DUMPS
BASE
EXAM DUMPS
PRMIA
8020
28% OFF Automatically For You
ORM Certificate - 2023 Update
,1.What are the roles of business versus risk management in developing and
implementing risk assessments?
A. Risk management, in its role as second line of defense, performs the risk
assessment process from beginning to end. There is no business line involvement.
B. The business owns the risk assessment process, while risk management develops
the framework, helps facilitate the process, and provides supervision and oversight.
C. Business owns the risk assessment process so risk management does not play a
role in the process.
D. Business management's role in the risk assessment process should be confined to
oversight.
Answer: B
Explanation:
The Principles for Risk Governance, as established by PRMIA (Professional Risk
r y!
Managers'
to
ic
International Association), emphasize the Three Lines of Defense (3LoD) Model,
V
on
which is widely used
ti
ca
in risk management and governance frameworks.
fi
ti
Business Line Ownership of Risk (First Line of Defense)
er
C
The business units are responsible for identifying, assessing, managing, and
IA
M
monitoring risks within their operations.
R
P
Since they generate the risks through their activities, they must own the risk
to
assessment process. This aligns with PRMIA Governance Principles, which state that
n
io
ut
risk management should be embedded within business operations to ensure
ol
S
proactive risk identification and control. Risk Management’s Role (Second Line of
r
ou
Defense)
Y
–
The risk management function is not directly responsible for conducting risk
)
02
assessments but plays a key role in designing and maintaining the risk assessment
8.
(V
framework.
ps
This includes setting standards, methodologies, and tools for assessing risks across
um
D
business functions.
20
Risk management provides supervision and oversight, ensuring that risk assessments
80
align with organizational policies and regulatory expectations.
t
es
B
Oversight from Senior Management & the Board (Third Line of Defense)
Internal audit (third line of defense) independently reviews and provides assurance
that the risk
management framework is effective and that risk assessments are conducted
properly.
PRMIA’s Risk Governance Standards emphasize that internal audit should evaluate
the effectiveness of the risk assessment framework without being involved in its direct
execution.
Why Other Answers Are Incorrect
PRMIA Reference for Verification
PRMIA Standards for Risk Governance C Establishes the Three Lines of Defense
, and the separation of responsibilities.
PRMIA Risk Management Framework (RMF) Guidelines C Defines the roles of
business and risk management in risk assessment.
PRMIA Enterprise Risk Management Best Practices C Outlines how risk management
facilitates risk assessments while the business retains ownership.
This answer is verified according to PRMIA’s official risk governance documents and
best practices. Would you like additional clarification or supporting documentation
references?
2.When a control is found to be ineffective, which of the following steps should be
take next?
A. Risks should be re-assessed to determine if there is the appropriate level of control
r y!
assessment.
to
ic
B. An action plan should be designed to close the gap.
V
on
C. The controls should be re-assessed during the next cycle to determine if they are
ti
ca
still ineffective.
fi
ti
D. Risks should be re-assessed to determine if there can be an exception for the level
er
C
of control assessment. IA
M
Answer: B
R
P
Explanation:
to
When a control is found to be ineffective, the primary objective is to remediate the
n
io
ut
deficiency by implementing corrective measures. PRMIA (Professional Risk
ol
S
Managers' International Association) guidance, aligned with best practices in risk
r
ou
governance, emphasizes a structured approach to handling control deficiencies.
Y
–
Below is a detailed breakdown based on PRMIA risk management principles:
)
02
Step 1: Identify and Assess the Ineffective Control
8.
(V
A control is deemed ineffective when it fails to mitigate the identified risks to an
ps
acceptable level. The root cause of the failure must be determined through a Control
um
D
Effectiveness Review (CER). PRMIA recommends control testing and incident
20
analysis to assess the severity of the control failure. Step 2: Develop an Action Plan
80
to Address the Control Deficiency
t
es
B
PRMIA best practices state that risk management should prioritize corrective actions
rather than delaying remediation.
The organization must define an action plan to close the gap, which includes:
Revising or strengthening the control mechanisms.
Implementing new controls, if necessary.
Assigning responsibility for remediation to control owners.
Setting deadlines for resolution.
This step aligns with PRMIA’s Risk Governance Framework, which emphasizes
proactive risk management.
