RSK4801 EXAM PACK STUDY GUIDE 2025/2026
ACCURATE QUESTIONS BANK AND CORRECT
ANSWERS WITH RATIONALES || 100% GUARANTEED
PASS <UPDATED VERSION>
Strategic Risk Management Foundations
1. Question: What is the primary objective of Strategic Risk Management (SRM) as
defined in the King IV Report?
Answer: To assist the governing body in making informed decisions that support the
achievement of core business objectives.
2. Question: Which principle of King IV emphasizes that the governing body should ensure
that risks and opportunities are assessed on an ongoing basis?
Answer: Principle 11: The governing body should govern risk in a way that supports
the organization in setting and achieving its strategic objectives.
3. Question: What are the three key components of the COSO ERM framework's definition
of Enterprise Risk Management?
Answer: Culture, Capabilities, and Practices.
,4. Question: In the context of SRM, what does "risk appetite" refer to?
Answer: The types and amount of risk, on a broad level, an organization is willing to
accept in pursuit of its strategic objectives.
5. Question: How does "risk capacity" differ from "risk appetite"?
Answer: Risk capacity is the maximum amount of risk an organization can absorb
before it faces financial distress, while risk appetite is the amount of risk it is willing to
take.
6. Question: What is the role of the Board of Directors in Strategic Risk Management?
Answer: To provide risk governance oversight and approve the risk appetite and
tolerance statements.
7. Question: Name the five components of the COSO ERM Cube.
Answer: Governance and Culture, Strategy and Objective-Setting, Performance,
Review and Revision, and Information, Communication, and Reporting.
8. Question: What is the purpose of a "risk universe" in the risk management process?
Answer: To provide a comprehensive list of all potential risks that could impact the
organization.
9. Question: According to ISO 31000, what is the first step in the risk management
process?
Answer: Establishing the context.
, 10. Question: What is the difference between inherent risk and residual risk?
Answer: Inherent risk is the risk level without any controls, while residual risk is the
risk that remains after controls are applied.
Risk Identification and Assessment
11. Question: What is a commonly used technique for identifying strategic risks through
structured discussion?
Answer: SWOT Analysis (Strengths, Weaknesses, Opportunities, Threats).
12. Question: In a risk matrix, what two dimensions are used to evaluate and prioritize risks?
Answer: Likelihood and Impact.
13. Question: What does a "risk heat map" visually represent?
Answer: The prioritization of risks based on their likelihood and impact scores.
14. Question: What is the purpose of performing a "PESTLE" analysis?
Answer: To identify and assess external macro-environmental factors that could pose
strategic risks or opportunities.
15. Question: What type of risk assessment technique involves creating detailed scenarios of
possible future events?
Answer: Scenario Analysis.
16. Question: What is the key output of the risk identification process?
Answer: A documented risk register.
ACCURATE QUESTIONS BANK AND CORRECT
ANSWERS WITH RATIONALES || 100% GUARANTEED
PASS <UPDATED VERSION>
Strategic Risk Management Foundations
1. Question: What is the primary objective of Strategic Risk Management (SRM) as
defined in the King IV Report?
Answer: To assist the governing body in making informed decisions that support the
achievement of core business objectives.
2. Question: Which principle of King IV emphasizes that the governing body should ensure
that risks and opportunities are assessed on an ongoing basis?
Answer: Principle 11: The governing body should govern risk in a way that supports
the organization in setting and achieving its strategic objectives.
3. Question: What are the three key components of the COSO ERM framework's definition
of Enterprise Risk Management?
Answer: Culture, Capabilities, and Practices.
,4. Question: In the context of SRM, what does "risk appetite" refer to?
Answer: The types and amount of risk, on a broad level, an organization is willing to
accept in pursuit of its strategic objectives.
5. Question: How does "risk capacity" differ from "risk appetite"?
Answer: Risk capacity is the maximum amount of risk an organization can absorb
before it faces financial distress, while risk appetite is the amount of risk it is willing to
take.
6. Question: What is the role of the Board of Directors in Strategic Risk Management?
Answer: To provide risk governance oversight and approve the risk appetite and
tolerance statements.
7. Question: Name the five components of the COSO ERM Cube.
Answer: Governance and Culture, Strategy and Objective-Setting, Performance,
Review and Revision, and Information, Communication, and Reporting.
8. Question: What is the purpose of a "risk universe" in the risk management process?
Answer: To provide a comprehensive list of all potential risks that could impact the
organization.
9. Question: According to ISO 31000, what is the first step in the risk management
process?
Answer: Establishing the context.
, 10. Question: What is the difference between inherent risk and residual risk?
Answer: Inherent risk is the risk level without any controls, while residual risk is the
risk that remains after controls are applied.
Risk Identification and Assessment
11. Question: What is a commonly used technique for identifying strategic risks through
structured discussion?
Answer: SWOT Analysis (Strengths, Weaknesses, Opportunities, Threats).
12. Question: In a risk matrix, what two dimensions are used to evaluate and prioritize risks?
Answer: Likelihood and Impact.
13. Question: What does a "risk heat map" visually represent?
Answer: The prioritization of risks based on their likelihood and impact scores.
14. Question: What is the purpose of performing a "PESTLE" analysis?
Answer: To identify and assess external macro-environmental factors that could pose
strategic risks or opportunities.
15. Question: What type of risk assessment technique involves creating detailed scenarios of
possible future events?
Answer: Scenario Analysis.
16. Question: What is the key output of the risk identification process?
Answer: A documented risk register.
