CRMA - Certification in Risk Management Assurance Communicating Risk Information Questions and Answers

Question 1

A CRMA is reviewing the quarterly risk report submitted to the board of directors.
The report is an exhaustive 50-page document listing every identified operational risk.
The board has commented that the report is not useful for strategic oversight.
What is the most critical improvement the CRMA should recommend?

Accepted Answer

Focus the report on the top enterprise-level risks, linking them to strategic objectives and risk appetite.

Answer

Include more granular detail and calculations for each listed risk.

Answer

Change the report's distribution schedule from quarterly to monthly to provide more current data.

Answer

Incorporate a glossary of technical risk management terms at the beginning of the report.

Question 2

When communicating risk information to different stakeholder groups, such as the board of directors, operational managers, and IT specialists, what is the best practice?

Accepted Answer

Tailor the content, format, and level of detail to the specific responsibilities and information needs of each group.

Answer

Provide the exact same report to all groups to ensure consistency and transparency.

Answer

Restrict detailed risk information to senior executives and the board only.

Answer

Communicate only through a single, standardized channel, like a company-wide risk dashboard.

Question 3

A risk heat map is a common tool for communicating risk information. Its primary purpose is to:

Accepted Answer

Provide a quick, visual representation of risks to aid in prioritization based on likelihood and impact.

Answer

Document the detailed mitigation plans and control effectiveness for each risk.

Answer

Calculate the exact financial impact of risks in a specific currency.

Answer

Satisfy regulatory requirements for risk documentation without further analysis.

Question 4

In a risk report, management highlights a potential supply chain disruption. In addition to likelihood and impact, they include a metric indicating that the negative effects of the disruption would be felt within 48 hours of the triggering event. This additional metric is best described as:

Accepted Answer

Risk velocity

Answer

Risk tolerance

Answer

Inherent risk

Answer

Control effectiveness

Question 5

Which of the following is the MOST important characteristic of effective risk communication to senior management and the board?

Accepted Answer

It is forward-looking and clearly connects risk information to the organization's strategic objectives.

Answer

It uses complex, technical jargon to demonstrate the risk function's expertise.

Answer

It is exhaustive, ensuring every single identified risk is presented to demonstrate completeness.

Answer

It focuses primarily on historical data and risks that have already materialized.

Question 6

A CRMA is assessing the organization's process for communicating emerging risks. Which of the following represents the MOST effective practice?

Accepted Answer

Having a defined process for timely escalation of potential emerging risks to relevant decision-makers as they are identified.

Answer

Discussing emerging risks once a year during the annual strategic planning session.

Answer

Requiring each business unit to submit a list of potential future risks on a quarterly basis.

Answer

Subscribing to and circulating several industry publications that discuss general future trends.