Full Professional Multiple-Choice Examination
Question 1
Which of the following best describes Enterprise Risk Management (ERM)?
A. A process limited to financial reporting controls only B. A decentralized method for avoiding all
business risks C. A framework for identifying, assessing, managing, and monitoring risks across the
organization D. A system used only for insurance and compliance purposes
Answer: C. A framework for identifying, assessing, managing, and monitoring risks across the
organization
Rationale: Enterprise Risk Management is a comprehensive and structured approach used by
organizations to identify, evaluate, respond to, and monitor risks that may affect the achievement of
strategic objectives. ERM integrates risk management across all departments and functions, unlike
traditional silo-based risk management. It addresses strategic, operational, financial, compliance, and
reputational risks while aligning risk appetite with organizational objectives.
Question 2
What is the primary objective of risk appetite?
A. To eliminate uncertainty from business operations B. To define the amount and type of risk an
organization is willing to accept C. To increase shareholder litigation exposure D. To avoid all
operational activities involving uncertainty
Answer: B. To define the amount and type of risk an organization is willing to accept
Rationale: Risk appetite establishes the level and categories of risk an organization is prepared to
accept in pursuit of its strategic goals. It serves as a guide for management decision-making and
resource allocation. Effective risk appetite statements help organizations balance growth
opportunities with prudent risk-taking while maintaining financial stability and stakeholder
confidence.
Question 3
Which framework is most commonly associated with Enterprise Risk Management?
A. COSO ERM Framework B. ISO 27001 Framework C. Six Sigma Framework D. Balanced Scorecard
Framework
Answer: A. COSO ERM Framework
Rationale: The COSO ERM Framework is one of the most widely recognized and adopted frameworks for
Enterprise Risk Management. Developed by the Committee of Sponsoring Organizations of the
1
,Treadway Commission, it emphasizes governance, strategy, performance, review, and information
management in relation to risk. It provides organizations with guidance for integrating risk
management into strategic planning and business operations.
Question 4
Which of the following is considered a strategic risk?
A. Failure of IT backup systems B. Employee payroll errors C. Entry of a strong competitor into the
market D. Delay in vendor payments
Answer: C. Entry of a strong competitor into the market
Rationale: Strategic risks arise from factors that affect an organization’s ability to achieve long-term
objectives and maintain competitive advantage. The entry of a strong competitor can impact market
share, pricing strategies, customer retention, and profitability. Strategic risks often originate from
external market conditions, industry trends, and business decisions.
Question 5
What is the purpose of a risk register?
A. To track employee attendance B. To maintain a centralized record of identified risks and related
controls C. To calculate tax liabilities D. To eliminate operational procedures
Answer: B. To maintain a centralized record of identified risks and related controls
Rationale: A risk register is an essential ERM tool used to document identified risks, their likelihood,
impact, mitigation strategies, ownership, and monitoring status. It helps organizations maintain
visibility over their risk landscape and supports informed decision-making, accountability, and ongoing
risk monitoring.
Question 6
Which risk response strategy involves discontinuing an activity that creates risk?
A. Risk acceptance B. Risk sharing C. Risk avoidance D. Risk monitoring
Answer: C. Risk avoidance
Rationale: Risk avoidance occurs when an organization chooses not to engage in activities that expose
it to unacceptable levels of risk. This strategy is appropriate when the potential losses outweigh
expected benefits or when the organization lacks the capability to manage the risk effectively.
Question 7
Which of the following is an example of operational risk?
A. Interest rate fluctuations B. Changes in government regulations C. Supply chain disruption caused by
system failure D. Foreign exchange volatility
2
, Answer: C. Supply chain disruption caused by system failure
Rationale: Operational risk refers to the risk of loss resulting from inadequate or failed internal
processes, systems, people, or external events. A supply chain disruption caused by a system failure
directly affects operational continuity and efficiency, making it a classic example of operational risk.
Question 8
What role does the board of directors play in ERM?
A. Executing daily operational controls B. Setting risk governance and overseeing risk management
activities C. Processing financial transactions D. Managing customer complaints
Answer: B. Setting risk governance and overseeing risk management activities
Rationale: The board of directors is responsible for establishing risk governance structures, defining
risk appetite, approving risk policies, and overseeing management’s implementation of ERM. The
board ensures that risks are appropriately identified, managed, and aligned with organizational
strategy and stakeholder expectations.
Question 9
Which of the following best defines residual risk?
A. Risk before controls are applied B. Risk transferred to a third party C. Risk remaining after controls
and mitigation measures are implemented D. Risk excluded from financial statements
Answer: C. Risk remaining after controls and mitigation measures are implemented
Rationale: Residual risk represents the level of risk that remains after management has implemented
controls or mitigation measures. Organizations must evaluate whether residual risk falls within
acceptable risk appetite levels and determine whether additional treatment actions are required.
Question 10
What is the primary benefit of integrating ERM into strategic planning?
A. It guarantees profitability B. It removes all market uncertainty C. It improves decision-making and
organizational resilience D. It eliminates competition
Answer: C. It improves decision-making and organizational resilience
Rationale: Integrating ERM into strategic planning enables organizations to identify opportunities and
threats proactively. It supports better resource allocation, informed strategic decisions, and stronger
resilience against disruptions. Effective ERM integration also enhances stakeholder confidence and
long-term sustainability.
Question 11
Which of the following is a key component of risk assessment?
3