CRA - Certified Risk Architect Regulatory and Compliance Standards Questions and Answers

Question 1

A Certified Risk Architect (CRA) is tasked with designing a new enterprise risk management (ERM) framework for a multinational corporation.
Which of the following international standards provides a principle-based approach and general guidelines for risk management, rather than a prescriptive, certifiable management system?

Accepted Answer

ISO 31000

Answer

ISO 9001

Answer

Sarbanes-Oxley Act (SOX)

Answer

COBIT Framework

Question 2

A financial services firm is concerned about its exposure to operational, compliance, and strategic risks. The board wants to ensure that risk management is integrated with strategic planning and performance. Which framework is best suited for linking risk management directly with the organization's strategic objectives and performance?

Accepted Answer

COSO ERM Framework

Answer

ISO 31000

Answer

NIST Risk Management Framework (RMF)

Answer

ITIL

Question 3

As a Risk Architect for a healthcare technology company, you are assessing compliance risks associated with a new cloud-based platform that will store patient data. Which of the following regulatory standards would be of PRIMARY concern for this project in the United States?

Accepted Answer

Health Insurance Portability and Accountability Act (HIPAA)

Answer

General Data Protection Regulation (GDPR)

Answer

Sarbanes-Oxley Act (SOX)

Answer

Payment Card Industry Data Security Standard (PCI DSS)

Question 4

A manufacturing company is implementing its risk management process. According to the ISO 31000 standard, which of the following activities is a core part of the risk management 'process,' as distinct from the 'framework'?

Accepted Answer

Risk Identification, Risk Analysis, and Risk Evaluation.

Answer

Gaining a mandate and commitment from the board.

Answer

Designing the organizational policy for managing risk.

Answer

Continually improving the overall management system.

Question 5

During a risk architecture review for a global bank, it was found that while compliance and operational risks were well-documented in silos, there was no integrated view of how these risks could impact the achievement of strategic objectives. This is a failure to properly implement the principles of:

Accepted Answer

Enterprise Risk Management (ERM)

Answer

Segregation of Duties

Answer

Business Continuity Planning (BCP)

Answer

Quality Management

Question 6

A Certified Risk Architect is advising a company on its compliance management system. To ensure the system is effective, it must be integrated into which broader organizational framework?

Accepted Answer

The Enterprise Risk Management (ERM) framework.

Answer

The marketing and sales strategy.

Answer

The human resources information system.

Answer

The IT service management (ITSM) system.