
Fast2testからの試験合格準備の必需品GRCP試験トレーニング問題
有効なパス率はGRC CertificationのGRCP試験問題
質問 # 34
How do values influence the way an organization operates?
- A. They establish the organization's code of conduct
- B. They determine the organization's market share and competitive positioning as part of assessing its financial value to shareholders
- C. They set voluntary boundaries for how the organization operates and often explain design decisions about the operating model
- D. They dictate the organization's pricing strategy and revenue generation
正解:C
解説:
Values represent the fundamental principles and beliefs that guide an organization's culture, decision-making, and behavior. They serve as a compass for how the organization operates, interacts with stakeholders, and achieves its objectives.
Role of Values in Operations:
Setting Boundaries:
Values define ethical standards and voluntary limits within which the organization operates, even if these exceed regulatory requirements.
For example, a company may adopt sustainability practices beyond legal requirements because they align with its values.
Guiding Design Decisions:
Values influence how the organization's operating model is structured, including processes, policies, and resource allocation.
For instance, a value-driven emphasis on innovation may lead to investment in R&D.
Why Option B is Correct:
Option B accurately describes how values set voluntary boundaries and shape decisions about the operating model.
Option A (establishing a code of conduct) is a subset of how values are operationalized, not their full role.
Options C and D focus on financial or competitive aspects, which are influenced by broader strategies rather than values alone.
Relevant Frameworks and Guidelines:
OCEG Principled Performance Framework: Highlights the role of values in shaping culture and decision-making processes.
ISO 37001 (Anti-Bribery Management System): Recommends embedding values into governance systems to promote ethical conduct.
In summary, organizational values set boundaries for operations and guide the design of the operating model, ensuring alignment with ethical principles, stakeholder expectations, and long-term objectives.
質問 # 35
How do the four dimensions of Total Performance contribute to a comprehensive assessment of an organization's GRC capability?
- A. By providing a holistic view of an organization's GRC capability, evaluating its soundness, cost-effectiveness, agility and ability to withstand disruptions
- B. By evaluating the performance of departments and individual employees in the context of GRC needs in their roles
- C. By determining the budget allocation for GRC programs and where resources should be applied
- D. By ensuring compliance with legal and regulatory requirements across the organization as a whole and by department
正解:A
解説:
The four dimensions of Total Performance in GRC-Soundness, Cost-Effectiveness, Agility, and Resilience-enable organizations to conduct a holistic assessment of their Governance, Risk, and Compliance capabilities.
Soundness:
Refers to the logical design and alignment of GRC programs with industry standards and business objectives (e.g., COSO, ISO 31000, NIST).
Ensures that GRC initiatives are robust and well-structured.
Cost-Effectiveness:
Evaluates the balance between the costs incurred and the benefits delivered by GRC programs.
Ensures resources are utilized efficiently.
Agility:
Focuses on how quickly the organization can adapt GRC practices to changing regulations, threats, or market conditions.
Key to maintaining compliance in dynamic environments.
Resilience:
Measures the organization's ability to withstand disruptions, such as cyberattacks or natural disasters, without compromising critical operations.
Incorporates risk mitigation strategies and disaster recovery plans.
Relevant Frameworks and Guidelines:
COSO ERM Framework: Supports a holistic approach to risk management and organizational resilience.
ISO 31000: Guides the integration of sound risk management practices.
In summary, these four dimensions provide a comprehensive lens through which an organization's GRC capability is evaluated, ensuring its effectiveness, sustainability, and adaptability in achieving compliance and managing risks.
質問 # 36
What are the two measures used to estimate the effect of uncertainty on objectives?
- A. Accuracy and precision
- B. Likelihood and impact
- C. Certainty and effect
- D. Probability and consequence
正解:B
解説:
In the context of Governance, Risk, and Compliance (GRC), the effect of uncertainty on objectives is assessed through two key measures: likelihood and impact.
Likelihood:
Refers to the probability or chance of an event occurring.
For example, in risk assessments, likelihood is often rated as high, medium, or low based on historical data, predictive modeling, or expert judgment.
