Question 20 - GAQM ISO-31000-CLA Real Exam Questions [Feb 2026 Update]

Q: 20

Within an organisation, when attempting to manage and control risk, the organisation should be aware that

Options

Correct Answer:

Explanation

According to ISO 31000:2018, risk is defined as the "effect of uncertainty on objectives." This definition is central to the entire standard. Therefore, when managing and controlling risk, an organization must fundamentally address and take into account the various uncertainties it faces. The process of risk management is designed to identify, analyze, and evaluate these uncertainties to understand their potential impact on the organization's goals. Ignoring uncertainty would mean ignoring the very nature of risk itself, rendering any management effort ineffective.

Why Incorrect

A. Risk perception is a critical component of the "Human and cultural factors" principle in ISO 31000, which significantly influences how risk is identified and managed.

B. Effective risk management requires establishing both the internal and external context, making a focus on internal controls alone insufficient and incomplete.

D. This statement is the direct opposite of the ISO 31000 definition of risk, which is fundamentally centered on the concept of uncertainty.

References

1. ISO 31000:2018, Risk management — Guidelines, Clause 3.1, "Terms and definitions". This clause explicitly defines risk as the "effect of uncertainty on objectives."

2. ISO 31000:2018, Risk management — Guidelines, Clause 4, "Principles". This section lists "Human and cultural factors" as a key principle, and Clause 6.3, "Establishing the context," mandates consideration of both external and internal environments.

3. Purdy, G. (2010). ISO 31000:2009—Setting a new standard for risk management. Risk Analysis: An International Journal, 30(6), 881-886. On page 882, the author states, "The most important feature of the new definition is that risk is defined in relation to uncertainty..." This peer-reviewed article confirms that uncertainty is the core concept. DOI: https://doi.org/10.1111/j.1539-6924.2010.01442.x

4. Lalonde, C., & Boiral, O. (2012). Managing risks through ISO 31000: A critical analysis. Risk Management, 14(4), 272-300. The paper discusses how the standard frames risk management as a process to deal with uncertainty, stating, "the ISO 31000 standard defines risk as the 'effect of uncertainty on objectives'" (p. 275). DOI: https://doi.org/10.1057/rm.2012.9

Premium Access Includes

FLASH OFFER

avail 10% DISCOUNT on YOUR PURCHASE