CIPS LEVEL 5 – ADVANCED DIPLOMA IN PROCUREMENT AND SUPPLY

MANAGING SUPPLY CHAIN RISK [L5M2]

OBJECTIVE RESPONSE

Q1Which of the following is an example of an operational risk?

a. Unexpected interest costs.
b. Internal technology failure.
c. Increased competitor activities.
d. Fluctuating exchange rates

Q2The Sarbanes-Oxley regulations are mostly focused on:

1. Investor protection
2. Product quality
3. Clear commercial advertising
4. Corporate financial disclosure
a. 2 and 3 only
b. 1 and 2 only
c. 3 and 4 only
d. 1 and 4 only
Q3. A supplier's terms and conditions include provision in respect of tsunami, earthquakes and
volcanic eruption. This type of provision is known as …
A. a liquidated damages clause
B. an exclusion clause
C. an indemnity clause
D. an insurance provision clause

Q4. An uncertain event or condition that, if it occurs, has a positive or negative effect on one or more
projects objectives is called:
A. An issue
B. A risk
C. An uncertainty
D. A sponsor

Q5. ManCo Inc is a global manufacturing organisation. It has a highly integrated supply chain. All
parties are interconnected with the result that data availability and transparency are high. Its CPO
however is concerned about technological risk. Which of the following is such a risk for ManCo?
a. Cyber crime
b. Global economics
c. Labour standards
d. Economic uncertainty

Q6. A document you use to capture all known risks is called:

A. Risk Log

B. Risk Register

C. Risk List

D. Risk Diary

Q7. Product Manufacturing Group (PMG) is UK based and has just started sourcing materials from
Europe and has to pay its supplier in Euros. This is PMG's first exposure to Euro denominated
payments. It does however sell its products into European markets and has Euro receivables. Which of
the following will be the most appropriate for PMG to manage its Euro currency risk exposure?

A. Forward contract

B. Swap

C. Currency account

D. Option
Q8. On a Friday evening John (your best engineer in the team) comes to you and says he quits. You
have two weeks to find a substitution. What would reduce the chances of such an event? Why?

A. Regular one-on-ones with John

B. Comprehensive professional development plan

C. The highest salary in the team

D. More responsibility

Q9. Dick Group Chemicals (DGC) is conducting a review of its key contracts, part of which involves
a detailed risk assessment of supplier and supply chain risks in respect of a number of its most
important products. DGC’s CPO is anxious to ensure that changes in DGC’s external environment are
closely monitored and any risks arising from the changes are acted on accordingly. The findings in
respect of DGC’s top five products are:

Product 1 – Most significant exposure is to exchange rate fluctuations. Recommended that currency
options are used.

Product 2 – The countries where the product is used have changing population age profiles which
could impact on demand. However, this is not a significant risk so the recommendation is to do
nothing at this stage.

Product 3 – We have been aware of previous mistreatment of workers within the supply chain.
Despite our best efforts this does not seem to have been resolved, the supplier has been informed that
the contract will be ended and the contingency supplier used given their track record of impeccable
conduct.

Product 4 – Local government interference has been a problem on this contract. Third party
guarantees are to be taken to help manage the risk.

For each of the products, you are required to match the external factors with the risk action taken.
Choose from these options and drag and drop your answers into the table below. [8]

You can only use each option once.

External factor Risk Management

Demographic Terminate
Economic Tolerate
Ethical Transfer
Political Treat

Product External factor Risk Management

1
2
3
4
Q10. Which of the following are potential risks that are directly associated with a company's brand?
1. Marketing
2. Reputation
3. Positioning
4. Support
a. 1 and 2 only
b. 2 and 3 only
c. 3 and 4 only
d. 1 and 4 only

Q11. A process that involves prioritizing risks for further action or analysis by assessing the impact
and the probability of occurrence is called

A. Risk Analysis

B. Risk Brainstorming

C. Risk identification

D. Risk appetite

Q12. Is it usual to encourage whistle-blowing amongst employees working in the supply chain if they
suspect unethical behaviour in the supply chain?
a. Yes, because these staff are more likely to be aware of such malpractices
b. Yes, because they will always know if there is unethical behaviour
c. No, because there is usually no means of them doing so confidentially
d. No, because in many countries this will be illegal as it is confidential information

Q13. During the Qualitative Risk Analysis, you assess Impact and Probability of a risk using simple
grades like Low, Medium, High.

