PECB Certified ISO 31000 Risk Manager
1. What is the primary objective of ISO 31000?
a) To provide guidelines on project management
b) To offer a generic approach to risk management applicable to any organization
c) To set specific safety standards for industrial processes
d) To define quality management principles
Answer: b) To offer a generic approach to risk management applicable to any organization
Explanation: ISO 31000 provides a comprehensive framework for risk management that can
be applied across various types of organizations to improve their ability to manage risk.
2. Which of the following is NOT a principle of ISO 31000?
a) Integrated
b) Structured and comprehensive
c) Reactive
d) Dynamic
Answer: c) Reactive
Explanation: ISO 31000 emphasizes proactive risk management. Its principles include
integration, structure, and dynamic nature to adapt to changes.
3. Which component of ISO 31000 includes the mandate and commitment for risk
management?
a) Framework
b) Principles
c) Process
d) Context
Answer: a) Framework
Explanation: The framework component of ISO 31000 outlines the organizational
arrangements for designing, implementing, monitoring, reviewing, and continually improving
risk management throughout the organization, including mandate and commitment.
4. ISO 31000 can be applied to which types of organizations?
a) Only large corporations
b) Small and medium-sized enterprises (SMEs)
c) All types of organizations regardless of size, industry, or sector
d) Only governmental organizations
1
, PECB Certified ISO 31000 Risk Manager
Answer: c) All types of organizations regardless of size, industry, or sector
Explanation: ISO 31000 is designed to be universally applicable to any organization,
regardless of size, industry, or sector.
5. What does the risk management framework ensure?
a) Risk management is only the responsibility of the risk management department
b) Risk management activities are consistent across the organization
c) Risk management is treated as a one-time project
d) Risk management is optional for certain departments
Answer: b) Risk management activities are consistent across the organization
Explanation: The framework ensures that risk management is consistently applied
throughout the organization, integrating it into the overall governance, strategy, and planning.
6. Which of the following best describes risk according to ISO 31000?
a) The probability of a negative event occurring
b) The effect of uncertainty on objectives
c) The impact of external factors on an organization
d) The likelihood of financial loss
Answer: b) The effect of uncertainty on objectives
Explanation: ISO 31000 defines risk as the effect of uncertainty on objectives, which can be
both positive and negative.
7. What is a key element of the risk management process in ISO 31000?
a) Setting safety standards
b) Risk assessment
c) Defining quality metrics
d) Establishing product specifications
Answer: b) Risk assessment
Explanation: Risk assessment is a core component of the risk management process,
involving risk identification, risk analysis, and risk evaluation.
8. Which principle emphasizes that risk management should be a part of decision-
making?
2
, PECB Certified ISO 31000 Risk Manager
a) Structured and comprehensive
b) Customized
c) Integrated
d) Inclusive
Answer: c) Integrated
Explanation: The principle of integration indicates that risk management should be an
integral part of organizational decision-making processes.
9. What does the 'dynamic' principle of ISO 31000 refer to?
a) Risk management must remain static and unchanging
b) Risk management should anticipate, detect, acknowledge, and respond to changes
c) Risk management should be done periodically and not continuously
d) Risk management is optional during times of stability
Answer: b) Risk management should anticipate, detect, acknowledge, and respond to
changes
Explanation: The dynamic principle means that risk management must be adaptive and
responsive to internal and external changes to remain effective.
10. According to ISO 31000, who is responsible for risk management?
a) The risk management team only
b) The CEO only
c) Every employee within the organization
d) External consultants
Answer: c) Every employee within the organization
Explanation: ISO 31000 emphasizes that risk management is everyone's responsibility
within the organization, ensuring a risk-aware culture.
11. What is the purpose of the risk management policy as per ISO 31000?
a) To establish a common language for risk management
b) To allocate resources for risk management activities
c) To formalize the organization's approach to risk management
d) To eliminate all risks
Answer: c) To formalize the organization's approach to risk management
Explanation: The risk management policy formalizes the organization's approach, principles,
and commitment to risk management.
3
, PECB Certified ISO 31000 Risk Manager
12. In the context of ISO 31000, what is 'risk attitude'?
a) The organization's approach to assessing risks
b) The overall intentions and direction of an organization related to risk
c) The techniques used for risk analysis
d) The organization's response to a specific risk event
Answer: b) The overall intentions and direction of an organization related to risk
Explanation: Risk attitude refers to the organization's overall approach and stance towards
risk management, influencing its risk management practices.
13. Which of the following is NOT a step in the risk management process according to
ISO 31000?
a) Risk identification
b) Risk elimination
c) Risk analysis
d) Risk evaluation
Answer: b) Risk elimination
Explanation: ISO 31000 does not include risk elimination as a step; instead, it focuses on
identifying, analyzing, and evaluating risks.
14. What is the role of 'context establishment' in ISO 31000?
a) To determine the scope and criteria for risk management
b) To implement risk treatment plans
c) To report risk management activities to stakeholders
d) To ensure compliance with legal requirements
Answer: a) To determine the scope and criteria for risk management
Explanation: Context establishment involves defining the external and internal parameters to
be taken into account when managing risk and setting the scope and criteria for the risk
management process.