Impact:
Refers to the extent of the effect that an event (or risk) would have on the organization's objectives.
Impact is typically measured in terms of financial loss, operational disruption, reputational damage, or regulatory non-compliance.
Why Option B is Correct:
Likelihood and impact are universally used in risk management frameworks such as ISO 31000 and the COSO ERM Framework to evaluate risks and prioritize mitigation efforts.
"Probability and consequence" (Option C) is similar but is a less precise term used in some specific frameworks.
Options A and D (accuracy, precision, certainty, and effect) are unrelated to risk measurement.
Relevant Frameworks and Guidelines:
ISO 31000 (Risk Management): Provides guidance on assessing the likelihood and impact of risks.
NIST Risk Management Framework (RMF): Incorporates likelihood and impact in assessing cybersecurity risks.
In summary, the measures of likelihood and impact are critical for evaluating and managing risks, enabling organizations to prioritize mitigation efforts and allocate resources effectively.
質問 # 37
What are leading indicators and lagging indicators?
- A. Leading indicators are types of input from leaders in each unit of the organization, while lagging indicators are views provided by departing employees during exit interviews.
- B. Leading indicators provide information about future events or conditions, while lagging indicators provide information about past events or conditions.
- C. Leading indicators are financial metrics, while lagging indicators are non-financial metrics.
- D. Leading indicators are qualitative measures, while lagging indicators are quantitative measures.
正解:B
解説:
Leading indicators and lagging indicators are performance measurement tools used to assess organizational progress and outcomes.
Leading Indicators:
Provide information about future events or conditions.
Help predict trends and allow proactive adjustments.
Example: Employee training completion rates predicting future performance improvements.
Lagging Indicators:
Reflect past events or conditions.
Measure results and outcomes after processes are completed.
Example: Customer satisfaction scores based on previous interactions.
Why Other Options Are Incorrect:
A: Not related to leadership input or exit interviews.
B: Leading and lagging indicators can encompass both financial and non-financial metrics.
C: Both types of indicators may include quantitative and qualitative measures.
Reference:
Balanced Scorecard Framework: Highlights the use of leading and lagging indicators in performance measurement.
OCEG GRC Capability Model: Discusses indicators for tracking progress.
質問 # 38
What is the difference between a mission and a vision?
- A. The mission is determined by external stakeholders, while the vision is determined by internal stakeholders.
- B. The mission is a short-term financial goal, while the vision is a long-term non-financial goal.
- C. The mission is what a for-profit organization should have, while the vision is for non-profit organizations.
- D. The mission states the organization's purpose and direction, while the vision is an aspirational objective that states what the organization aspires to be.
正解:D
解説:
The mission and vision of an organization serve distinct but complementary purposes:
Mission:
Defines the organization's purpose, direction, and core values.
Answers: "Why do we exist?"
Example: "To provide sustainable energy solutions to underserved markets." Vision:
Represents an aspirational future state the organization strives to achieve.
Answers: "What do we aspire to become?"
Example: "To be the world's leading renewable energy provider."
Why Other Options Are Incorrect:
B: Both mission and vision involve internal input and stakeholder considerations.
C: Mission and vision are broader than financial goals.
D: Both mission and vision are relevant for all types of organizations.
Reference:
Corporate Strategy Frameworks: Emphasize clear articulation of mission and vision for strategic alignment.
Balanced Scorecard Methodology: Discusses mission and vision as integral to strategic planning.
質問 # 39
What is the role of indicators in measuring progress toward objectives?
- A. Indicators measure quantitative or qualitative progress toward an objective.
- B. Indicators are used to evaluate the appropriateness of the organization's selection of objectives.
- C. Indicators are used to calculate the return on investment for various projects and initiatives.
- D. Indicators are used to determine if the objectives must be changed in response to changes in the external or internal context.
正解:A
解説:
Indicatorsare critical tools for measuring progress toward achieving objectives by tracking quantitative or qualitative metrics.
* Role of Indicators:
* Provide insights into whether the organization is on track to meet its goals.