When do you perform Risk Identification?

A. At the beginning of a project.

B. During project planning.

C. During the whole lifetime of a project.

D. During project execution.

Q14. As a part of your project, you need to organize a conference. You learn that in the place that you
rented there’s a 70% chance of a tropical storm on the selected dates. How should you handle such
risk?

A. Change the location of the conference.

B. Buy insurance to cover possible damage.

C. Book another place nearby to mitigate the risk of the first location unavailable due to the storm.

D. Inform all participants of the possible storm.

Q15. A procurement manager is responsible for a high-risk and medium-value contract for which the
procurement organisation is critically dependent on the supplier. The procurement manager has
instructed the supplier to submit a disaster recovery plan. Is this action appropriate?

A. Yes - disaster recovery plans should be a standard requirement for all suppliers on all contracts

B. No - the procurement manager is responsible for creating the disaster recovery plan

C. No - disaster recovery planning is only required on high-risk and high-value contracts

D. Yes - the plan will show how the supplier will continue to operate and deliver the service in a
disaster situation

Q16. Who should be involved in Risk Management activities?

A. Only Project Team.

B. Only Project Manager.

C. As many stakeholders as practical.

D. All stakeholder except clients.

Q17. Recognised risk management strategies to mitigate risks include which of the following? Select
TWO that apply.

A. Treat

B. Trust

C. Translate

D. Test

E. Transfer
Q18. You acquired an expensive piece of equipment for your project. It is know to be sensitive and
fragile in work. Several tasks that require this equipment are on a critical path. What’s the BEST
action you can do to improve project’s chances for success?

A. Buy insurance to cover the costs of repairs.

B. Hire a technical support team to quickly fix the equipment if needed.

C. Find a good expert to operate the equipment.

D. There’s nothing you can do.

Q19. Which of the following are types of intellectual property protection?

1. Indemnity.
2. Warranty.
3. Copyright.
4. Trademark.

A. 1 and 2.

B. 2 and 4.

C. 3 and 1.

D. 3 and 4.

Q20. You are on the call with clients. They say the vendor team they hired to create designs is behind
schedule. What should you do?

A. State that your project is also behind the schedule because of it.

B. Log the risk into Risk Register to assess impact.

C. Do nothing. It’s not your problem.

D. Contact the vendor to help them out.

Q21. The principle of ‘utmost good faith’ lies at the heart of contracts for the provision of insurance.
Is this correct?

A. No, caveat emptor is the fundamental principle of all insurance related contracts.

B. Yes, it places the burden of responsibility on the insurance company to check the facts.

C. No, it is always assumed that there are no material facts unless they are expressly stated.

D. Yes, all relevant information must be fully disclosed otherwise the insurance will be void.
Q22. After you performed Qualitative Risk Analysis you need to create:

A. A prioritized list of risks.

B. List of risk for additional analysis and investigation.

C. List of urgent risks

D. Watch list

E. All the above

Q23. Unforeseen events that arise during a contract will be treated as ‘force majeure’ and all parties
will be excluded from liability. Is this correct?

A. Yes, but only if the event is genuinely beyond the control of one or all of the parties.

B. No, a contract is legally binding and the parties cannot be excluded from any liability.

C. Yes, it is not possible for liability to arise for any party if something unexpected happens.

D. No, it is not possible to exclude responsibility for liability that might arise under a contract.

Q24. The conventional methodology for assessing risks involves the evaluation of which of the
following? Select TWO that apply.

A. Contingency.

B. Responsibility.

C. Probability.

D. Recovery.

E. Impact.

F. Accountability

Q25. After reviewing Risk Register you see two critical risks that you anticipate during the next week.
What should you do with this knowledge?