15. Which ISO 31000 principle ensures that risk management takes into account the
latest information and developments?
a) Continual improvement
b) Structured and comprehensive
4
1. What is the primary objective of ISO 31000?
a) To provide guidelines on project management
b) To offer a generic approach to risk management applicable to any organization
c) To set specific safety standards for industrial processes
d) To define quality management principles
Answer: b) To offer a generic approach to risk management applicable to any organization
Explanation: ISO 31000 provides a comprehensive framework for risk management that can
be applied across various types of organizations to improve their ability to manage risk.
2. Which of the following is NOT a principle of ISO 31000?
a) Integrated
b) Structured and comprehensive
c) Reactive
d) Dynamic
Answer: c) Reactive
Explanation: ISO 31000 emphasizes proactive risk management. Its principles include
integration, structure, and dynamic nature to adapt to changes.
3. Which component of ISO 31000 includes the mandate and commitment for risk
management?
a) Framework
b) Principles
c) Process
d) Context
Answer: a) Framework
Explanation: The framework component of ISO 31000 outlines the organizational
arrangements for designing, implementing, monitoring, reviewing, and continually improving
risk management throughout the organization, including mandate and commitment.
4. ISO 31000 can be applied to which types of organizations?
a) Only large corporations
b) Small and medium-sized enterprises (SMEs)
c) All types of organizations regardless of size, industry, or sector
d) Only governmental organizations
1
, PECB Certified ISO 31000 Risk Manager
Answer: c) All types of organizations regardless of size, industry, or sector
Explanation: ISO 31000 is designed to be universally applicable to any organization,
regardless of size, industry, or sector.
5. What does the risk management framework ensure?
a) Risk management is only the responsibility of the risk management department
b) Risk management activities are consistent across the organization
c) Risk management is treated as a one-time project
d) Risk management is optional for certain departments
Answer: b) Risk management activities are consistent across the organization
Explanation: The framework ensures that risk management is consistently applied
throughout the organization, integrating it into the overall governance, strategy, and planning.
6. Which of the following best describes risk according to ISO 31000?
a) The probability of a negative event occurring
b) The effect of uncertainty on objectives
c) The impact of external factors on an organization
d) The likelihood of financial loss
Answer: b) The effect of uncertainty on objectives
Explanation: ISO 31000 defines risk as the effect of uncertainty on objectives, which can be
both positive and negative.
7. What is a key element of the risk management process in ISO 31000?
a) Setting safety standards
b) Risk assessment
c) Defining quality metrics
d) Establishing product specifications
Answer: b) Risk assessment
Explanation: Risk assessment is a core component of the risk management process,
involving risk identification, risk analysis, and risk evaluation.
8. Which principle emphasizes that risk management should be a part of decision-
making?
2
, PECB Certified ISO 31000 Risk Manager
a) Structured and comprehensive
b) Customized
c) Integrated
d) Inclusive
Answer: c) Integrated
Explanation: The principle of integration indicates that risk management should be an
integral part of organizational decision-making processes.
9. What does the 'dynamic' principle of ISO 31000 refer to?
a) Risk management must remain static and unchanging
b) Risk management should anticipate, detect, acknowledge, and respond to changes
c) Risk management should be done periodically and not continuously
d) Risk management is optional during times of stability
Answer: b) Risk management should anticipate, detect, acknowledge, and respond to
changes
Explanation: The dynamic principle means that risk management must be adaptive and
responsive to internal and external changes to remain effective.
10. According to ISO 31000, who is responsible for risk management?
a) The risk management team only
b) The CEO only
c) Every employee within the organization
d) External consultants
Answer: c) Every employee within the organization
Explanation: ISO 31000 emphasizes that risk management is everyone's responsibility
within the organization, ensuring a risk-aware culture.
11. What is the purpose of the risk management policy as per ISO 31000?
a) To establish a common language for risk management
b) To allocate resources for risk management activities
c) To formalize the organization's approach to risk management
d) To eliminate all risks
Answer: c) To formalize the organization's approach to risk management
Explanation: The risk management policy formalizes the organization's approach, principles,
and commitment to risk management.
3
, PECB Certified ISO 31000 Risk Manager
12. In the context of ISO 31000, what is 'risk attitude'?
a) The organization's approach to assessing risks
b) The overall intentions and direction of an organization related to risk
c) The techniques used for risk analysis
d) The organization's response to a specific risk event
Answer: b) The overall intentions and direction of an organization related to risk
Explanation: Risk attitude refers to the organization's overall approach and stance towards
risk management, influencing its risk management practices.
13. Which of the following is NOT a step in the risk management process according to
ISO 31000?
a) Risk identification
b) Risk elimination
c) Risk analysis
d) Risk evaluation
Answer: b) Risk elimination
Explanation: ISO 31000 does not include risk elimination as a step; instead, it focuses on
identifying, analyzing, and evaluating risks.
14. What is the role of 'context establishment' in ISO 31000?
a) To determine the scope and criteria for risk management
b) To implement risk treatment plans
c) To report risk management activities to stakeholders
d) To ensure compliance with legal requirements
Answer: a) To determine the scope and criteria for risk management
Explanation: Context establishment involves defining the external and internal parameters to
be taken into account when managing risk and setting the scope and criteria for the risk
management process.
15. Which ISO 31000 principle ensures that risk management takes into account the
latest information and developments?
a) Continual improvement
b) Structured and comprehensive
4
