When Recognition Matters

RISK MANAGEMENT FAQS

WHAT IS RISK
MANAGEMENT?

www.pecb.com
RISK MANAGEMENT FAQS

1 WHAT IS RISK
MANAGEMENT?
Risk management is the process of understanding,
evaluating and controlling the risks that prevent
organizations from achieving their objectives.

2 WHAT ARE THE MAIN TYPES OF

BUSINESS RISKS?

Different types of business risks include, but are not

limited to:

• Strategic Risk
• Financial Risk
• Compliance Risk
• Reputational Risk
• Operational Risk
• Health and Safety Risk
• Natural Disaster Risk
• Economic and Political Instability risks

3WHAT ARE THE STEPS OF A

RISK MANAGEMENT PROCESS?

Step 1: Risk identification

Step 2: Risk analysis
Step 3: Risk evaluation
Step 4: Risk treatment
Step 5: Risk monitoring and review
RISK MANAGEMENT FAQS

4 WHICH ARE THE METHODS OF

MANAGING RISK?

There are four main methods of managing risk, and they

are applicable under diverse circumstances.

Risk Avoidance: The risk can be eliminated by avoiding

activities that might trigger potential risks. Considering
that the complete elimination of all risks is hardly possible,
a risk avoidance strategy is employed to deflect as
many threats as possible in order to avoid the costly and
disruptive consequences of a damaging event.

Risk Transfer: The risk can be transferred to a third-party,

for example to an insurance company.

Risk Reduction: The risk can be managed by diminishing

the likelihood of the loss, by either increasingly
implementing preventive actions or controlling the extent
of risky activities.

Risk Retention: The risk can be accepted if it is assessed

that the risk does not pose significant threats.

5WHAT IS ISO 31000?

The ISO 31000 is an international standard on risk

management established to help organizations of any size
and type to manage risk effectively. It provides comprehensive
principles and guidelines to help organizations ensure the
improvement of management techniques and safeguard
safety and security in the workplace.

6 WHAT ARE THE BENEFITS OF

ISO 31000?

• Gain competitive advantage – enhanced risk

management will support achieving goals and objectives
• Reduce costs through proper risk management
• Respond to change effectively and find viable solutions
• Create and protect value
• Increase the likelihood of achieving objectives
• Effectively identify the opportunities and threats
• Identify and mitigate the risk throughout the organization
• Gain stakeholder confidence and trust
• Create a consistent basis for decision making and
planning
RISK MANAGEMENT FAQS

7 WHAT ARE THE MAIN PRINCIPLES

OF RISK MANAGEMENT?
There are 11 Risk Management principles:
• Risk Management should create and protect value
• Risk Management should be an integral part of
organizational processes
• Risk Management should be part of decision making
• Risk Management should explicitly address
uncertainty
• Risk Management is systematic, structured and timely
• Risk Management is based on the best available
information
• Risk Management should be tailored
• Risk Management takes into account human and
cultural factors
• Risk Management is transparent and inclusive
• Risk Management is dynamic, iterative and responsive
to change
• Risk Management should enable the organization’s
continual improvement

8 DOES MY CERTIFICATION
EXPIRE?

Your certificate is valid for three years from the date of

receiving the certificate. To renew your certificate for an
additional three years, you must submit the CPDs and pay
the AMF on an annual basis. The requirements for the Risk
Manager Certificate and Lead Risk Manager Certificate
are 20 CPDs per year or 60 CPDs in triannual basis, and
30 CPDs annually or 90 CPDs in the triannual period,
respectively. Meanwhile, for the Foundation there is no
CPD or AMF required.

9CAN I DOWNLOAD MY
CERTIFICATE?

Yes, you will be able to download the certificate, print it

or have it in a PDF format once you successfully pass the
exam.
RISK MANAGEMENT FAQS

10WHAT ISO 31000 TRAININGS

DOES PECB PROVIDE?
PECB provides trainings on ISO 31000 Introduction, ISO
31000 Foundation, ISO 31000 Risk Manager and ISO
31000 Lead Risk Manager.

ISO 31000 Introduction is a one-day training course and

one cannot be certified after attending this training. The
ISO 31000 Introduction training enables the participant to
be familiar with the basic concepts of Risk Management.

ISO 31000 Foundation is a two-day training course, which

enables you to learn the basic elements of implementing
a Risk Management process and framework. This
training will lead to examination and certification. After
successfully passing the exam, you can apply for a “PECB
Certified ISO 31000 Foundation” credential.

ISO 31000 Risk Manager is a three-day training course,

which enables you to gain comprehensive knowledge of
the fundamental principles, framework, and process of
Risk Management based on ISO 31000. After successfully
completing the exam you can apply for a “PECB Certified
ISO 31000 Risk Manager” credential.

ISO 31000 Lead Risk Manager is a five-day training course,

which enables you to acquire the expertise to support
and lead an organization and its team in successfully
identifying, understanding and managing a risk process
based on ISO 31000. After a successful exam completion,
you can apply for a “PECB Certified ISO 31000 Lead Risk
Manager” credential.

11
HOW CAN I GET ACCESS TO ISO
31000 PECB MATERIALS?
PECB provides training materials, whitepapers, course
brochures, toolkits, and webinars on ISO 31000. PECB
whitepapers, webinars, and brochures are available, free
of charge, to everyone that has an insatiable curiosity
about ISO 31000. Also, everyone can enroll for our ISO
31000 trainings by visiting www.pecb.com or contacting
customer@pecb.com. Each participant that enrolls for the
PECB training courses and exams will gain access to the
PECB training materials.