100+ Free ORM Designation Practice Questions

Pass your PRMIA Operational Risk Manager Designation exam on the first try — instant access, no signup required.

✓ No registration✓ No credit card✓ No hidden fees✓ Start practicing immediately

Not published Pass Rate

100+ Questions

100% Free

1 / 100

Question 1

Score: 0/0

The PRMIA Operational Risk Manager (ORM) Designation differs from the ORM Certificate primarily because it requires:

Only a single multiple-choice exam

The ORM Certificate exam PLUS a Case Study Practicum (Part 2) and an experience requirement

An undergraduate degree in finance

Completion of the full PRM exam first

to track

Same family resources

More PRMIA Risk Certifications Prep

Continue through related practice pages, study guides, comparisons, and articles from the same exam family.

Practice Pages

PRM Professional Risk Manager Designation Practice100 questions PRMIA Associate PRM Certificate Practice100 questions PRMIA Credit and Counterparty Risk Management Certificate Practice100 questions PRMIA Market, Liquidity & ALM Risk Certificate (MLARM) Practice100 questions PRMIA Operational Risk Manager Certificate Practice100 questions

2026 Statistics

Key Facts: ORM Designation Exam

100 Qs

Practice Questions Available

OpenExamPrep

2 exams

Designation Components

PRMIA

50 Qs

Case Study Practicum Items

PRMIA (5 cases × 10 Qs)

60%

Passing Standard (scaled)

PRMIA

~$1,850

Combined Exam Fees

PRMIA (Cert + Practicum)

2022

Designation Introduced

PRMIA

The PRMIA ORM Designation is a two-part PRMIA credential layered on the ORM Certificate. Candidates pass (a) the ORM Certificate (~3-hour CBT covering Basel 7 event types, RCSA, KRIs, loss data, scenarios, SA-OR BIC × ILM, BCM and resilience) and (b) the Case Study Practicum Part 2 (50 questions across 5 case studies testing applied judgement, root-cause analysis and stakeholder communication). Combined fees run roughly $925 + $925 (PRMIA member discount available); passing standard is 60% scaled per PRMIA. 2026 exam windows run approximately Mar 7 – Jun 12, Jun 13 – Sep 4, and Sep 5 onward. Operational risk experience and sustaining PRMIA membership are required for award and maintenance.

Sample ORM Designation Practice Questions

Try these sample questions to test your ORM Designation exam readiness. Each question includes a detailed explanation. Start the interactive quiz above for the full 100+ question experience with AI tutoring.

1The PRMIA Operational Risk Manager (ORM) Designation differs from the ORM Certificate primarily because it requires:

A.Only a single multiple-choice exam

B.The ORM Certificate exam PLUS a Case Study Practicum (Part 2) and an experience requirement

C.An undergraduate degree in finance

D.Completion of the full PRM exam first

Explanation: The ORM Designation, introduced by PRMIA in 2022, layers on top of the ORM Certificate. Candidates must (1) pass the foundational ORM Certificate exam, (2) pass the Case Study Practicum Part 2 (50 test questions across five case studies), and (3) meet an operational risk experience requirement. Sustaining PRMIA membership is required for ongoing maintenance.

2Under the Basel framework, operational risk is defined as the risk of loss resulting from:

A.Adverse movements in interest rates, FX or equity prices

B.Inadequate or failed internal processes, people and systems or from external events

C.Counterparty default on contractual obligations

D.Inability to meet short-term funding requirements

Explanation: The Basel definition includes legal risk but explicitly excludes strategic and reputational risk. It is the cornerstone of operational risk taxonomy and underpins all Basel II/III/IV operational risk capital approaches.

3How many Level 1 operational risk event-type categories does Basel define?

A.5

B.6

C.7

D.8

Explanation: Basel II Annex 9 (carried forward) defines seven Level 1 event types: Internal Fraud; External Fraud; Employment Practices and Workplace Safety; Clients, Products and Business Practices; Damage to Physical Assets; Business Disruption and System Failures; and Execution, Delivery and Process Management.

4An external attacker breaches the bank's e-banking platform and steals customer funds via a credential-stuffing attack. Under Basel's Level 1 event-type taxonomy this loss is BEST classified as:

A.Business Disruption and System Failures

B.External Fraud

C.Clients, Products and Business Practices

D.Execution, Delivery and Process Management

Explanation: External Fraud covers losses due to acts intended to defraud, misappropriate property or circumvent the law by a third party. Cyber-enabled theft by external actors falls here even though IT systems are involved. The IT outage classification (BDSF) only applies if the loss arises from the disruption itself, not the theft.

5A trader deliberately falsifies position records to hide losses. This loss is classified under Basel's L1 taxonomy as:

A.External Fraud

B.Internal Fraud

C.Execution, Delivery and Process Management

D.Clients, Products and Business Practices

Explanation: Internal Fraud requires at least one internal party acting with intent to defraud, misappropriate or circumvent regulations. Unauthorised trading and rogue-trader cases (Barings, Société Générale, UBS) sit in this category.