A. Do nothing. Your Risk Register is shared with the team and stakeholders.

B. Reach out to the stakeholders and the responsible person with a reminder.
Q26. "A network of manufacturers and service providers that work together to convert and move
goods from the raw materials stage through to the end user" is the definition of

A. Supply chain.

B. Operations management.

C. Service operations.

D. Operations function.

Q27. Major International Manufacturing (MIM) has a strict risk management policy, requiring all
risks to be fully evaluated and appropriate action taken. A recent example was a risk that for which
MIM was able to take out insurance to provide full protection. Another risk arose because a trusted
supplier had short-term performance issues. MIMG was comfortable accepting this risk as the
supplier was aware of the issue and had promised it was now resolved. MIM’s approaches to dealing
with these two risks can be best described as which of the following?

1. Terminate.
2. Tolerate.
3. Transfer.
4. Treat.

A. 1 and 2.

B. 2 and 3.

C. 3 and 4.

D. 4 and 1

Q28. Which of these is NOT a flow that moves up and down the supply chain?

A. Procedural

B. Monetary

C. Information

D. Physical
Q29. Green Power Group (GPG) manufactures different types of wind turbines and solar panels. A
number of changes in GPG’s external environment have been identified as creating potential risks.
GPG has a risk framework which sets out its policy for responding to such risks. Relevant information
is as follows:-

Risk 1 – Extreme volatility in USD currency rates, against other major currencies, has had an impact
on GPG’s costs. The risk has a medium to high rating (probability/impact). In accordance with the
GPG risk framework, the risk is too great to be ignored and so a detailed plan with specific actions of
mitigation is being implemented.

Risk 2 – Recent changes in demographics indicate potential future changes in consumer spending
patterns which might impact on the pricing of GPG’s products. The risk has been assessed as very low
(probability/impact). The risk has been noted in the GPG risk register, but no further action is required
apart from monitoring the situation annually.

Risk 3 – Due to pressure from lobby groups, GPG has changed its sourcing strategy to ensure that all
components are compatible with its sustainability policy. To accommodate its requirements GPG has
started using some new suppliers which has created additional transit and storage risks, for which
GPG has taken out insurance cover from a third-party specialist provider.

Risk 4 – Systems developments are now facilitating end-to-end supply chain integration. GPG is
under pressure to achieve such integration so it does not fall behind its rivals. However, not all GPG
suppliers have compatible systems. This has been recognised as a potential risk for GPG and the
impact is potentially very significant as the board considers GPG’s survival is dependent on full
systems integration. The board has already decided that any suppliers which are unable to comply
with GPG’s requirements will have to be replaced.

You are required, for each risk, to determine the relevant external factor and the most appropriate risk
response.

You can only use each option once.

Response External factor

Terminate Economic
Treat Technology
Transfer Social
Tolerate Environmental

Risk Response External Factor

1
2
3
4

Q30. Purchasing insurance is a technique used to

A. Treat
B. Transfer
C. Tolerate
D. Terminate
Q31. Which of the following are areas of potential technology risk for a procurement organisation?
1. Cyber-crime.
2. Cargo theft.
3. Ransomware attack.
4. Under-investment.

A. 1 and 2.

B. 2 and 4.

C. 3 and 1.

D. 3 and 4.

Q32. Dr Dick decided to stop practising when malpractice insurance premiums became too high for
him to afford. He is managing risk by

A. Transferring
B. Tolerating
C. Terminating
D. Treating

Q33. A fire at the depot of a transport company destroys its vehicle fleet. It is insured and so in time
the vehicles can be replaced. However, in the short-term it cannot fulfil customer orders and so loses
business. This loss of business is known as which of the following?

A. Consequential loss.

B. Direct loss.

C. Positive loss.

D. Reputational loss.

Q34. Software Development Inc (SDI) develops and markets a range of business applications and
products. It has its own product development resource but also uses external contractors where
expertise is not available in house. SDI is just about to start working with a small organisation called
XNX Developers (XNX) on a highly secret new development currently known as Project Y. SDI and
XNX have worked together successfully in the past. Ultimately, when the development is completed,
SDI will pay XNX a one-off fee for exclusive and full ownership of Project Y.

