Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
SAP
ServiceNow
All Vendors
  1. Home
  2. GAQM
  3. ISO-31000-CLA

GAQM ISO-31000-CLA Exam (page: 2)
GAQM ISO 31000 - Certified Lead Risk Manager
Updated on: 31-Mar-2026

Viewing Page 2 of 14
ISO-31000-CLA PDF 100 Questions

New definition of risk under ISO 31000 and 31010 is:

  1. Danger that injury, damage, or loss will occur
  2. Possibility of investment loss
  3. Probability of loss to an insurer
  4. Probability of an event that will have an impact on objectives

Answer(s): D

Explanation:

According to ISO/IEC Guide73 (2009), clause 1., risk is defined as "the effect of uncertainty on objectives". This definition applies to both ISO/IEC Guide73 (2009) and ISO31000 (2018), which are standards for risk management terminology and principles respectively.



Causes of risk include all the following except:

  1. Health, safety and environment
  2. Finance
  3. Insurance
  4. Chemical breakdown

Answer(s): C

Explanation:

According to ISO/IEC Guide73 (2009), clause B., causes are "elements which alone or in combination have potential to give rise to risk". Health, safety, environment, finance and chemical breakdown are examples of causes that can create risks for an organization or an individual 1. Insurance is not a cause but a method of transferring or mitigating some types of risks 1.



Risk management as defined by OCEG GRC model is:

  1. Capability to set and evaluate performance against objectives
  2. Capability to proactively identify, assess and address uncertainty and potential obstacles to achieving objectives
  3. Capability to proactively encourage and ensure compliance with established policies and boundaries

Answer(s): B

Explanation:

According to 1, OCEG GRC model is "a framework for integrating governance, risk management,

compliance and ethics/culture into a single capability". It defines risk management as "the capability that enables an organization to understand how uncertainty affects its ability to achieve objectives" 2.



Which of the following is the current trend in auditing, risk management and compliance?

  1. Providing assurance over threats
  2. Performing discrete audits in compliance with internal control
  3. Front office function providing leading indicators about risk

Answer(s): C

Explanation:

According to 3, page 6, one of the current trends in auditing, risk management and compliance is "moving from a back-office function providing lagging indicators about risk (e.g., audit findings) to a front-office function providing leading indicators about risk (e.g., key risk indicators)".



Which risk is sometimes called `retained risk.'?

  1. Residual risk
  2. Conceptualize risk
  3. Analytical risk
  4. Procedural risk

Answer(s): A

Explanation:

According to ISO/IEC Guide73 (2009), clause B., residual risk is "the level of remaining after controls have been applied". It is sometimes called `retained risk' because it represents the amount of risk that an organization decides to accept or retain after implementing its mitigation strategies 3.



Which of the following statements does not apply to ISO 31000?

  1. It is the first standard issued by ISO for risk management
  2. It can be used by any organization regardless of its size, activity or sector
  3. It can be used for certification purposes

Answer(s): C

Explanation:

According to ISO31000 (2018), clause 1., it is "not intended for certification purposes". It provides guidance on how organizations can manage their risks effectively using a systematic approach based on principles, framework and process 3.



Who is expected to take a more focused oversight role with respect to risk management control and governance process?

  1. Internal auditors
  2. External auditors
  3. Audit committee
  4. None of the above

Answer(s): A

Explanation:

According to 3, page 7, one of the current trends in auditing, risk management and compliance is "increasing expectations for internal auditors to take a more focused oversight role with respect to enterprise-wide governance processes". Internal auditors can provide independent assurance on how well an organization manages its risks using various tools such as audits, reviews, assessments and evaluations.



Where does an internal auditor typically spend most of his time auditing today?

  1. People
  2. Process
  3. Technology
  4. Infrastructure

Answer(s): B

Explanation:

According to , page 9, one of the current trends in auditing, risk management and compliance is "shifting from auditing people to auditing processes". This means that internal auditors focus more on how well an organization's processes are designed and implemented to achieve its objectives and manage its risks.