6A class-action alleges the bank systematically mis-sold a structured product without proper risk disclosure. Under Basel taxonomy this is:

A.Internal Fraud

B.Clients, Products and Business Practices (CPBP)

C.Execution, Delivery and Process Management

D.Damage to Physical Assets

Explanation: CPBP captures losses from negligent or unintentional failure to meet a professional obligation to clients, or from product design. Mis-selling, suitability failures, market manipulation and antitrust violations all sit here. Industry data (ORX) shows CPBP is typically the largest category by total loss value.

7A flood destroys the bank's primary data centre. Under the Basel taxonomy, the PRIMARY classification is:

A.Business Disruption and System Failures

B.Damage to Physical Assets

C.External Fraud

D.Execution, Delivery and Process Management

Explanation: Damage to Physical Assets is the correct primary classification because the loss arises from physical destruction caused by a natural disaster. Any downstream system unavailability is a consequence — not the primary event. PRMIA emphasises classifying by ROOT cause/event rather than by downstream effect.

8An operations clerk enters a payment with the wrong amount and the bank refunds the customer. Under Basel taxonomy this loss is classified as:

A.Internal Fraud

B.Execution, Delivery and Process Management (EDPM)

C.Clients, Products and Business Practices

D.Business Disruption and System Failures

Explanation: EDPM captures losses from failed transaction processing or process management, including data-entry errors, failed mandatory reporting, settlement failures and miscommunication. Industry data (ORX) consistently shows EDPM has the HIGHEST frequency among the seven L1 categories.

9An employee files a discrimination lawsuit and the bank settles. Under Basel taxonomy this is classified as:

A.Employment Practices and Workplace Safety (EPWS)

B.Internal Fraud

C.Clients, Products and Business Practices

D.Execution, Delivery and Process Management

Explanation: EPWS covers losses from acts inconsistent with employment, health or safety laws and from personal-injury claims, discrimination, harassment or wrongful termination. This is one of the seven Basel L1 event types.

10Which BEST describes the relationship between operational risk and reputational risk under Basel?

A.Reputational risk is the eighth Basel L1 OR event type

B.Reputational risk is excluded from the Basel definition of OR but is frequently a downstream consequence of operational events

C.Reputational risk replaces OR for systemic banks

D.Reputational risk and OR are unrelated

Explanation: Basel explicitly excludes reputational and strategic risk from the Pillar 1 OR definition. However, reputational damage is often a major CONSEQUENCE of OR events (rogue trading, AML failures, cyber breaches) and is managed alongside OR through governance, ICAAP and Pillar 2.

About the ORM Designation Exam

The PRMIA Operational Risk Manager (ORM) Designation, introduced in 2022, is a two-part credential that goes beyond the standalone ORM Certificate. To earn the Designation, candidates pass (1) the foundational ORM Certificate exam covering Basel risk taxonomy, RCSA, KRIs, loss data, scenario analysis, SA-OR capital, BCM and operational resilience, and (2) the Case Study Practicum Part 2 — 50 multiple-choice questions across 5 integrated case studies that test applied OR judgement and stakeholder communication. Candidates must also meet an operational risk experience requirement and maintain sustaining PRMIA membership.

Questions

100 scored questions

Time Limit

ORM Certificate (~3 hrs CBT) + Case Study Practicum Part 2 (50 Qs × 5 case studies)

Passing Score

60% scaled

Exam Fee

Certificate ~$925 + Designation Case Study Practicum ~$925 (PRMIA)

ORM Designation Exam Content Outline

20%

Risk Taxonomy and Frameworks

Basel OR definition, seven L1 event types, COSO ERM, ISO 31000, BCBS PSMOR (2021), risk appetite vs tolerance, risk culture and the FSB four drivers.

20%

Risk Identification and Assessment (RCSA, Risk Maps, KRIs)

RCSA process, inherent vs residual risk, top-down vs bottom-up, heat maps, KRIs vs KCIs, leading vs lagging, threshold and escalation governance, near misses.

10%

Loss Event Data and External Loss Data

Internal LDC fields, ORX consortium, FIRST public-source data, scaling external data, de-minimis thresholds, boundary events with credit and market risk.

15%

Operational Risk Measurement (LDA, Scenario Analysis, Capital)

Loss Distribution Approach (Poisson × lognormal/Pareto/GPD), Monte Carlo, EVT POT, 99.9% one-year capital, Basel SA-OR BIC × ILM, EU CRR3 ILM = 1, AMA four data elements, scenario workshops.

15%

Risk Treatment and Controls (3 Lines, BCM, Insurance)

Three Lines of Defence and IIA 2020 model, preventive/detective/corrective controls, BCM (BIA, RTO, RPO, MTO), BCBS POR impact tolerances, DORA five pillars, ISO 22301/27001, NIST CSF 2.0, third-party risk (OCC 2013-29, FFIEC, EBA outsourcing), insurance (BPL, D&O, Cyber, Crime; 20% Basel cap), GRC and model risk (SR 11-7).

