Pass the GAQM GAQM: ISO ISO-31000-CLA Questions and answers with CertsForce

The day-to-day responsibility of a Chief Risk Officer within a large organisation is to ensure that all key risks are adequately managed and reported4. This involves overseeing the implementation of risk management policies, processes and systems across the organisation.

Risk management processes, outcomes, and activities should be traceable5. This means that there should be a clear record of how risks were identified, analyzed, evaluated, treated, monitored, reviewed, and communicated.

Risk management is core to governance and compliance4. Risk management helps to ensure that organizational objectives are achieved in a lawful, ethical, and transparent manner.

Recording and reporting documents information that are relevant to the organization’s riskmanagement framework, process, and system2. These activities help to provide evidence, feedback, learning, and improvement for risk management.

 ISO uses the concept of uncertainty as the driver and rationale for risk management. Uncertainty refers to the state of having incomplete knowledge or understanding about something that can affect an organization’s objectives.

KPIs (Key Performance Indicators) and KRIs (Key Risk Indicators) are measured extensively throughout the organization and into the supply chain1. These indicators help to monitor and evaluate the performance and effectiveness of risk management.

Risk management takes human and cultural factors into account1. Human factors include perception, judgment, behavior, and communication that influence risk management. Cultural factors include values, beliefs, norms, and expectations that shape the organization’s risk culture.

 According to ISO31000 (2018), clause 4., one of the principles of effective risk management is “taking human and cultural factors into account”. This means that risk management should consider how people’s behaviors, perceptions, values and attitudes influence or are influenced by risk .

According to 1, page 11, core processes are “the activities that an organization performs in order to deliver its products or services”. They are essential for achieving the organization’s objectives and creating value for its stakeholders. Therefore, core processes should be considered when linking risk to an organization.

According to 3, page 6, one of the current trends in auditing, risk management and compliance is “moving from a back-office function providing lagging indicators about risk (e.g., audit findings) to a front-office function providing leading indicators about risk (e.g., key risk indicators)”.