Domain V - Risk Identification and Assessment (15 - 20%)
A. Risk Theory (P)
1. Defining risk
2. Relationship of risk to strategic, operational, or process objectives
3. Risk tolerance, residual risk, and exposure
4. Impact assessment
B. Risk models/frameworks (including COSO's Enterprise Risk Management/
Integrated Framework) (P)
C. Understanding the risks inherent in common business processes (P)
D. Application of risk identification and assessment techniques (P)
E. Risk management techniques/cost-benefit analysis (P)
1. Transfer, manage, or accept
2. Impact/cost-benefit analysis
F. Using CSA in enterprise risk management (P)
P = Candidates must exhibit proficiency (thorough understanding; ability to apply concepts) in these topic areas.
A = Candidates must exhibit awareness (knowledge of terminology and fundamentals) in these topic areas.