* Help identify gaps, strengths, and opportunities for improvement.
* Examples: Productivity metrics, compliance rates, or customer retention rates.
* Types of Indicators:
* Quantitative: Numeric measures like revenue growth or employee turnover rates.
* Qualitative: Observations or evaluations, such as stakeholder satisfaction.
* Why Other Options Are Incorrect:
* A: Indicators measure progress, not the appropriateness of objectives.
* C: Objective selection evaluation occurs during the planning phase, not progress measurement.
* D: ROI calculations are a subset of financial analysis, not the overall role of indicators.
References:
* OCEG GRC Capability Model: Emphasizes indicators in monitoring objectives.
* Balanced Scorecard Framework: Uses indicators to measure organizational performance.
質問 # 40
What is the primary purpose of the ALIGN component in the GRC Capability Model?
- A. To establish communication channels and provide education to stakeholders about how the organization aligns its business operations to their needs.
- B. To review and improve the organization's policies and controls and ensure they are aligned to the operations of the business.
- C. To coordinate the monitoring and evaluation of the organization's governance, risk, and compliance activities.
- D. To define the direction and objectives of an organization and design an integrated plan to address opportunities, obstacles, and obligations.
正解:D
解説:
The ALIGN component in the GRC Capability Model focuses on setting the organization's strategic direction and objectives while ensuring that governance, risk management, and compliance activities are integrated into a cohesive plan.
Primary Purpose:
Define organizational direction and objectives.
Develop an integrated strategy to address opportunities, obstacles, and obligations.
Significance of ALIGN:
ALIGN ensures that organizational efforts are coherent and support long-term goals.
Provides a roadmap to align processes, controls, and initiatives with the mission and vision.
Why Other Options Are Incorrect:
A: Monitoring and evaluation are part of the RESPOND component.
C: While communication is important, ALIGN focuses on planning and direction, not stakeholder education.
D: Policy review is part of the EVALUATE component, not ALIGN.
Reference:
OCEG GRC Capability Model: Details the ALIGN component's role in strategic planning and integration.
COSO ERM Framework: Highlights the importance of aligning risk and strategy.
質問 # 41
What is the role of identification criteria?
- A. Identification criteria are used to focus on priority objectives and results.
- B. Identification criteria are used to calculate the total budget for the organization based on priority objectives and the number of related obstacles and obligations.
- C. Identification criteria are used to establish the communication channels within the organization regarding opportunities, obstacles, and obligations.
- D. Identification criteria are used to determine the order in which units undertake identification activities.
正解:A
解説:
Identification criteria are tools used to guide the identification of elements critical to achieving objectives, such as opportunities, obstacles, and obligations.
Purpose of Identification Criteria:
Focus efforts on priority objectives and results that align with organizational goals.
Streamline the identification process to ensure efficiency and relevance.
Examples:
Criteria may include relevance to strategic objectives, potential impact, and urgency.
Why Other Options Are Incorrect:
A: Criteria are not about sequencing identification activities.
B: They do not directly calculate budgets but may inform resource allocation.
D: Establishing communication channels is a separate organizational function.
Reference:
OCEG GRC Capability Model: Highlights criteria to prioritize objectives and results in identification processes.
ISO 31000 (Risk Management): Discusses criteria for identifying risks and opportunities.
質問 # 42
Which of these would not trigger the reconsideration of internal factors within an organization?
- A. Fluctuations in the stock market and economic conditions.
- B. Ordinary seasonal fluctuations in purchases.
- C. The launch of a new product or service by a competitor.
- D. Changes in government regulations and industry standards.
正解:B
解説:
Ordinaryseasonal fluctuations in purchasesare predictable and typically accounted for in existing business plans, so they do not necessitate a reconsideration of internal factors.
* Why Ordinary Seasonal Fluctuations Are Excluded:
* These variations are expected and manageable within normal operating procedures.
* They do not signify a fundamental change requiring strategic reassessment.
* Triggers for Reconsidering Internal Factors:
* A: External economic conditions may require internal adjustments to mitigate risks.
