Professional Documents
Culture Documents
Questions
Questions
Questions
Included below are sample questions and answers for the GRC Professional exam
based on the OCEG GRC Capability Model v3.0. These are live questions in the test
databank; and therefore, some of these questions may end up on your exam.
Individual exams of 100 randomly selected multiple choice questions are created by
the system from a test databank of almost 200 questions. The order of the questions
and the order of responses is randomized for each individual.
The exam is based on the OCEG GRC Capability Model v3.0 from the introduction, on
general GRC knowledge, and the components of the model. You must answer 70%
or more of the questions correctly to qualify to receive your GRC Professional
certification.
The exam can be taken online through www.oceg.org, 24 hours a day, 7 days a week.
You will have 120 minutes to complete the exam of 100 questions. The exam is open
book.
Page |1
OCEG GRC Capability Model v3.0
Components and Elements
Page |2
1. Principled Performance represents achievement of:
A. senior management supported objectives that an organization chooses to
pursue whilst employing an effective, efficient and responsive approach to
governance, risk management and compliance that supports those objectives
B. fully funded objectives that an organization chooses to pursue whilst
employing an effective, efficient and responsive approach to governance, risk
management and compliance that supports those objectives
C. all of the objectives that an organization chooses to pursue whilst employing
an effective, efficient and responsive approach to governance, risk
management and compliance that supports those objectives
D. the most critical objectives that an organization chooses to pursue while
employing an effective, efficient and responsive approach to governance, risk
management and compliance that supports those objectives
4. A threat is
A. a type of risk
B. a measure of likelihood that an adverse event will take place
C. an event or condition that has, on balance, an undesirable effect on achieving
objectives
D. always an external force that can harm the organization
Page |3
5. Which of the following would not be appropriate when monitoring external
context?
A. Having only one source of information about each item being monitored
B. Changing approaches to monitoring when entering new markets or
geographies
C. Monitoring development of new technologies
D. Identifying a key owner for each aspect of external environment being
monitored
6. Why do you need to analyze the current and planned approaches to addressing
opportunities, threats and requirements?
A. To be able to determine if the inherent, actual and planned residual levels of
risk, reward and conformance are acceptable
B. To be able to assign responsibility for monitoring changes in approaches to
risks, rewards and conformance in a given category to one person
C. To be able to have the same crisis management plan for all risks
D. To be able to take steps to mitigate entire categories of risks or address
entire categories of potential reward
Page |4
9. Which of the following would not be considered an external stakeholder or
influencer of opinion?
A. Board of Directors
B. Non-governmental organization
C. Local media in areas where the organization operates
D. Regulators
10. Why is it important to establish formal values and objectives for the
organization?
A. Absent a clear mission, vision and values statement, the organization will
operate on the values defined ad hoc or by individuals based on their own
beliefs and interests
B. A written values statement can substitute for leadership demonstrating the
desired behaviour of the workforce.
C. In the absence of organizational values and objectives, legal mandates will
replace the organization's right to establish its own values
D. Organizational values and objectives provide a defense to charges that the
organization does not have an effective compliance program.
Page |5
13. What is a GRC curriculum plan?
A. A plan setting out the order and timing of all courses for a particular role or
family of roles, which may include a description of each course, its objectives,
and method/mode of delivery
B. A plan setting out the names of all courses and training programs offered to
the workforce by the organization
C. A plan describing what the organization intends to offer as training about
GRC to the workforce, for approval by the board
D. A table of contents for the organization's training course about the GRC
capability
Page |6
Sample Questions and Answers
GRC Professional Exam v3.0
Answer Key
18 09
|||UNTRANSLATED_CONTENT_START|||2. C|||UNTRANSLATED_CONTENT_END|||
3. A
4:09
5-09.
6:09
7-09.
8-09.
9. A
10 09
9 November
12 09
13:09
14:09
15 09
Page |7