Which of the following is the GREATEST advantage of implementing a risk management program?
Correct Answer: A
Section: Volume D
CRISC Exam Question 57
While considering entity-based risks, which dimension of the COSO ERM framework is being referred?
Correct Answer: A
Section: Volume C Explanation Explanation: The organizational levels of the COSO ERM framework describe the subsidiary, business unit, division, and entity-levels of aspects of risk solutions. Incorrect Answers: B: Risk components includes Internal Environment, Objectives settings, Event identification, Risk assessment, Risk response, Control activities, Information and communication, and monitoring. C: Strategic objectives includes strategic, operational, reporting, and compliance risks; and not entity-based risks. D: This is not a valid answer.
CRISC Exam Question 58
Which of the following is true for risk evaluation?
Correct Answer: C
Explanation/Reference: Explanation: Due to the reason that risk is constantly changing, it is being evaluated annually or when there is significant change. This gives best alternative as it takes into consideration a reasonable time frame of one year, and meanwhile it also addresses significant changes (if any). Incorrect Answers: A: Evaluating risk only when there is significant changes do not take into consideration the effect of time. As the risk is changing constantly, small changes do occur with time that would affect the overall risk. Hence risk evaluation should be done annually too. B: Evaluating risk once a year is not sufficient in the case when some significant change takes place. This significant change should be taken into account as it affects the overall risk. D: Risk evaluation need not to be done every four to six months for critical processes, as it does not addresses important changes in timely manner.
CRISC Exam Question 59
From a risk management perspective, which of the following is the PRIMARY benefit of using automated system configuration validation tools?
Correct Answer: C
CRISC Exam Question 60
You are the project manager of the NGQQ Project for your company. To help you communicate project status to your stakeholders, you are going to create a stakeholder register. All of the following information should be included in the stakeholder register except for which one?
Correct Answer: A
Section: Volume C Explanation: The stakeholder management strategy is generally not included in the stakeholder registry because it may contain sensitive information that should not be shared with project team members or certain other individuals that could see the stakeholder register. The stakeholder register is a project management document that contains a list of the stakeholders associated with the project. It assesses how they are involved in the project and identifies what role they play in the organization. The information in this document can be very perceptive and is meant for limited exchange only. It also contains relevant information about the stakeholders, such as their requirements, expectations, and influence on the project. Incorrect Answers: B, C, D: Stakeholder identification, Assessment information, and Stakeholder classification should be included in the stakeholder register.
