Which of the following aspects of an IT risk and control self-assessment would be MOST important to include in a report to senior management?

• A.Changes in control design
• B.A decrease in the number of key controls
• C.An increase in residual risk
• D.Changes in control ownership

Comment: *

Name: *

Email: *

Verification: *

For a large software development project, risk assessments are MOST effective when performed:

• A.at each stage of the SDLC
• B.at system development
• C.during the development of the business case
• D.before system development begins

Comment: *

Name: *

Email: *

Verification: *

Deviation from a mitigation action plan's completion date should be determined by which of the following?

• A.The risk owner as determined by risk management processes
• B.Project governance criteria as determined by the project office
• C.Change management as determined by a change control board
• D.Benchmarking analysis with similar completed projects

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the MOST important factor affecting risk management in an organization?

• A.Regulatory requirements
• B.The risk manager's expertise
• C.Board of directors' expertise
• D.The organization's culture

Comment: *

Name: *

Email: *

Verification: *

A risk practitioner identifies a database application that has been developed and implemented by the business independently of IT. Which of the following is the BEST course of action?

• A.Escalate the concern to senior management.
• B.Propose that the application be transferred to IT.
• C.Include the application in IT risk assessments.
• D.Document the reasons for the exception.

Comment: *

Name: *

Email: *

Verification: *