Step 3: Implement Corrective Measures and Monitor Progress
Once an action plan is designed, the organization should execute the corrective
BASE
EXAM DUMPS
PRMIA
8020
28% OFF Automatically For You
ORM Certificate - 2023 Update
,1.What are the roles of business versus risk management in developing and
implementing risk assessments?
A. Risk management, in its role as second line of defense, performs the risk
assessment process from beginning to end. There is no business line involvement.
B. The business owns the risk assessment process, while risk management develops
the framework, helps facilitate the process, and provides supervision and oversight.
C. Business owns the risk assessment process so risk management does not play a
role in the process.
D. Business management's role in the risk assessment process should be confined to
oversight.
Answer: B
Explanation:
The Principles for Risk Governance, as established by PRMIA (Professional Risk
r y!
Managers'
to
ic
International Association), emphasize the Three Lines of Defense (3LoD) Model,
V
on
which is widely used
ti
ca
in risk management and governance frameworks.
fi
ti
Business Line Ownership of Risk (First Line of Defense)
er
C
The business units are responsible for identifying, assessing, managing, and
IA
M
monitoring risks within their operations.
R
P
Since they generate the risks through their activities, they must own the risk
to
assessment process. This aligns with PRMIA Governance Principles, which state that
n
io
ut
risk management should be embedded within business operations to ensure
ol
S
proactive risk identification and control. Risk Management’s Role (Second Line of
r
ou
Defense)
Y
–
The risk management function is not directly responsible for conducting risk
)
02
assessments but plays a key role in designing and maintaining the risk assessment
8.
(V
framework.
ps
This includes setting standards, methodologies, and tools for assessing risks across
um
D
business functions.
20
Risk management provides supervision and oversight, ensuring that risk assessments
80
align with organizational policies and regulatory expectations.
t
es
B
Oversight from Senior Management & the Board (Third Line of Defense)
Internal audit (third line of defense) independently reviews and provides assurance
that the risk
management framework is effective and that risk assessments are conducted
properly.
PRMIA’s Risk Governance Standards emphasize that internal audit should evaluate
the effectiveness of the risk assessment framework without being involved in its direct
execution.
Why Other Answers Are Incorrect
PRMIA Reference for Verification
PRMIA Standards for Risk Governance C Establishes the Three Lines of Defense
, and the separation of responsibilities.
PRMIA Risk Management Framework (RMF) Guidelines C Defines the roles of
business and risk management in risk assessment.
PRMIA Enterprise Risk Management Best Practices C Outlines how risk management
facilitates risk assessments while the business retains ownership.
This answer is verified according to PRMIA’s official risk governance documents and
best practices. Would you like additional clarification or supporting documentation
references?
2.When a control is found to be ineffective, which of the following steps should be
take next?
A. Risks should be re-assessed to determine if there is the appropriate level of control
r y!
assessment.
to
ic
B. An action plan should be designed to close the gap.
V
on
C. The controls should be re-assessed during the next cycle to determine if they are
ti
ca
still ineffective.
fi
ti
D. Risks should be re-assessed to determine if there can be an exception for the level
er
C
of control assessment. IA
M
Answer: B
R
P
Explanation:
to
When a control is found to be ineffective, the primary objective is to remediate the
n
io
ut
deficiency by implementing corrective measures. PRMIA (Professional Risk
ol
S
Managers' International Association) guidance, aligned with best practices in risk
r
ou
governance, emphasizes a structured approach to handling control deficiencies.
Y
–
Below is a detailed breakdown based on PRMIA risk management principles:
)
02
Step 1: Identify and Assess the Ineffective Control
8.
(V
A control is deemed ineffective when it fails to mitigate the identified risks to an
ps
acceptable level. The root cause of the failure must be determined through a Control
um
D
Effectiveness Review (CER). PRMIA recommends control testing and incident
20
analysis to assess the severity of the control failure. Step 2: Develop an Action Plan
80
to Address the Control Deficiency
t
es
B
PRMIA best practices state that risk management should prioritize corrective actions
rather than delaying remediation.
The organization must define an action plan to close the gap, which includes:
Revising or strengthening the control mechanisms.
Implementing new controls, if necessary.
Assigning responsibility for remediation to control owners.
Setting deadlines for resolution.
This step aligns with PRMIA’s Risk Governance Framework, which emphasizes
proactive risk management.
Step 3: Implement Corrective Measures and Monitor Progress
Once an action plan is designed, the organization should execute the corrective