XNX is happy with this arrangement as it needs an injection of funds to support the development of
its own product range and bank finance is not available. SDI and XNX have also reached agreement
on XNX’s acceptance to compensate SDI for potential future liability on Project Y in respect of the
development work it has undertaken.

Based on the information provided, which of the following clauses will be a priority for SDI to
include in the contract to address its specific needs?
 1. Intellectual property rights
2. Force majeure
3. Jurisdiction
4. Indemnity

A. 1 and 2 only

B. 2 and 3 only

C. 3 and 4 only

D. 1 and 4 only

35. Which of the following are regarded as core international labour standards?

1. Freedom from casual labour

2. Freedom from untrained labour

3. Freedom from forced labour

4. Freedom from discrimination

A. 1 and 2

B. only 2
C. 2 and 3
D. only 3
E. 3 and 4
F. only 1
G. 1 and 4

36. ISO20400 __________ the UN guiding principles,ISO26000-social responsibility, ISO31000

Risk management and ISO14001 for environmental management

A. Replaces

B. Supersedes

C. Complements

D. Clarifies
37. Which of the following are methods of reducing risk from adverse currency movements select all
that apply?

1. Use own currency

2. Use suppliers currency
3. Fix the currency rate
4. Buy ‘spot’.
5. Use a forward exchange contract
6. Examine supplier’s liquidity ratios
7. Use a letter of credit
8. Aim to match geographical profile of customer sales with supplier’s purchases
9. Use a bill of exchange

38. The ETI base code is based around the priciples of the ILO core labour conventions

A. True
B. False

40. "The system by which companies are directed and controlled is a definition of?
A. Corporate Governance
B. Ethical Standards
C. The law
D. Organisational Structure

41. Risk -According to ISO 31000, risk is the “effect of uncertainty on __________

A. Outcomes

B. Objectives

C. Outputs

E. Organisations
42. To understand a suppliers financial position buying organisations should focus upon

A. Cash flow-suppliers ability to meet short term debt

B. Gearing- amount of long term debt

C. Profitability ratios

D. All the above

43. “Sustainable development is development that meets the ______ of the present without
compromising the ability of future generations to meet their own needs”

A. Wants

B. Needs

C. Requirements

D. Obligations

44. The seven core subjects and issues pertaining to social responsibility referred to in ISO26000 and
ISO20400 are :
a. Quality management
b. Customer Service
c. Organizational governance
d. Human rights
e. Working Hours
f. Labour practices
g. The environment
h. Fair operating practices
i. Consumer issues
j. Reverse Logistics
k. Life cycle costing
l. Community involvement and development
m. Transparency
45. Replacing damaged/faulty products and materials would be classed as:

A. Indirect loss

B. Product loss

C. Direct loss

D. Product liability claim

46. Product Manufacturing Group (PMG) is UK based and has just started sourcing materials from
Europe and has to pay its supplier in Euros. This is PMG's first exposure to Euro denominated
payments. It does however sell its products into European markets and has Euro receivables. Which of
the following will be the most appropriate for PMG to manage its Euro currency risk exposure?
A. Forward contract
B. Swap
C. Currency account
D. Option

47. The amount of risk that an organisation is prepared to accept, tolerate, or be exposed to at any
point in time.

A. Risk Tolerance

B. Risk Culture

C. Risk Impact

D. Risk Appetite

48. The Sarbanes-Oxley regulations are mostly focused on:

1. Investor protection

2. Product quality

3. Clear commercial advertising

4. Corporate financial disclosure

A. 2 and 3 only

B. 1 and 2 only

C. 3 and 4 only

D. 1 and 4 only
49. According to ethical labour standards such as SA8000 the normal workweek shall not on a regular
basis exceed:

A. 40 hours

B. 48 hours

C. 50 hours

D. 60 hours

50. The ETI base code has

A. 6 provisions

B. 7 provisions

C. 8 provisions

D. 9 provisions

51. The system by which companies are directed and controlled is…..

A. Corporate management

B. Corporate leadership

B. Corporate strategy

D. Corporate governance

52. One of the benefits of using NEC standard contracts is:

A. No training is required to use them.

B. They are written in the present tense in plain English

C. No need for bespoke amendments

D. Variations to price and delivery are not required

53. A disadvantage of using standard form contracts is that:

A. Suppliers are given advantageous terms

B. There may be training costs

C. Increases the time and cost in contract development

D. Less likely to contain the correct legal terminology without recourse to third party experts.

54. The legal principle of utmost good faith means:

A. Both parties trust each other
B. Both parties have complete faith in each other
C. Both parties must be accurate and fully disclose all information
D. The insured can rely on the insurance company to pay any claim

