Pass the GAQM: ISO ISO-31000-CLA Questions and answers with ExamsMirror

A train crash and its consequences is an example of risk aggregation, which is the combined effect of multiple risks on an organisation’s objectives3. Risk aggregation can result in losses that are greater than the sum of individual losses.

According to ISO31000 (2018), clause 1., it is “not intended for certification purposes”. It provides guidance on how organizations can manage their risks effectively using a systematic approach based on principles, framework and process 3.

According to 1, page 9, pure risk is “a situation where there are only two possible outcomes: loss or no loss”. Buying lottery tickets and selling a house are examples of speculative risk, where there is a possibility of gain or loss. Going horse riding without a helmet is an example of pure risk, where there is only a possibility of loss (injury) or no loss.

Within an organisation, when attempting to manage and control risk, uncertainty must be taken into account4. Uncertainty refers to “the state, even partial, of deficiency of information related to understanding or knowledge of an event” 4 and it influences both risks and opportunities.

Risk management is core to governance and compliance4. Risk management helps to ensure that organizational objectives are achieved in a lawful, ethical, and transparent manner.

A large manufacturing organisation has renewed an insurance policy and has accepted a significant increase in the policy deductible. This is most likely to indicate increased risk retention, which means accepting more responsibility for potential losses5. This could be done to reduce insurance premiums or increase control over claims.

Integrated and customized are two of the nine risk management principles in ISO 31000:20181. Integrated means that risk management is an integral part of all organizational activities. Customized means that risk management is aligned with the organization’s external and internal context and risk profile.

Control is not a set of systematic, deliberate, and actionable steps to manage risk, but rather a measure or action that modifies risk1. Process is a set of systematic, deliberate, and actionable steps to manage risk2. Process involves establishing context, identifying risks, analyzing risks, evaluating risks, and treating risks.

According to , page 9, defining the context involves “understanding what influences people’s perception and tolerance of risks”. Discussing how girls are viewed by community members can help identify potential sources of resistance, conflict or violence that may affect the project’s objectives and outcomes.

Risk management ensures that value is created by identifying opportunities for investment, mergers, or acquisition. Risk management helps to assess the potential benefits, costs, and risks of different options and make informed decisions.