viewed as a direct competitor
Which industry environmental factors create uncertainty for an organization? A. Demand and competition B. Cultural factors C. Transportation and infrastructure D. Historical claims experiences ---------CORRECT ANSWER----------------- A. Demand and competition To increase the likelihood that a risk strategy approach will be adopted, it is important for a risk management professional to understand the organization's A. Governance B. Hierarchy C. Culture D. Profit margins ---------CORRECT ANSWER-----------------C. Culture A risk management oversight body focuses on what quadrant of risk as aligning closest to its organization's ability to meet corporate objectives? A. Hazard B. Financial C. Strategic D. Operational ---------CORRECT ANSWER-----------------C. Strategic Risk Mapping is an effective visual tool employed by risk management professionals to A. Capture risk portfolio relative frequency and severity B. Define historical risk portfolio materiality thresholds C. Provide Monte Carlo Simulation inputs D. Confirm validity of loss triangles ---------CORRECT ANSWER--------------- --A. Capture risk portfolio relative frequency and severity
A. Economic cost of implementing a resilient program design B. Resilience across and between organizational cultures C. Market recognition of resilience program effectiveness D. Ensuring alignment between resilience program design and execution when needed ---------CORRECT ANSWER-----------------B. Resilience across and between organizational cultures A risk management professional evaluates which type of key external force to gain insight about another company's strengths and weaknesses? A. Political B. Competitive C. Economic D. Technological ---------CORRECT ANSWER-----------------B. Competitive A timeline is included in the A. Risk implementation plan B. Risk governance structure C. Risk management framework D. Risk monitoring metrics ---------CORRECT ANSWER-----------------A. Risk implementation plan The three components that make up the risk assessment phase of the risk management process are A. Establishing the context, risk evaluation, and risk treatment B. Establishing the context, risk identification, and risk evaluation C. Risk identification, risk analysis, and risk evaluation D. Risk identification, risk analysis, and risk treatment ---------CORRECT ANSWER-----------------C. Risk identification, risk analysis, and risk evaluation
When working with risk owners to develop risk treatment, it is necessary to A. Consider risks equally B. Consider risk within the context of the business C. Generate a positive return on investment in the current year D. Seek approval from the Board of Directors ---------CORRECT ANSWER- ----------------B. Consider risk within the context of the business The risk management professional should prioritize information about the business model based on A. Industry trends B. Annual reports C. Analyst reviews D. Strategic objectives ---------CORRECT ANSWER-----------------D. Strategic objectives When seeking to advise the organization on risks, the risk management professional should try to adopt what type of relationship model? A. Compliance B. Operational C. Partnership D. Sales ---------CORRECT ANSWER-----------------C. Partnership Which of the following would signal a potential change in an organization's risk context? A. The organization acquires a new business B. The organization changes insurance brokers C. The organization's board of directors reviews a compliance report D. The organization publishes its annual report ---------CORRECT ANSWER-----------------A. The organization acquires a new business
D. Working with a large group ---------CORRECT ANSWER-----------------B. Working with a diverse group To gain greater insight on the effects of uncertainty on organizational objectives, the risk management professional A. Has a strong incentive to consult and communicate organizational risks B. Should consult with key risk stakeholders C. Should focus on identifiable risks D. Has a duty to inform when risks are outside of a risk tolerance --------- CORRECT ANSWER-----------------B. Should consult with key risk stakeholders An effective way for a risk management professional to analyze operations of an organization is to form a A. Risk committee B. Captive insurance company C. Risk management department D. Template to gather information ---------CORRECT ANSWER----------------
- A. Risk committee Before a decision is made, which of the following issues should ALWAYS be escalated to higher level risk committees, management committees, or the Board? A. Those that are important but lack critical information B. Those that are overly complex and not well understood C. Those that exceed the authority of the intended decision maker or decision-making body D. Those that fall within the authority of the intended decision maker or decision-making body ---------CORRECT ANSWER-----------------C. Those that exceed the authority of the intended decision maker or decision- making body
Benchmarking ---------CORRECT ANSWER-----------------Benchmarking: The process of measuring the performance of an organization against external standards of reference that frequently come from similar organizations doing similar things. Corporate governance ---------CORRECT ANSWER-----------------Corporate governance: The system of rules, practices, and processes by which a company is directed and controlled Enterprise risk management ---------CORRECT ANSWER----------------- Enterprise risk management: A strategic discipline that supports the achievement of an organization's objectives by addressing the full spectrum of its risk and managing the combined impact of those risks as an interrelated risk portfolio. Gap analysis ---------CORRECT ANSWER-----------------Gap analysis: Comparison of an existing process or procedure (current state-what is) to a desired, future state (what should be) in order to identify deficiencies or excesses in the existing process (what to consider). Key performance indicator (KPI) ---------CORRECT ANSWER----------------- Key performance indicator (KPI): Measure(s) of deviations from expected outcomes to help a firm see how it is performing. Key risk indicator (KRI) ---------CORRECT ANSWER-----------------Key risk indicator (KRI): Leading indicator(s) of risk to business performance, giving early warning about potential risks.
