An identified high probability risk scenario involving a critical, proprietary business function has an annualized cost of control higher than the annual loss expectancy. Which of the following is the BEST risk response?

• A.Accept
• B.Transfer
• C.Mitigate
• D.Avoid

Comment: *

Name: *

Email: *

Verification: *

The GREATEST benefit of including low-probability, high-impact events in a risk assessment is the ability to:

• A.develop a comprehensive risk mitigation strategy
• B.perform an aggregated cost-benefit analysis
• C.develop understandable and realistic risk scenarios
• D.identify root causes for relevant events

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the most accurate definition of a project risk?

• A.It is an unknown event that can affect the project scope.
• B.It is an uncertain event or condition within the project execution.
• C.It is an uncertain event that can affect the project costs.
• D.It is an uncertain event that can affect at least one project objective.
• E.Explanation:
  Risk is an uncertain event or condition that, if it occurs, has an effect on at least one project objective. Project risk is concerned with the expected value of one or more results of one or more future
  events in a project. It is an uncertain condition that, if it occurs, has an effect on at least one
  project objective. Objectives can be scope, schedule, cost, and quality. Project risk is always in the
  future.
• F.is incorrect. Risk is not unknown, it is uncertain; in addition, the event can affect at least
  one project objective - not just the project scope.
• G.is incorrect. This statement is almost true, but the event does not have to happen within
  project execution.

Comment: *

Name: *

Email: *

Verification: *

You are working in an enterprise. You enterprise is willing to accept a certain amount of risk. What is this risk called?

• A.Hedging
• B.Aversion
• C.Appetite
• D.Tolerance

Correct Answer: C

Explanation/Reference:
Explanation:
Risk appetite considers the qualitative and quantitative aspects of accepting risks in an organization. The term refers to the type of risks the organization is willing to pursue, as well as amount of risk and the level of risk.
Risk appetite is the amount of risk a company or other entity is willing to accept in pursuit of its mission.
This is the responsibility of the board to decide risk appetite of an enterprise. When considering the risk appetite levels for the enterprise, the following two major factors should be taken into account:
The enterprise's objective capacity to absorb loss, e.g., financial loss, reputation damage, etc.

The culture towards risk taking-cautious or aggressive. In other words, the amount of loss the

enterprise wants to accept in pursue of its objective fulfillment.
Incorrect Answers:
A, B: Aversion and hedging are related to each other and represents the avoidance of risk within the organization.
D: The acceptable variation relative to the achievement of an objective is termed as risk tolerance. In other words, risk tolerance is the acceptable deviation from the level set by the risk appetite and business objectives.
Risk tolerance is defined at the enterprise level by the board and clearly communicated to all stakeholders.
A process should be in place to review and approve any exceptions to such standards.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the BEST approach to use when creating a comprehensive set of IT risk scenarios?

• A.Derive scenarios from IT risk policies and standards.
• B.Gather scenarios from senior management.
• C.Benchmark scenarios against industry peers.
• D.Map scenarios to a recognized risk management framework.

Comment: *

Name: *

Email: *

Verification: *