10%

Root Cause Analysis and Corrective Actions

5 Whys, Ishikawa fishbone, fault-tree analysis, bow-tie analysis, Pareto, SMART action plans, ownership, target date, validation evidence and lessons-learned discipline.

Communication, Reporting and Stakeholder Management

Board reporting, integrated risk profile, stakeholder mapping (internal and external), incident communication and DORA reporting timelines, BLUF-style escalation.

PRMIA Standards and Code of Conduct

PRMIA Standards (integrity, objectivity, competence, confidentiality), conflicts-of-interest disclosure, whistleblowing, sustaining membership and CPD, Designation structure, exam windows.

How to Pass the ORM Designation Exam

What You Need to Know

Passing score: 60% scaled
Exam length: 100 questions
Time limit: ORM Certificate (~3 hrs CBT) + Case Study Practicum Part 2 (50 Qs × 5 case studies)
Exam fee: Certificate ~$925 + Designation Case Study Practicum ~$925

Keys to Passing

Complete 500+ practice questions
Score 80%+ consistently before scheduling
Focus on highest-weighted sections
Use our AI tutor for tough concepts

ORM Designation Study Tips from Top Performers

1Master the Basel definition word-for-word and be able to map any scenario to one of the seven L1 event types (especially boundary cases like cyber theft = External Fraud, mis-selling = CPBP, data-centre flood = Damage to Physical Assets, rogue trader = Internal Fraud)

2Drill SA-OR cold: BIC marginal coefficients 12% / 15% / 18%; LC = 15 × 10-year average losses ≥ $20k; ILM = ln(exp(1) − 1 + (LC/BIC)^0.8); EU CRR3 sets ILM = 1

3For the Case Study Practicum, practise reading a 1-2 page case quickly and answering integrated questions on RCSA, KRIs, loss capture, root cause and communication — exam pace matters as much as content

4Distinguish KRIs (forward-looking, predictive risk metrics) from KCIs (control performance) and know what good KRI governance looks like (definition, owner, threshold, escalation, frequency)

5Know the operational resilience stack — BCBS POR (March 2021), UK PRA SS1/21, DORA five pillars (applicable 17 January 2025), ISO 22301/27001, NIST CSF 2.0 (Govern is the 6th function added in 2024)

Frequently Asked Questions

What is the difference between the PRMIA ORM Certificate and the PRMIA ORM Designation?

The ORM Certificate is a single-exam, foundational credential covering operational risk fundamentals. The ORM Designation, introduced by PRMIA in 2022, layers on top: candidates must (1) pass the ORM Certificate exam, (2) pass the Case Study Practicum Part 2 (50 questions across five integrated case studies testing applied judgement), and (3) meet an operational risk experience requirement. The Designation also requires sustaining PRMIA membership and continuing professional development for maintenance.

What is the format of the Case Study Practicum Part 2?

The ORM Case Study Practicum Part 2 is a computer-based exam built around five case studies, each followed by approximately ten multiple-choice questions, for a total of 50 scored items (additional unscored pre-test items may appear in some sittings). Each case integrates multiple ORM topics — risk identification, RCSA, loss data, scenario analysis, controls, root-cause analysis and stakeholder communication — and tests applied judgement rather than rote recall.

How much does the PRMIA ORM Designation cost?

PRMIA charges separately for each component of the Designation: approximately $925 for the ORM Certificate exam and approximately $925 for the Designation Case Study Practicum. Combined, candidates should budget around $1,850 plus any retake or PRMIA membership fees. PRMIA members receive discounts; sustaining PRMIA membership is required for ongoing award.

What does the ORM Designation cover?

The Designation curriculum mirrors the ORM Certificate body of knowledge — risk taxonomy and frameworks (~20%), risk identification and assessment via RCSA, risk maps and KRIs (~20%), loss event data including ORX (~10%), risk measurement including LDA, scenario analysis and Basel SA-OR (BIC × ILM) (~15%), risk treatment and controls including the three lines, BCM and insurance (~15%), root cause analysis and corrective actions (~10%), communication, reporting and stakeholder management (~5%), and PRMIA Standards and Code of Conduct (~5%) — but tests integrated application through the Case Study Practicum Part 2.

When can I sit the 2026 PRMIA ORM exams?

PRMIA's 2026 exam calendar offers multiple long testing windows across the year. Approximate window boundaries are 7 March – 12 June, 13 June – 4 September, and 5 September onward. Within each window candidates schedule their online-proctored sitting flexibly. Exact dates are confirmed on the PRMIA ORM Designation page when you register.

Is operational risk experience required for the ORM Designation?

Yes. Beyond passing both exams, the ORM Designation requires candidates to demonstrate relevant operational risk experience consistent with PRMIA's published criteria for the credential. Candidates also commit to sustaining PRMIA membership in good standing and to continuing professional development. The experience and membership components distinguish the Designation from the Certificate-only credential.