* C: Competitive actions can influence market positioning and internal strategies.
* D: Regulatory changes necessitate compliance adjustments.
References:
* PESTEL Analysis: Highlights when external factors may necessitate changes in internal contexts.
* COSO ERM Framework: Links external triggers to internal strategy revisions.
質問 # 43
What does it mean for an organization to "reliably achieve objectives" as part of Principled Performance?
- A. It means having measurable outcomes.
- B. It means always achieving profitability targets and maximizing shareholder value.
- C. It means achieving short-term goals regardless of the impact on long-term success.
- D. It means achieving mission, vision, and balanced objectives thoughtfully, consistently, dependably, and transparently.
正解:D
解説:
"Reliably achieving objectives" as part ofPrincipled Performancereflects a balanced, ethical, and consistent approach to meeting organizational goals.
* Mission, Vision, and Balanced Objectives:
* The organization ensures that objectives align with its purpose and long-term aspirations.
* Thoughtful and Transparent Execution:
* Decision-making processes are deliberate and consider ethical implications, risk management, and stakeholder interests.
* Dependable Consistency:
* Consistently achieving objectives builds trust with stakeholders and demonstrates resilience.
* Why Other Options Are Incorrect:
* A: Focusing solely on short-term goals risks long-term sustainability.
* B: Measurable outcomes are important but do not capture the broader principles.
* D: Profitability is only one aspect of balanced objectives.
References:
* OCEG GRC Capability Model: Defines principled performance as achieving objectives while addressing uncertainty and acting with integrity.
* ISO 31000 (Risk Management): Aligns reliability with structured, ethical decision-making.
質問 # 44
In the IACM, what are the two types of Proactive Actions & Controls?
- A. Reactive Actions & Controls and Passive Actions & Controls
- B. Prevent/Deter Actions & Controls and Promote/Enable Actions & Controls
- C. Quantitative Actions & Controls and Qualitative Actions & Controls
- D. Centralized Actions & Controls and Decentralized Actions & Controls
正解:B
解説:
The two types of Proactive Actions & Controls in the IACM are:
Prevent/Deter Actions & Controls:
Focus on avoiding unfavorable events and reducing risks before they occur.
Example: Implementing security protocols to deter cyberattacks.
Promote/Enable Actions & Controls:
Facilitate the realization of opportunities and favorable outcomes.
Example: Employee training programs to improve productivity.
Why Other Options Are Incorrect:
A: Reactive and passive actions are not proactive by definition.
C: Centralization/decentralization pertains to organizational structure.
D: Quantitative and qualitative are methods, not categories of controls.
Reference:
OCEG IACM Framework: Details types of proactive controls for risk and opportunity management.
質問 # 45
What is the difference between an organization that is being "Good" and being a "Principled Performer"?
- A. A "Principled Performer" always pursues objectives that are considered "Good" by society.
- B. There is no difference: "Good" and a "Principled Performer" are synonymous.
- C. A "Principled Performer" is an organization that donates a significant portion of its profits to charity.
- D. An organization must measure up to the Principled Performance definition to be a "Principled Performer," regardless of whether its objectives are subjectively perceived or preferred as "Good" or "Bad."
正解:D
解説:
The distinction between being "Good" and being a "Principled Performer" lies in the approach and framework used to meet objectives, irrespective of whether the objectives are considered "good" or "bad" by society.
"Good" vs. "Principled Performer":
"Good" is a subjective measure based on societal norms, values, or preferences.
A "Principled Performer", however, aligns its objectives and operations with ethical practices, risk management, compliance, and governance, irrespective of societal perceptions.
Definition of a Principled Performer:
The term originates from OCEG's Principled Performance model, which emphasizes the achievement of objectives with integrity, accountability, and foresight.
Organizations that ensure their processes and decisions meet defined principles of performance, even under external pressures, qualify as "Principled Performers." Misconceptions Debunked:
Option B is incorrect because "Principled Performers" do not necessarily align with what society perceives as "Good." Option C is incorrect as it equates two fundamentally different concepts.
