PracticeVideosBlogFlashcardsEspañol
All Practice Exams

100+ Free CPRA Practice Questions

Pass your RMIA Certified Practising Risk Associate exam on the first try — instant access, no signup required.

✓ No registration✓ No credit card✓ No hidden fees✓ Start practicing immediately
100+ Questions
100% Free

Loading practice questions...

Same family resources

Explore More RMIA Risk Management Certifications (Australia)

Continue into nearby exams from the same family. Each card keeps practice questions, study guides, flashcards, videos, and articles in one place.

RMIA Certified Practising Risk Manager (CPRM)

Practice Questions
2026 Statistics

Key Facts: CPRA Exam

100

Exam Questions

RMIA

70%

Passing Score

70/100 questions

2 hrs

Time Limit

RMIA

$99

Exam Fee (AUD)

RMIA

40-80 hrs

Study Time

Recommended

6

RMBoK Domains

ISO 31000 aligned

Sample CPRA Practice Questions

Try these sample questions to test your CPRA exam readiness. Each question includes a detailed explanation. Start the interactive quiz above for the full 100+ question experience with AI tutoring.

1According to ISO 31000:2018, which of the following is NOT one of the eight principles of risk management?
A.Integrated
B.Structured and comprehensive
C.Risk avoidance
D.Inclusive
Explanation: ISO 31000:2018 lists eight principles: integrated, structured and comprehensive, customized, inclusive, dynamic, best available information, human and cultural factors, and continual improvement. 'Risk avoidance' is a risk treatment option, not a fundamental principle.
2In the ISO 31000 framework, what is the correct sequence of the risk management process?
A.Identify → Analyse → Evaluate → Treat → Monitor
B.Scope, Context and Criteria → Risk Assessment → Risk Treatment
C.Communicate → Identify → Analyse → Treat → Review
D.Plan → Do → Check → Act
Explanation: ISO 31000:2018 defines the risk management process as: Scope, Context and Criteria → Risk Assessment (which includes identification, analysis, and evaluation) → Risk Treatment. Communication and consultation, and monitoring and review, occur throughout the entire process.
3What is the primary purpose of the 'leadership and commitment' component in the ISO 31000:2018 framework?
A.To define the organisation's risk appetite statement
B.To ensure top management and oversight bodies demonstrate leadership and commitment to integrating risk management
C.To establish the risk register template
D.To assign risk owners to identified risks
Explanation: In ISO 31000:2018, the framework centres on leadership and commitment from top management and oversight bodies (Clause 5.2). This was termed 'mandate and commitment' in the 2009 version. It ensures risk management is integrated into governance and all organisational activities and embedded in the organisation's culture and decision-making.
4Which ISO 31000 principle states that risk management should be tailored to the organisation's external and internal context?
A.Dynamic
B.Customized
C.Inclusive
D.Integrated
Explanation: The 'customized' principle states that the risk management framework and process should be customized and proportionate to the organisation's external and internal context related to its objectives. A one-size-fits-all approach is inappropriate.
5What distinguishes 'continual improvement' as a principle of risk management in ISO 31000?
A.It requires annual reviews of the risk framework only
B.Risk management should be continually improved through learning and experience
C.It mandates quarterly risk assessments
D.Improvement occurs only after a risk event materialises
Explanation: The continual improvement principle means that risk management should be continually improved through learning and experience. This is an ongoing process, not limited to fixed intervals or reactive responses to incidents.
6In the ISO 31000 framework, 'design' of the risk management framework involves:
A.Only creating risk assessment templates
B.Understanding the organisation's context, articulating commitment, assigning roles, allocating resources, and establishing communication mechanisms
C.Hiring external risk consultants
D.Purchasing risk management software
Explanation: Designing the framework involves understanding the organisation and its context, articulating risk management commitment, assigning organisational roles, authorities, responsibilities and accountabilities, allocating resources, and establishing communication and consultation mechanisms.
7Which of the following best describes 'risk appetite'?
A.The maximum amount of risk an organisation can absorb before failure
B.The amount and type of risk that an organisation is willing to pursue or retain
C.The probability of any risk event occurring
D.The total cost of risk treatment activities
Explanation: Risk appetite is the amount and type of risk that an organisation is willing to pursue or retain in order to achieve its objectives. It reflects the organisation's attitude towards risk-taking and guides decision-making about which risks to accept, avoid, or mitigate.
8What is the difference between 'risk appetite' and 'risk tolerance'?
A.They are identical concepts with no practical difference
B.Risk appetite is the broad level of risk an organisation is willing to accept; risk tolerance is the specific acceptable variation around objectives
C.Risk tolerance is set by the board; risk appetite is set by operational managers
D.Risk appetite applies only to financial risks; risk tolerance applies to all risk categories
Explanation: Risk appetite is the broad, high-level amount and type of risk an organisation is willing to pursue or retain. Risk tolerance is the more specific, quantified boundaries of acceptable variation around particular objectives or risk categories. Appetite is strategic; tolerance is operational.
9In the context of risk management, what does 'establishing the context' primarily involve?
A.Documenting all past risk incidents
B.Defining the external and internal parameters, scope, and risk criteria for the risk management process
C.Conducting a detailed risk analysis of all organisational processes
D.Appointing a Chief Risk Officer
Explanation: Establishing the context involves defining the external environment, internal environment, the scope of the risk management process, and the risk criteria that will be used to evaluate risk significance. This forms the foundation for subsequent risk assessment activities.
10Which of the following is an example of an external context factor that should be considered when establishing the risk management context?
A.Organisational governance structure
B.Employee capability and culture
C.Regulatory and legal environment
D.Internal policies and procedures
Explanation: The regulatory and legal environment is an external context factor. External context includes the cultural, social, political, legal, regulatory, financial, technological, economic, and natural environment. Internal factors include governance, culture, capabilities, policies, and information systems.

About the CPRA Exam

The CPRA is an entry-level professional risk management certification from the Risk Management Institution of Australasia (RMIA). Based on the RMIA Risk Management Body of Knowledge (RMBoK) and aligned with ISO 31000:2018, the exam tests foundational competency across six core risk management domains.

Questions

100 scored questions

Time Limit

2 hours

Passing Score

70%

Exam Fee

$99 AUD (RMIA)

CPRA Exam Content Outline

~15%

Communication & Consultation

Stakeholder engagement, communication planning, and reporting

~15%

Scope, Context & Criteria

Internal/external context, risk criteria, appetite, and tolerance

~25%

Risk Assessment

Risk identification, analysis (qualitative and quantitative), and evaluation

~20%

Risk Treatment

Treatment options, cost-benefit analysis, and residual risk

~12%

Monitoring & Review

Key risk indicators, audit, and continuous improvement

~13%

Risk Governance

Framework, leadership, risk culture, three lines model

How to Pass the CPRA Exam

What You Need to Know

  • Passing score: 70%
  • Exam length: 100 questions
  • Time limit: 2 hours
  • Exam fee: $99 AUD

Keys to Passing

  • Complete 500+ practice questions
  • Score 80%+ consistently before scheduling
  • Focus on highest-weighted sections
  • Use our AI tutor for tough concepts

CPRA Study Tips from Top Performers

1Focus on risk assessment (~25% of exam) — master identification techniques, qualitative and quantitative analysis, and evaluation methods
2Understand the ISO 31000:2018 framework thoroughly — it underpins the entire exam
3Learn the difference between risk appetite, risk tolerance, and risk criteria
4Know the treatment options (avoid, reduce, share, accept) and when to apply each
5Study the three lines model for risk governance and understand each line's role
6Complete at least 100 practice questions before scheduling your exam

Frequently Asked Questions

What is the RMIA CPRA exam?

The CPRA (Certified Practising Risk Associate) is an entry-level professional risk management certification offered by the Risk Management Institution of Australasia (RMIA). It tests knowledge of the RMIA Risk Management Body of Knowledge (RMBoK), which is aligned with ISO 31000:2018. The exam consists of 100 multiple-choice questions to be completed in 2 hours, with a 70% passing score.

What are the prerequisites for the CPRA exam?

To sit the CPRA exam, you must be a current financial member of RMIA. You also need either 12+ months of risk-related work experience or a tertiary qualification in a risk-related discipline. Your application must be approved by RMIA's Educational Working Group (EWG) before you can access study materials and schedule the exam.

How hard is the CPRA exam?

The CPRA is considered entry-level for risk professionals and is manageable with adequate preparation. The exam covers six domains of the RMBoK aligned to ISO 31000. Most candidates find the Risk Assessment section (covering identification, analysis, and evaluation) the most challenging due to its breadth. With 40-80 hours of study over 4-8 weeks, most candidates are well-prepared.

What is the difference between CPRA and CPRM?

The CPRA (Certified Practising Risk Associate) is the entry-level RMIA certification, while the CPRM (Certified Practising Risk Manager) is the advanced-level credential. The CPRA tests foundational risk management knowledge, while the CPRM requires deeper experience and more complex applied knowledge. Many professionals complete the CPRA first before pursuing the CPRM.

How long should I study for the CPRA exam?

Most candidates study 40-80 hours over 4-8 weeks. If you have no prior risk management background, plan for the higher end. RMIA provides access to RMBoK study materials upon application approval, and the Enterprise Risk Management (ERM) course covers the exam content. Focus particularly on Risk Assessment (~25% of the exam) and Risk Treatment (~20%).

Is the CPRA exam taken online?

Yes, the CPRA exam is administered online. You can take the 100 multiple-choice question exam from your own location during the designated exam window. You have 2 hours to complete the exam and need a score of at least 70% (70/100 correct) to pass.

How does the CPRA relate to ISO 31000?

The CPRA exam content is closely aligned with ISO 31000:2018 (Risk management — Guidelines). The six RMBoK domains map to the ISO 31000 risk management process: communication and consultation, scope/context/criteria, risk assessment, risk treatment, monitoring and review, plus governance. Understanding ISO 31000 is essential for exam success.