understand, discuss, and act on the risk(s) the organization confronts and takes Risk champion ---------CORRECT ANSWER-----------------Risk champion: Any person in an organization who is a leader and influences peers regarding the value that risk management adds to the organization. Risk governance ---------CORRECT ANSWER-----------------Risk governance: Encompasses the oversight, practices and respective roles and responsibilities for risk within an organization's unique corporate governance. Risk management ---------CORRECT ANSWER-----------------Risk management: Coordinated activities to plan, direct, control and make decisions concerning the effects of uncertainty on objectives. Risk owner ---------CORRECT ANSWER-----------------Risk owner: An individual accountable for the identification, assessment, treatment, and monitoring of risks in a specific environment. Risk portfolio ---------CORRECT ANSWER-----------------Risk portfolio: A broad collection and range of uncertainties that can affect an organization's future. Risk tolerance ---------CORRECT ANSWER-----------------Risk tolerance: The amount of uncertainty an organization is prepared to accept in total or more narrowly within a certain business unit, a particular risk category or for a specific initiative.
Root cause ---------CORRECT ANSWER-----------------Root cause: Underlying or initiating risk source or driver that produces certain outcomes or changes the impact of an outcome or outcomes. Commonly used to describe the point in a chain of events or conditions where an intervention could reasonably be implemented to improve performance or prevent an undesirable outcome. Strategic risk management (SRM) ---------CORRECT ANSWER----------------
- Strategic risk management (SRM): A business discipline that drives deliberation and action regarding uncertainties and untapped opportunities that affect an organization's strategy and strategy execution Root cause analysis ---------CORRECT ANSWER-----------------Root cause analysis: Multiple risk assessment techniques and approaches, at times applied in a series, which are designed to identify the underlying or initiating risk source(s) or driver(s). SWOT analysis ---------CORRECT ANSWER-----------------SWOT analysis: SWOT is an acronym for Strengths, Weaknesses, Opportunities, and Threats and is an analytical approach for environmental scanning that combines internal and external context with obstacles and accelerators to success in achieving objectives. Value chain ---------CORRECT ANSWER-----------------Value chain: A high- level model developed by Michael Porter used to describe the process by which businesses receive raw materials, add value to the raw materials through various processes to create a finished product, and then sell that end product to customers.
Risk is typically analyzed on the basis of ---------CORRECT ANSWER-------- ---------Likelihood, Consequences, other criteria such as timing, duration, vulnerability and interdependencies hazard analysis technique (cause and consequence) ---------CORRECT ANSWER-----------------Bow tie analysis consider business impacts at a location or from a specific process --------- CORRECT ANSWER-----------------Business impact analysis determine steps to improve the organization's capacity to move from a current state to a desired, future state. (current available factors, success factors needed to achieve future desired objectives, highlighting the gaps) - --------CORRECT ANSWER-----------------Gap analysis multiple techniques designed to identify the underlying or initiating risk sources or drivers. (fault tree analysis, event tree analysis, failure mode and effect analysis and cause-and-effect analysis - fish bone diagram) ------ ---CORRECT ANSWER-----------------Root Cause Analysis identify the strength of influencing factors and help determine potential weighting for consideration during the risk assessment process. Define root causes for major risks, define the chain of events likely in a scenario and become the foundation for further modeling. ---------CORRECT ANSWER--- --------------Influence analysis/diagrams
compile risk into a risk register to analyze and manage those risks in an organized way, typically by category. ---------CORRECT ANSWER------------ -----Risk Register Analysis process of analyzing possible and plausible future events by considering alternative settings, circumstances and outcomes. It provides a basis for making decisions in the context of different conditions. ---------CORRECT ANSWER-----------------Scenario analysis leaders at each site perform an assessment by analyzing and evaluating the potential risks based on what is being produced at the site and its environmental factors. This may include threat, vulnerability and criticality analyses. ---------CORRECT ANSWER-----------------Site analysis strengths and weaknesses (internal), opportunities and threats (external) --- ------CORRECT ANSWER-----------------SWOT analysis mathematical technique that generates random variables for modelling risk or uncertainty of a certain system (simulation). The random variables or inputs are modelled on the basis of probability distributions --------- CORRECT ANSWER-----------------Monte Carlo analysis a form of simulation used to determine reactions to different situations. Also used to gauge how certain stressors will affect a company or industry. ------ ---CORRECT ANSWER-----------------Stress analysis
