RIMS CRMP EXAM SCRIPT 2026 FULL
QUESTIONS WITH VERIFIED ANSWERS
◉ What methods can be used to find and recognize risks? Answer: 1.
Brainstorming
2. Checklists
3. Interview and self-assessment
4. Facilitated workshops
5. Risk questionnaires and surveys
6. Scenario analysis
7. Value chain analysis
8. System design review
9. Process analysis
10. Benchmarking
◉ What are the two steps of identifying risks and opportunities.
Answer: 1. Finding and recognizing risks
2. Recording risks and opportunities using a risk register
◉ What categories are considered when analyzing risks. Answer: 1.
Likelihood
2. Consequences
,3. Timing
4. Duration
5. Vulnerability
6. Interdependencies
◉ Qualitative RM analysis methods. Answer: - SWOT (Strengths,
Weaknesses, Opportunities, Threats
- PESTLE (Political, Economic, Sociological, Technical, Legal,
Environmental)
- Risk matrix
- Decision tree
- Bowtie
- Delphi
- Scenario
- Influence
- Threat modeling
- Vulnerability assessment
- Root cause
- HAZOP (Hazard and operability)
◉ Quantitative RM analysis methods. Answer: - Monte Carlo
- Sensitivity analysis
, - Probability
◉ What are the five steps of evaluating risk. Answer: 1. Combine
results from analysis with measures of risk appetite and tolerance
levels
2. Establish definitions of what is significant to the org
3. Create thresholds to determine if risk appetite and tolerance have
been exceeded or not yet met
4. Interpret results of risk analysis interdependencies among and
between risks
5. Compile an enterprise risk profile
◉ What is an enterprise risk profile. Answer: A document or
framework that IDs and analyzes the various risks an org faces
across all its activities and operations
◉ What are the components of an enterprise risk profile. Answer: 1.
Risk ID
2. Risk assessment
3. Risk response
4. Control activities
5. Monitoring and reporting
QUESTIONS WITH VERIFIED ANSWERS
◉ What methods can be used to find and recognize risks? Answer: 1.
Brainstorming
2. Checklists
3. Interview and self-assessment
4. Facilitated workshops
5. Risk questionnaires and surveys
6. Scenario analysis
7. Value chain analysis
8. System design review
9. Process analysis
10. Benchmarking
◉ What are the two steps of identifying risks and opportunities.
Answer: 1. Finding and recognizing risks
2. Recording risks and opportunities using a risk register
◉ What categories are considered when analyzing risks. Answer: 1.
Likelihood
2. Consequences
,3. Timing
4. Duration
5. Vulnerability
6. Interdependencies
◉ Qualitative RM analysis methods. Answer: - SWOT (Strengths,
Weaknesses, Opportunities, Threats
- PESTLE (Political, Economic, Sociological, Technical, Legal,
Environmental)
- Risk matrix
- Decision tree
- Bowtie
- Delphi
- Scenario
- Influence
- Threat modeling
- Vulnerability assessment
- Root cause
- HAZOP (Hazard and operability)
◉ Quantitative RM analysis methods. Answer: - Monte Carlo
- Sensitivity analysis
, - Probability
◉ What are the five steps of evaluating risk. Answer: 1. Combine
results from analysis with measures of risk appetite and tolerance
levels
2. Establish definitions of what is significant to the org
3. Create thresholds to determine if risk appetite and tolerance have
been exceeded or not yet met
4. Interpret results of risk analysis interdependencies among and
between risks
5. Compile an enterprise risk profile
◉ What is an enterprise risk profile. Answer: A document or
framework that IDs and analyzes the various risks an org faces
across all its activities and operations
◉ What are the components of an enterprise risk profile. Answer: 1.
Risk ID
2. Risk assessment
3. Risk response
4. Control activities
5. Monitoring and reporting