55. What risk is managed by having an inspection clause prior to acceptance?

A. Intellectual property infringement

B. Product defect

C. Financial failure

D. Late delivery

56. A claims adjuster will:

A. Help the insured claim what is due

B. Limit the liability of the insurance company

C. Determines the insurance premium

D. Review a claim and whether it is valid

57. In an NEC contract if an event occurs that the contractor considers to be a compensation event,
they must then

A. Send a quotation to the project manager within 3 weeks

B. Notify the project manager within 8 weeks of becoming aware of the event

C. Cease work until the claim is agreed

D. Change the risk register

58. Indemnity clauses

A. Are a way of transferring risk

B. Are a form of insurance

C. Have defined liquidate damages

D. Have no monetary limit

59. Compensation events in NEC contracts will result in additional payment being made to the
contractor.
A. Yes but only in exceptional circumstances
B. No only the date is adjusted
C. Yes but may also result in adjustment of the completion date or key dates.
D. No - a new contract is agreed

60. What is a primary benefit of a commercial customer self-insuring a risk?

A. Claims costs will reduce.

B. Controllability of risk will increase.

C. Its short-term cash-flow position is likely to improve.

D. Staff training requirements will decrease.

61. An organisation will typically find that their insurance arrangements will exclude cover for

A. consequential losses following natural disasters.

B. Credit risks.

C. Product liability claims.

D. The value of their computerised database

62. A loss assessor:

A. Can negotiate and settle the claim on your behalf

B. Is employed by the insurance company to settle the claim

C. Is the person who decides the initial insurance premium?

D. Is the broker or agent through which the policy is held

63. The RTO in business continuity planning is;

A. Recovery Time Objective

B. Required Time Outage

C. Response Time Objective

D. Recovery Target Outage

64. Which FIVE of the following are legal principles of insurance?

A. Proximate causa

B. Full cost of new replacement

C. Insurable Interest

D. Utmost good faith

E. Quantum merit

F. Caveat Emptor

G. Mitigation

H. Insurable interest

65. An underwriter will:

A. Help the insured claim what is due
B. Limit the liability of the insurance company
C. Determines the insurance premium
D. Review a claim and whether it is valid

66. Stakeholder salience model builds upon the mendelow matrix by considering:

A. Power, urgency & dynamism

B. Influence, urgency & legitimacy

C. Power urgency legitimacy

D. Influence, dynamism & legitimacy

67. To be successful BCM has to become part of the ______ of your organisation. This can be
achieved through a combination of awareness raising and training.

A. Strategy

B. Policy

C. Culture

D. Structure
68. Subjective measures to rate risk are;

A. Factual

B. Reliable

C. Opinions

D. Quantitative

69. As part of an organisation’s risk management process, when considering risk and uncertainty, the
risk team must be aware that

A. risk assessment is the sole method of reducing uncertainty.

B. risk can apply to both opportunities and threats to the organisation.

C. uncertainty should always be considered completely separately from risk.

D. uncertainty should only be considered when reviewing long-term objectives.

70. Having a plan so that your organisation can continue to function with as little disruption as
possible is:

A. Disaster recovery planning

B. Contingency planning

C. Business Continuity planning

D. Disruption planning

71. Risk assessment consists of: 1 point

Identifying the risk, analysing the risk and then_______
A. Risk Options
B. Risk Evaluation
C. Risk treatment
D. Risk Quantification
72. An important part of Business continuity management is establishing the

A. RPP and RTO

B. RPO and RTT

C. RPO and RTO

D. WRT and RTT

73. One of the primary reasons that an organisation should monitor and regularly review its risk
management process is to

