The CRA Level 3 Examination — Non-Financial Risk Management & Analysis evaluates your ability to identify, assess, interpret, and manage non-financial risks in organizational settings. It is aligned to the advanced non-financial risk foundations covered in RAI202: Non-Financial Risk Analysis and Management.
The examination is structured across three super-sections covering foundational non-financial risk concepts and frameworks, specialized non-financial risk categories, and the application of non-financial risk management principles through practical cases.
This examination must be completed independently by the registered candidate. You are expected to rely solely on your own knowledge, analysis, and professional judgment when responding to all questions. Copying, sharing, or reproducing exam content is strictly prohibited. The exam is monitored using proctoring software that records activity, including screen interactions, navigation behavior, and session activity. Any irregular behavior or suspected misconduct may result in review and potential disqualification.
Candidates are expected to demonstrate both conceptual understanding and the ability to apply non-financial risk management principles to real organizational and strategic contexts. The examination assesses understanding of non-financial risk categories, legal and regulatory risk, operational risk frameworks, technology and cybersecurity risk, environmental and social risk, reputational risk, supply chain and vendor risk, and applied case-based judgment.
Foundations and Core Non-Financial Risk Domains
Specialized Non-Financial Risk Analysis
Applied Non-Financial Risk Management
This section assesses your understanding of the foundations of non-financial risk management and the core frameworks used to identify, assess, and manage these risks.
Candidates are expected to demonstrate strong understanding of the main categories of non-financial risk, the role of compliance and operational risk frameworks, and how these risks are integrated into sound organizational decision-making.
This section evaluates your ability to assess and manage major specialized categories of non-financial risk.
Candidates are expected to analyze a broad range of non-financial risks, understand their operational and strategic implications, and apply appropriate mitigation and monitoring techniques across different organizational contexts.
This section assesses your ability to apply non-financial risk management principles in practical settings.
Candidates are expected to demonstrate applied judgment, interpret case-based situations effectively, and show how non-financial risk principles can be translated into sound decisions, mitigation actions, and organizational resilience.
