Which of the following roles is BEST suited to help a risk practitioner understand the impact of IT-related events on business objectives?
Correct Answer: A
Section: Volume D Explanation
CRISC Exam Question 232
Which of the following is the MOST useful indicator to measure the efficiency of an identity and access management process?
Correct Answer: A
Section: Volume D Explanation/Reference:
CRISC Exam Question 233
Which of the following processes is described in the statement below? "It is the process of exchanging information and views about risks among stakeholders, such as groups, individuals, and institutions."
Correct Answer: D,E
is incorrect. Risk response is a process of deciding what measures should be taken to reduce threats and take advantage ofthe opportunities discovered during the risk analysis processes. This process also includes assigning departments or individual staff members the responsibility of carrying out the risk response plans and these folks are known as risk owners. The prioritization of the risk responses and development of the risk response plan is based on following parameters: Cost of the response to reduce risk within tolerance levels Importance of the risk Capability to implement the response Effectiveness and efficiency of the response Risk prioritization strategy is used to create a risk response plan and implementation schedule because all risk cannot be addressed at the same time. It may take considerable investment of time and resources to address all the risk identified in the risk analysis process. Risk with a greater likelihood and impact on the enterprise will prioritized above other risk that is considered less likely or lay less impact. Answer: A is incorrect. Risk governance is a systemic approach to decision making processes associated to natural and technological risks. It is based on the principles of cooperation, participation, mitigation and sustainability, and is adopted to achieve more effective risk management. It seeks to reduce risk exposure and vulnerability by filling gaps in risk policy, in order to avoid or reduce human and economic costs caused by disasters. Risk governance is a continuous life cycle that requires regular reporting and ongoing review. The risk governance function must oversee the operations of the risk management team. Answer: B is incorrect. The International Risk Governance Council (IRGC) is a self-governing organization whose principle is to facilitate the understanding and managing the rising overall risks that have impacts on the economy and society, human health and safety, the environment at large. IRGC's effort is to build and develop concepts of risk governance, predict main risk issues and present risk governance policy recommendations for the chief decision makers. IRGC mainly emphasizes on rising, universal risks for which governance deficits exist. Its goal is to present recommendations for how policy makers can correct them. IRGC models at constructing strong, integrative inter-disciplinary governance models for up-coming and existing risks.
CRISC Exam Question 234
A company has located its computer center on a moderate earthquake fault. Which of the following is the MOST important consideration when establishing a contingency plan and an alternate processing site?
Correct Answer: A
CRISC Exam Question 235
Which of the following is true for risk management frameworks, standards and practices? Each correct answer represents a part of the solution. Choose three.
Correct Answer: A,C,D
Explanation/Reference: Explanation: Frameworks, standards and practices are necessary as: They provide a systematic view of "things to be considered" that could harm clients or an enterprise. They act as a guide to focus efforts of variant teams. They save time and revenue, such as training costs, operational costs and performance improvement costs. They assist in achieving business objectives quickly and easily.
