Free Preparation Discussions
MENU
PECB ISO-31000-Lead-Risk-Manager Exam - Topic 5 Question 2 Discussion
Topic #: 5
Scenario 6:
Trunroll is a fast-food chain headquartered in Chicago, Illinois, specializing in wraps, burritos, and quick-serve snacks through both company-owned and franchised outlets across several states. Recently, the company identified two major risks: increased dependence on third-party delivery platforms that could disrupt customer service if contracts were to fail or fees rose sharply, and stricter health and safety inspections that might expose vulnerabilities in hygiene practices across certain franchise locations. Therefore, the top management of Trunroll adopted a structured risk management process based on ISO 31000 guidelines to systematically identify, assess, and mitigate risks, embedding risk awareness into daily operations and strengthening resilience against future disruptions.
To address these risks, Trunroll outlined and documented clear actions with defined responsibilities and timelines. Regarding the dependence on third-party delivery platforms, the company decided not to move forward with planned partnerships with third-party delivery apps, as the risk of losing control over the customer experience and rising costs outweighed the potential benefits.
To address stricter health inspections across franchises, Trunroll invested in stronger hygiene protocols, mandatory staff training, and upgraded monitoring systems to reduce the likelihood of violations. Yet, management understood that some exposure would remain even after these measures. To address this risk, they decided to use one of the insurance methods, reserving internal financial resources to cover unexpected losses or penalties, ensuring the remaining risk was managed within acceptable boundaries.
Additionally, Trunroll set up a cloud-based platform to document and maintain risk records. This allowed managers to log supplier inspection results, training outcomes, and incident reports into one secure system, while also providing flexibility to update and scale applications as needed without managing the underlying infrastructure. In doing so, Trunroll ensured that all risk-related information is documented in progress reports and incorporated into mid-term and final evaluations, with risk management being updated regularly to monitor changes and treatments.
Based on the scenario above, answer the following question:
Trunroll documented all risk-related information in progress reports and incorporated it into mid-term and final evaluations. Which organizational level for risk reporting did they consider in this case?
The correct answer is A. Corporate level. ISO 31000 emphasizes that risk reporting should support governance, oversight, and strategic decision-making at appropriate organizational levels. Corporate-level risk reporting consolidates risk information across the organization and feeds into mid-term and final evaluations, enabling top management and oversight bodies to monitor performance and risk exposure.
In Scenario 6, Trunroll ensured that risk-related information was incorporated into progress reports and mid-term and final evaluations, and that risk management was updated regularly. These activities are characteristic of corporate-level reporting, which focuses on organization-wide risks, strategic objectives, and resilience.
Program or unit-level reporting would focus on specific departments or functions, while project-level reporting is limited to defined projects with finite timelines. The scenario clearly indicates organization-wide reporting to support top management oversight.
From a PECB ISO 31000 Lead Risk Manager perspective, corporate-level risk reporting ensures alignment with strategy, accountability, and continuous improvement. Therefore, the correct answer is corporate level.
Trinidad
5 days agoRosina
10 days agoMuriel
15 days agoReynalda
20 days agoErasmo
26 days agoMargret
1 month agoSherron
1 month ago