A. consider whether lessons could be learned for future management of risks.

B. ensure that all significant risks are eliminated immediately.

C. evidence that all risks are measured in financial terms only.

D. evidence that an internationally-recognised framework is followed at all times

74. In the normal distribution with mean m and a standard deviation S:

A. 99.7% of the observations fall within 1 std. dev. either side of the mean m.

B. 99.7% of the observations fall within 2 std. dev. either side of the mean m.

C. 99.7% of the observations fall within 3 std. dev. either side of the mean m

D. 99.7% of the observations fall within 6 std. dev. either side of the mean m

75. Which of the following is NOT a typical event requiring disaster recovery:
A. Fire
B. Floods
C. Earthquakes
D. Supplier Failure
E. Cyber attacks
F. Power Outages
G. Geopolitical events
76. The ISO 31000 standard separates risk management areas into

A. frameworks, processes and audit.

B. principles, frameworks and compliance.

C. principles, frameworks and processes.

D. principles, processes and compliance.

77. A risk register has been produced for a large engineering company. What is a key difficulty of
such a register?

A. It is impossible to update it on a regular basis.

B. It is likely to list only a very small number of risks.

C. It may fail to take account of correlations between risks.

D. Stakeholders must be consulted upon all risk management decisions

78. Risk management aims to:

A. Eliminate all risks

B. Avoid risks

C. Manage risks to an acceptable level

D. Transfer risk to suppliers

79. Recognised risk management strategies to mitigate risks include which of the following? Select
TWO that apply.
A. Treat
B. Trust
C. Take
D. Transfer
E. Test
80. If an organisation takes out an insurance policy to cover a supply risk- this is what type of risk
strategy?
A. Tolerate
B. Take
C. Transfer
D. Treat
E. Terminate

81. The THREE phases of a business contingency plan – select all THREE that apply
A. Risk identification
B. Business Impact plan
C. Incident response
D. Disaster recovery plan
E. Risk Treatment
F. Business Continuity plan

82. Which of the following is true about the concept of ‘normal distribution’? Select THREE that
apply.

A. It is based on probability.

B. It is depicted as a straight line.

C. The values are evenly distributed.

D. It is symmetric in shape.

E. It shows the variation in extreme points.

F. Most values are around the mean.

83. Which of the following are types of direct loss? Select TWO that apply

A. Stock burnt in fire

B. Reputational damage

C. Loss of future customers

D. Loss of sales

E. Damage to assets
84. Which of the following is an example of a supply chain’s internal risk?
A. Breakdown of information and communications technology (ICT)
B. New entrants to the market increasing the intense of industrial competition
C. Political threats and imbalances
D. Change of legislation and regulations

85. Which of the following are the correct characteristics of an indirect loss?
1. Indirect loss cannot be easily quantified
2. Indirect loss can be easily documented
3. Indirect loss is difficult to insure against
4. Indirect loss requires a lot of money to insure

A. 2 and 4
B. 1 and 3
C. 2 and 3
D. 1 and 4

86. A fire at the depot of a transport company destroys its vehicle fleet. It is insured and so in time the
vehicles can be replaced. However, in the short term it cannot fulfill its customer orders and so losses
business. This loss of business is known as which of the following?

A. Direct loss
B. Positive loss
C. Standard loss
D. Consequential loss

87. Which of the following is a sustainable procurement standard?

A. ISO 14001
B. ISO 9000
C. ISO 31000
D. ISO 20400
88. A risk associated with brand is likely to affect which of the following for an organization?

A. Positioning
B. Compliance
C. Competitors
D. Assets

89. Which of the following ratios assess the supplier’s financial risk determining the supplier’s ability
to meet its short term liabilities using its current assets?
1. Profitability ratios
2. Acid test ratio
3. Gearing ratio
4. Current ratio

A. 1 and 4
B. 2 and 4
C. 2 and 3
D. 1 and 3

90. Is it good to encourage whistle blowing amongst employees working in the supply chain if they
suspect unethical behavior in the supply chain?
A. No because in many countries this will be illegal as it is confidential information
B. Yes because they will always know if there is unethical behavior
C. No because there is usually no means of them doing so confidentially
D. Yes because these staff are more likely to be aware of such malpractices