A.reflect the results of risk assessments.

B.effectively support a business maturity model.

C.be available to operational groups.

D.be reviewed by the IT steering committee.

A.residual risk and cost of control.

B.risk appetite and control efficiency.

C.inherent risk and control effectiveness.

D.risk tolerance and control complexity.

A.To identify dependencies for reporting risk

B.To enable consistent data on risk to be obtained

C.To provide consistent and clear terminology

D.To allow for proper review of risk tolerance

A.evaluate whether selected controls are still appropriate.

B.implement the planned controls and accept the remaining risk.

C.suspend the current action plan in order to reassess the risk.

D.revise the action plan to include additional mitigating controls.

A.Establishing a disaster recovery plan (DRP)

B.Establishing recovery time objectives (RTOs)

C.Maintaining a current list of staff contact delays

D.Maintaining a risk register