Option D is irrelevant, as charity is not a determining factor of principled performance.
Reference:
OCEG's GRC Capability Model: Defines the characteristics of Principled Performance and how it differs from subjective notions of "Good." Ethics and Compliance Standards (ISO 37301): Demonstrates the operationalization of principles within organizations.
NIST RMF and COSO ERM Frameworks: Discuss how principled approaches are embedded into risk and governance processes.
質問 # 46
What is the advantage of using technology-based inquiry for discovering events?
- A. This inquiry often provides information sooner than other methods.
- B. This inquiry eliminates the need to analyze information.
- C. This inquiry focuses on unfavorable events.
- D. This inquiry prevents the need for employee surveys.
正解:A
解説:
Technology-based inquiry is advantageous because it often provides information sooner than traditional methods, enabling quicker responses to events and issues.
Benefits of Technology-Based Inquiry:
Real-Time Data: Enables immediate detection of issues through automated alerts or analytics.
Broader Coverage: Monitors large volumes of data and activities more efficiently than manual methods.
Why Other Options Are Incorrect:
A: Technology-based inquiry complements surveys but does not replace them entirely.
B: Information analysis is still required, even when gathered through technology.
C: Technology-based inquiry identifies both favorable and unfavorable events, not just the latter.
Reference:
COSO ERM Framework: Highlights the use of technology in monitoring and inquiry processes.
OCEG GRC Capability Model: Discusses technology-based tools for faster issue detection.
質問 # 47
What is the difference between a hazard and an obstacle in the context of uncertainty?
- A. A hazard affects the likelihood of an event, while an obstacle is a hazard with significant impact on objectives.
- B. A hazard is a type of obstacle, while an obstacle is an overarching category of threat.
- C. A hazard is a measure of the negative impact on the organization, while an obstacle is a state of conditions that create a hazard.
- D. A hazard is a cause that has the potential to eventually result in harm, while an obstacle is an event that may have a negative effect on objectives.
正解:D
解説:
In the context of uncertainty, hazards and obstacles describe different concepts:
Hazard:
A cause or source of potential harm or adverse impact.
Example: A poorly maintained system poses a hazard for downtime.
Obstacle:
An event or condition that negatively affects the achievement of objectives.
Example: System downtime becomes an obstacle to completing a project on time.
Key Difference:
Hazards are potential causes, while obstacles are actual events or conditions that create challenges.
Why Other Options Are Incorrect:
A: Obstacles are events, not conditions that create hazards.
B: Hazards relate to causes, not likelihood.
D: Hazards and obstacles are distinct concepts, not types of each other.
Reference:
ISO 31000 (Risk Management): Differentiates hazards as sources of harm and obstacles as barriers to objectives.
COSO ERM Framework: Explains the role of events (obstacles) in risk management.
質問 # 48
Which statement is FALSE?
- A. The organization should identify legally mandated education, including who must be educated, the content required, the time required, and methods that may be used for each required course.
- B. The organization should conduct a needs assessment to determine the training that will address high-risk situations and develop a training plan for each job or job family.
- C. The organization should have an education plan for each target population indicating what they should know about the GRC capability and their responsibilities for GRC activities.
- D. Regardless of role, everyone in the organization should receive the same curriculum and the same education activities to ensure consistent understanding.
正解:D
解説:
The statement "Regardless of role, everyone in the organization should receive the same curriculum and the same education activities to ensure consistent understanding" is FALSE because education plans must be tailored to the specific roles, responsibilities, and risks associated with different job functions.
Why Tailored Education is Necessary:
Different roles have distinct responsibilities and exposure to risks.
A one-size-fits-all approach is inefficient and may not address critical role-specific needs.
Why Other Statements are True:
A: Education plans should address the specific GRC responsibilities of target populations.
C: Needs assessments identify high-risk areas and ensure targeted training.
D: Legal mandates often specify education requirements for compliance.
Reference:
OCEG GRC Capability Model: Recommends role-specific training plans for effective GRC implementation.
