Which of the following is the MOST important reason to test new controls?
Correct Answer: A
Section: Volume D
CRISC Exam Question 42
Which of the following role carriers has to account for collecting data on risk and articulating risk?
Correct Answer: D,E
is incorrect. Enterprise risk committee are the executives who are accountable for the enterprise level collaboration and consensus required to support enterprise risk management (ERM). They are to some extent responsible for articulating risk but are not accounted for it. They are neither responsible nor accounted for collecting data on risk. Answer:C is incorrect. CIO is the most senior official of the enterprise who is accountable for IT advocacy; aligning IT and business strategies; and planning, resourcing and managing the delivery of IT services and information and the deployment of associated human resources. CIO has some responsibility towards collecting data and articulating risk but is not accounted for them. Answer:B is incorrect. Business process owner is an individual responsible for identifying process requirements, approving process design and managing process performance. He/she is responsible for collecting data and articulating risk but is not accounted for them.
CRISC Exam Question 43
You are the project manager for TTP project. You are in the Identify Risks process. You have to create the risk register. Which of the following are included in the risk register? Each correct answer represents a complete solution. Choose two.
Correct Answer: A,D,E
is incorrect. Risk register do contain the summary of mitigation, but only after the applying risk response. Here in this scenario you are in risk identification phase, hence mitigation techniques cannot be documented at this situation. Answer:B is incorrect. This is not valid content of risk register. A risk register is an inventory of risks and exposure associated with those risks. Risks are commonly found in project management practices, and provide information to identify, analyze, and manage risks. Typically a risk register contains: A description of the risk The impact should this event actually occur The probability of its occurrence Risk Score (the multiplication of Probability and Impact) A summary of the planned response should the event occur A summary of the mitigation (the actions taken in advance to reduce the probability and/or impact of the event) Ranking of risks by Risk Score so as to highlight the highest priority risks to all involved.
CRISC Exam Question 44
The BEST indicator of the risk appetite of an organization is the
Correct Answer: C
The board of directors' response to identified risk factors is the best indicator of the risk appetite of an organization. The board of directors is the highest governing body of the organization, and it is responsible for setting the strategic direction, objectives, and risk appetite of the organization. The board of directors should also oversee the risk management process, and ensure that the risks are aligned with the organization's goals and values. The board of directors' response to identified risk factors reflects how much and what type of risk the organization is willing to pursue, retain, or take in order to achieve its objectives. The regulatory environment, the risk management capability, and the importance assigned to IT are not direct indicators of the risk appetite, although they may influence or constrain it. References = Risk and Information Systems Control Study Manual, Chapter 1, Section 1.2.1, page 1-8.
CRISC Exam Question 45
Which of the following would be of MOST concern to a risk practitioner reviewing risk action plans for documented IT risk scenarios?
Newest CRISC Exam PDF Dumps shared by Actual4test.com for Helping Passing CRISC Exam! Actual4test.com now offer the updated CRISC exam dumps, the Actual4test.com CRISC exam questions have been updated and answers have been corrected get the latest Actual4test.com CRISC pdf dumps with Exam Engine here:
