How is CA ANZ Core 2 assessed?

Core 2 is delivered online over roughly a 9-week term and assessed through objective online quizzes combined with a high-stakes assignment, rather than a single long case-only exam. CA ANZ does not publish a fixed question count or a single raw passing percentage for the subject.

What topics does Core 2 cover?

Core 2 covers enterprise risk management frameworks (such as COSO ERM and ISO 31000), risk identification and response, internal and IT controls, data governance and data quality, cybersecurity, emerging technologies including cloud, automation and blockchain, and artificial intelligence concepts, AI governance and responsible AI use.

What are the learning outcomes of Core 2?

Candidates learn to recommend risk management strategies for financial and non-financial risks, evaluate and communicate the results of data analyses, identify and evaluate existing and emerging technologies and contribute to IT strategy, and apply computational thinking to solve authentic business problems, all underpinned by ethics.

How long does Core 2 take to study?

CA ANZ delivers Core 2 over approximately a 9-week study period each term, with weekly study and timed online assessments leading to a final assignment. Candidates typically budget a sustained weekly commitment, often well over 100 hours in total across the subject.

How much does CA ANZ Core 2 cost?

Core 2 (CACC2501) is enrolled as a CA Program subject, and the fee is set by CA ANZ each term in local currency. Check the official CA ANZ timetables, fees and enrolment page for the current Core 2 subject price.

Does Core 2 cover artificial intelligence and AI governance?

Yes. Core 2 explicitly addresses artificial intelligence concepts, AI governance and the responsible, ethical use of AI in accounting, alongside related technologies such as automation and blockchain and the data governance that supports trustworthy AI.

How can I prepare for CA ANZ Core 2 for free?

OpenExamPrep offers 100 free practice questions covering risk management frameworks, internal and IT controls, data governance, cybersecurity, and AI governance. They are designed as conceptual knowledge prep to reinforce Core 2 themes before your online assessments and assignment.

All Practice Exams

100+ Free CA ANZ Core 2: Risk, Technology and AI Practice Questions

CA Program Core 2: Risk, Technology and Artificial Intelligence (CACC2501) practice questions are available now; exam metadata is being verified.

✓ No registration✓ No credit card✓ No hidden fees✓ Start practicing immediately

Not published by CA ANZ Pass Rate

100+ Questions

100% Free

1 / 100

Question 1

Score: 0/0

Artificial intelligence is broadly defined as:

A type of spreadsheet macro

Any computer program that performs arithmetic

Computer systems that perform tasks normally requiring human intelligence, such as learning, reasoning and pattern recognition

A physical robot only, with no software component

to track

Same family resources

Explore More Chartered Accountants ANZ (CA ANZ)

Continue into nearby exams from the same family. Each card keeps practice questions, study guides, flashcards, videos, and articles in one place.

2026 Statistics

Key Facts: CA ANZ Core 2: Risk, Technology and AI Exam

CACC2501

Subject Code

CA ANZ Core 2 Course Description

~9 weeks

Study Period

CA ANZ CA Program

4 LOs

Learning Outcomes

CA ANZ Core 2 Course Description

COSO + ISO 31000

Risk Frameworks

CA ANZ Core 2 Course Description

100

Free Practice Questions

OpenExamPrep

Online

Delivery Mode

CA ANZ CA Program

CA ANZ Core 2: Risk, Technology and Artificial Intelligence (CACC2501) is an online Graduate Diploma of Chartered Accounting subject studied over about 9 weeks. It develops skills to recommend risk management strategies for financial and non-financial risks, evaluate and communicate data analyses, contribute to IT strategy with existing and emerging technologies (automation, blockchain, AI), and apply computational thinking and ethics. It is assessed via objective online quizzes plus a high-stakes assignment rather than one long case exam, so CA ANZ does not publish a fixed question count or raw pass mark. This free bank offers 100 conceptual practice questions across COSO ERM, ISO 31000, internal and IT controls, data governance, cybersecurity, and AI governance.

Sample CA ANZ Core 2: Risk, Technology and AI Practice Questions

Try these sample questions to test your CA ANZ Core 2: Risk, Technology and AI exam readiness. Each question includes a detailed explanation. Start the interactive quiz above for the full 100+ question experience with AI tutoring.

1Under the 2017 COSO Enterprise Risk Management framework, how many interrelated components organise the framework's principles?

A.Five components

B.Eight components

C.Twenty components

D.Three components

Explanation: The 2017 COSO ERM framework, 'Enterprise Risk Management — Integrating with Strategy and Performance', is structured into five interrelated components: Governance and Culture; Strategy and Objective-Setting; Performance; Review and Revision; and Information, Communication and Reporting. These five components contain 20 supporting principles.

2ISO 31000:2018 defines risk as the effect of uncertainty on objectives. Which statement best reflects this definition?

A.Risk is the probability of fraud occurring within an organisation

B.Risk is always a negative event that causes financial loss

C.Risk is a deviation from the expected, which can be positive, negative or both

D.Risk only exists where there is a regulatory requirement to report it

Explanation: ISO 31000:2018 frames risk as the 'effect of uncertainty on objectives', and an effect is a deviation from the expected that may be positive (opportunity), negative (threat), or both. This neutral definition lets organisations pursue upside as well as manage downside.

3An organisation maps its risk management process to ISO 31000:2018. Which step immediately follows risk analysis in the ISO 31000 risk assessment sequence?

A.Risk monitoring and review

B.Risk identification

C.Risk evaluation

D.Establishing the context

Explanation: ISO 31000 risk assessment comprises three sub-steps in order: risk identification, risk analysis, then risk evaluation. Evaluation compares the analysed level of risk against risk criteria to decide whether the risk and its treatment are acceptable.

4When responding to an identified risk, a business decides to exit the activity that generates the risk entirely. Which risk response does this represent?

A.Risk acceptance

B.Risk reduction (mitigation)

C.Risk avoidance

D.Risk sharing (transfer)

Explanation: Risk avoidance means deciding not to start or to discontinue the activity that gives rise to the risk, removing the exposure entirely. It is appropriate when the risk exceeds appetite and cannot be cost-effectively reduced or shared.

5A risk register records the level of risk remaining after controls have been applied. What is this remaining level of risk called?

A.Risk velocity

B.Inherent risk

C.Residual risk

D.Risk appetite

Explanation: Residual risk is the level of risk that remains after management has implemented risk responses and controls. It is compared against risk appetite to decide whether further treatment is required.

6The 'three lines model' (formerly three lines of defence), updated by the IIA in 2020, assigns roles for governing risk. Which group typically forms the SECOND line?

A.The external auditor expressing an opinion on the financial statements

B.Operational management that owns and manages risk

C.Risk management and compliance functions that monitor and challenge

D.Internal audit providing independent assurance

Explanation: In the three lines model, the second line comprises risk management, compliance and other oversight functions that provide expertise, support and monitoring, and challenge first-line risk ownership. The first line owns and manages risk; the third line (internal audit) gives independent assurance.

7A board sets a quantified maximum loss it is prepared to absorb on a specific transaction before escalation is required. This boundary is best described as the organisation's:

A.Risk culture

B.Risk maturity

C.Risk appetite statement

D.Risk tolerance

Explanation: Risk tolerance expresses the acceptable variation, often quantified, around specific objectives or risks before action is triggered. It operationalises the broader risk appetite into measurable thresholds and limits for particular activities.

8Which of the following is best classified as a NON-financial risk for a chartered accounting firm?

A.Liquidity shortfall from delayed client payments

B.Interest rate risk on a variable-rate loan

C.Foreign exchange exposure on overseas receivables

D.Reputational damage from a data breach

Explanation: Reputational risk is a non-financial (often strategic or operational) risk; it is not measured directly in monetary cash flows even though it can cause financial loss. The CA Program Core 2 subject explicitly addresses both financial and non-financial risks.

9A risk heat map plots risks using two primary dimensions. Which two dimensions are conventionally used?

A.Cost and benefit

B.Likelihood and consequence (impact)

C.Inherent and residual control

D.Strategic and operational classification

Explanation: A risk heat map (risk matrix) plots likelihood (probability) on one axis against consequence or impact on the other, producing a colour-coded view that helps prioritise risks by severity. Risks in the high-likelihood, high-impact zone receive priority treatment.

10Within COSO ERM (2017), which component is concerned with identifying, assessing and prioritising risks and selecting risk responses as the entity executes its strategy?

A.Governance and Culture

B.Strategy and Objective-Setting

C.Performance

D.Review and Revision

Explanation: The Performance component of COSO ERM 2017 covers identifying and assessing risks that may affect strategy and objectives, prioritising them by severity, selecting risk responses, and developing a portfolio view of risk. It is where day-to-day risk-and-performance management occurs.

About the CA ANZ Core 2: Risk, Technology and AI Practice Questions

Verified exam format metadata for CA Program Core 2: Risk, Technology and Artificial Intelligence (CACC2501) is pending. The practice questions above remain available while official exam length, timing, passing score, fee, and administrator details are reviewed.

100+ Free CA ANZ Core 2: Risk, Technology and AI Practice Questions

Explore More Chartered Accountants ANZ (CA ANZ)

CA Program — Core 1: Ethics and Sustainability (CA ANZ)

CA Program — Core 3: Financial Accounting and Reporting (FAR) (CA ANZ)

CA Program — Core 4: Tax (Australia) (CA ANZ)

CA Program — Core 4: Tax (New Zealand) (CA ANZ)

CA Program — Core 5: Strategy and Business Performance (CA ANZ)

CA Program — Elective: Advanced Tax (Australia) (CA ANZ)

Key Facts: CA ANZ Core 2: Risk, Technology and AI Exam

Sample CA ANZ Core 2: Risk, Technology and AI Practice Questions

About the CA ANZ Core 2: Risk, Technology and AI Practice Questions