ISO 37301 (Compliance Management Systems): Highlights the importance of needs assessments and tailored training.
質問 # 49
What are beliefs, and how do they influence behavior within an organization?
- A. Beliefs are the organization's commitments to mandatory and voluntary obligations, and they influence behavior by determining the extent to which individuals fulfill obligations and honor promises.
- B. Beliefs are the organization's perceptions of risk and uncertainty, and they influence behavior by guiding actions and controls to address compliance-related risks.
- C. Beliefs are ideas and assumptions held by individuals or groups, often shaped by experiences and perceptions, that influence behavior by informing the values and principles that guide actions and decisions.
- D. Beliefs are the organization's understanding of its mission, vision, and values, and they influence behavior by aligning actions with the organization's higher purpose and long-term goals.
正解:C
解説:
Beliefs are fundamental ideas or assumptions individuals or groups hold within an organization. These beliefs shape the culture and influence behavior in significant ways.
Definition:
Beliefs stem from experiences, perceptions, and cultural influences, forming the foundation of values and principles.
Influence on Behavior:
Beliefs inform decision-making, align employee actions with organizational values, and guide ethical practices.
Organizational Impact:
Shared beliefs create a cohesive culture, align goals, and foster trust among stakeholders.
Reference:
OCEG Capability Model: Explains the role of beliefs in shaping behavior and culture.
COSO Framework: Highlights the impact of core values on organizational behavior.
質問 # 50
What is the term used to describe a cause that has the potential to result in harm?
- A. Hazard
- B. Obstacle
- C. Opportunity
- D. Prospect
正解:A
解説:
In GRC terminology, a hazard is a condition, situation, or factor that has the potential to cause harm or adverse effects. It is commonly used in the context of risk management, health and safety, and environmental compliance.
Definition of Hazard:
A hazard is the cause of potential harm, such as physical injury, financial loss, reputational damage, or legal violations.
Examples of hazards include weak cybersecurity controls, hazardous materials, or non-compliance with regulatory requirements.
Why Option A is Correct:
"Hazard" is the universally accepted term for a cause of potential harm in risk management frameworks (e.g., ISO 31000, COSO ERM).
"Prospect" (Option B) and "Opportunity" (Option C) are related to potential gains, not harm.
"Obstacle" (Option D) refers to a barrier or hindrance, not specifically a cause of harm.
Relevant Frameworks and Guidelines:
ISO 31010 (Risk Assessment Techniques): Discusses the identification and evaluation of hazards as part of risk assessment.
NIST SP 800-30 (Risk Assessment): Includes identification of threats, which can be considered analogous to hazards in the context of information security.
In summary, a hazard is a cause of potential harm that must be identified and mitigated to manage risks effectively in any organizational context.
質問 # 51
Which category of actions & controls in the IACM includes formal statements and rules about organizational intentions and expectations?
- A. Policy
- B. People
- C. Technology
- D. Information
正解:A
解説:
The Policy category in the IACM encompasses formal statements, rules, and guidelines that articulate the organization's intentions and expectations.
Role of Policies:
Set boundaries and guidelines for behavior and decision-making.
Ensure consistency in actions and alignment with organizational goals.
Examples:
Code of conduct.
Data privacy and security policies.
Why Other Options Are Incorrect:
A: Information deals with data and communication, not formal statements.
B: People refer to human elements like roles and responsibilities.
C: Technology focuses on tools and systems.
References:
OCEG IACM Framework: Highlights the role of policies in formalizing organizational expectations.
質問 # 52
When should anonymity be afforded to stakeholders who raise issues through notification pathways?
- A. Anonymity should never be afforded, as it encourages false reporting.
- B. Anonymity should be afforded only when the issue raised is of minor importance.
- C. Anonymity should be afforded where legally permitted or required.
- D. Anonymity should only be afforded to stakeholders who are not employees of the organization.
正解:C
解説:
Anonymityshould be afforded in notification pathwayswhere legally permitted or requiredto encourage reporting and protect stakeholders from potential retaliation.