Viewing Page 2 of 14



Share your comments for GAQM ISO-31000-CLA exam with other users:

Timi 8/19/2023 5:30:00 PM

my first attempt
UNITED KINGDOM


Blessious Phiri 8/13/2023 10:32:00 AM

very explainable
Anonymous


m7md ibrahim 5/26/2023 6:21:00 PM

i think answer of q 462 is variance analysis
Anonymous


Tehu 5/25/2023 12:25:00 PM

hi i need see questions
Anonymous


Ashfaq Nasir 1/17/2024 1:19:00 AM

best study material for exam
Anonymous


Roberto 11/27/2023 12:33:00 AM

very interesting repository
ITALY


Nale 9/18/2023 1:51:00 PM

american history 1
Anonymous


Tanvi 9/27/2023 4:02:00 AM

good level of questions
Anonymous


Boopathy 8/17/2023 1:03:00 AM

i need this dump kindly upload it
Anonymous


s_123 8/12/2023 4:28:00 PM

do we need c# coding to be az204 certified
Anonymous


Blessious Phiri 8/15/2023 3:38:00 PM

excellent topics covered
Anonymous


Manasa 12/5/2023 3:15:00 AM

are these really financial cloud questions and answers, seems these are basic admin question and answers
Anonymous


Not Robot 5/14/2023 5:33:00 PM

are these comments real
Anonymous


kriah 9/4/2023 10:44:00 PM

please upload the latest dumps
UNITED STATES


ed 12/17/2023 1:41:00 PM

a company runs its workloads on premises. the company wants to forecast the cost of running a large application on aws. which aws service or tool can the company use to obtain this information? pricing calculator ... the aws pricing calculator is primarily used for estimating future costs
UNITED STATES


Muru 12/29/2023 10:23:00 AM

looks interesting
Anonymous


Tech Lady 10/17/2023 12:36:00 PM

thanks! that’s amazing
Anonymous


Mike 8/20/2023 5:12:00 PM

the exam dumps are helping me get a solid foundation on the practical techniques and practices needed to be successful in the auditing world.
UNITED STATES


Nobody 9/18/2023 6:35:00 PM

q 14 should be dmz sever1 and notepad.exe why does note pad have a 443 connection
Anonymous


Muhammad Rawish Siddiqui 12/4/2023 12:17:00 PM

question # 108, correct answers are business growth and risk reduction.
SAUDI ARABIA


Emmah 7/29/2023 9:59:00 AM

are these valid chfi questions
KENYA


Mort 10/19/2023 7:09:00 PM

question: 162 should be dlp (b)
EUROPEAN UNION


Eknath 10/4/2023 1:21:00 AM

good exam questions
INDIA


Nizam 6/16/2023 7:29:00 AM

I have to say this is really close to real exam. Passed my exam with this.
EUROPEAN UNION


poran 11/20/2023 4:43:00 AM

good analytics question
Anonymous


Antony 11/23/2023 11:36:00 AM

this looks accurate
INDIA


Ethan 8/23/2023 12:52:00 AM

question 46, the answer should be data "virtualization" (not visualization).
Anonymous


nSiva 9/22/2023 5:58:00 AM

its useful.
UNITED STATES


Ranveer 7/26/2023 7:26:00 PM

Pass this exam 3 days ago. The PDF version and the Xengine App is quite useful.
SOUTH AFRICA


Sanjay 8/15/2023 10:22:00 AM

informative for me.
UNITED STATES


Tom 12/12/2023 8:53:00 PM

question 134s answer shoule be "dlp"
JAPAN


Alex 11/7/2023 11:02:00 AM

in 72 the answer must be [sys_user_has_role] table.
Anonymous


Finn 5/4/2023 10:21:00 PM

i appreciated the mix of multiple-choice and short answer questions. i passed my exam this morning.
IRLAND


AJ 7/13/2023 8:33:00 AM

great to find this website, thanks
UNITED ARAB EMIRATES