Sample Exam Questions
Below are sample questions of the type to be found in the INSSA Security Risk Management Professional - Country Certification exam. The correct answers, rationale and reference are found at the end of the document. Good luck.
Question 1. Matt is on a tight deadline to submit his risk identification report to his Regional Manager. He is considering conducting the identification process without speaking to any of the stakeholders. What could be the immediate outcome for Matt and his organization if he proceeded with this decision?
- The security budget is not calculated appropriately.
- The donors refuse to allow the project to continue.
- Risk control measures are not properly applied.
- Potential risks could be overlooked.
Question 2: A program officer and a security manager are planning a focus group discussion with community members on potential risks related to projects on female empowerment in local secondary schools. What is the best approach for them to take to define the context?
- Identify any increase of risk with the introduction of a female empowerment project.
- Review the roles of the humanitarian principles in relation to education.
- Define gender equality in the school environment.
- Discuss the role of girls and how they are viewed by community members.
Question 3: Organizational information systems, information flows, and formal and informal decision-making processes are all a part of establishing which type of context in regard to the organization?
- External
- Technological
- Local
- Internal
Questions 4: At what point does a critical incident become a crisis?
- When families are notified that a security situation has involved a family member.
- When the incident escalates and requires senior management to lead and oversee coordination.
- When local authorities are called in to assist.
- When the organization shuts down operations due to a security incident.
Question 5. Due to the nature of crises, the management of a Crisis Management Team (CMT) usually requires which type of decision making structure?
- Centralized
- Networked
- Bottom-up
- Consensus-based
Answers to questions above
Question 1. Correct Answer: D
Rationale: Bringing together different levels of expertise ensures that various levels of risk are appropriately identified and included in the risk identification plan.
Reference: ISO 31010 4.3.2
Competency: A1
Question 2. Correct Answer: D
Rationale: Successful risk assessment must begin with defining the context appropriately before you can move on to other steps of identification.
Reference: ISO 31010 4.3.2
Competency: A1
Question 3. Correct answer: D
Rationale: evaluating the organization’s internal context may include information systems, information flows and decision-making process (both formal and informal)
Reference: ISO 31000 4.3.1
Competency: A2
Question 4. Correct Answer: B
Rationale: A critical incident or series of such incidents becomes a crisis when its nature, severity or broader consequences for an organization warrant a response beyond the capacity of routine program management mechanisms, i.e. requiring leadership and coordination from senior management level.
Reference: EISF Crisis Management 3. P.5
Competency: D1
Question 5. Correct Answer: A
Rationale: Due to the nature of crises, their management usually requires a more centralized decision-making structure than regular operations.
Reference: EISF Crisis Management 5.1
Competency: D1
Cognitive Domain: Knowledge