* Purpose of Anonymity:
* Encourages individuals to report concerns without fear of reprisal.
* Supports compliance with legal frameworks, such as whistleblower protection laws.
* Why Legal Context Matters:
* Some jurisdictions mandate anonymity for certain types of reports, particularly whistleblower disclosures.
* Organizations must align their practices with these legal requirements.
* Why Other Options Are Incorrect:
* A: Denying anonymity discourages reporting, especially for sensitive issues.
* C: Anonymity is equally important for employees and external stakeholders.
* D: Importance of the issue should not determine the availability of anonymity.
References:
* ISO 37002 (Whistleblowing Management Systems): Recommends anonymous reporting pathways where legally permitted.
* OCEG GRC Capability Model: Emphasizes anonymity as a critical element of effective notification systems.
質問 # 53
How can an organization evaluate the adequacy of current levels of residual risk/reward and compliance?
- A. The organization can evaluate adequacy by hiring an outside auditor to make an assessment.
- B. The organization can evaluate adequacy by removing controls and seeing if the levels change.
- C. The organization can evaluate adequacy by looking at the number of lawsuits and enforcement actions.
- D. The organization can use analysis criteria to evaluate the adequacy of current levels and determine if additional analysis is required.
正解:D
解説:
Organizations evaluate the adequacy of residual risk/reward and compliance by applying structured analysis criteria to determine whether current levels align with their objectives and risk appetite.
Analysis Criteria:
Specific benchmarks or standards are used to measure whether residual risks and compliance efforts meet organizational expectations.
Criteria are based on factors like likelihood, impact, regulatory requirements, and strategic goals.
Process:
Evaluate current levels using established criteria.
Identify gaps and determine if further analysis or additional controls are required.
Why Other Options Are Incorrect:
A: Lawsuits and enforcement actions are outcomes, not methods of evaluating adequacy.
C: Removing controls introduces risks and is not a recommended evaluation method.
D: While external auditors provide insights, adequacy evaluation starts internally with analysis criteria.
Reference:
COSO ERM Framework: Provides guidance on evaluating residual risk and compliance adequacy.
ISO 31000 (Risk Management): Recommends using criteria to assess and refine risk management practices.
質問 # 54
What is the significance of a vision statement in inspiring and motivating employees, stakeholders, and customers?
- A. It outlines the organization's succession planning and leadership development.
- B. It specifies the organization's views on ethical issues facing it.
- C. It describes what the organization aspires to be and why it matters, serving as a guidepost for long-term strategic planning and inspiring and motivating employees, stakeholders, and customers.
- D. It details the organization's sales targets and revenue projections to motivate employees to work hard and meet those goals.
正解:C
解説:
A vision statement plays a critical role in inspiring and motivating employees, stakeholders, and customers by defining the organization's aspirations and its importance.
Significance of a Vision Statement:
Inspiration: Provides a sense of purpose and ambition, energizing employees and stakeholders.
Strategic Guidance: Serves as a long-term guidepost, aligning all efforts with future aspirations.
Stakeholder Engagement: Encourages buy-in by articulating the organization's desired impact and value.
Why Other Options Are Incorrect:
A: Ethical views are part of values, not the primary purpose of a vision statement.
C: Sales targets and projections are operational metrics, not part of a vision statement.
D: Succession planning is a tactical process, not related to the vision statement.
Reference:
Corporate Strategy Frameworks: Emphasize the vision statement's role in motivating and aligning stakeholders.
Balanced Scorecard Methodology: Connects vision to long-term strategic planning.
質問 # 55
......
OCEG GRCP 認定試験の出題範囲:
| トピック | 出題範囲 |
|---|---|
| トピック 1 |
|
| トピック 2 |
|
| トピック 3 |
|
| トピック 4 |
|
全問GRCP問題集とGRC Professional Certification Examトレーニングコース:https://jp.fast2test.com/GRCP-premium-file.html
無料テストエンジンGRC Professional Certification Exam認定試験:https://drive.google.com/open?id=14KDp_hfUsuSSwnecmpCKh0DlEOv1Kfur