You are the project manager of the NHH Project. You are working with the project team to create a plan to document the procedures to manage risks throughout the project. This document will define how risks will be identified and quantified. It will also define how contingency plans will be implemented by the project team. What document do you and your team is creating in this scenario?

• A.Project plan
• B.Resource management plan
• C.Project management plan
• D.Risk management plan
• E.Explanation:
  The risk management plan, part of the comprehensive management plan, defines how risks will be identified, analyzed, monitored and controlled, and even responded to. A Risk management plan is a document arranged by a project manager to estimate the effectiveness, predict risks, and build response plans to mitigate them. It also consists of the risk assessment matrix. Risks are built in with any project, and project managers evaluate risks repeatedly and build plans to address them. The risk management plan consists of analysis of possible risks with both high and low impacts, and the mitigation strategies to facilitate the project and avoid being derailed through which the common problems arise. Risk management plans should be timely reviewed by the project team in order to avoid having the analysis become stale and not reflective of actual potential project risks. Most critically, risk management plans include a risk strategy for project execution.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is BEST described by the definition below?
"They are heavy influencers of the likelihood and impact of risk scenarios and should be taken into account during every risk analysis, when likelihood and impact are assessed."

• A.Obscure risk
• B.Risk factors
• C.Risk analysis
• D.Risk event

Correct Answer: B

Explanation/Reference:
Explanation:
Risk factors are those features that influence the likelihood and/or business impact of risk scenarios. They have heavy influences on probability and impact of risk scenarios. They should be taken into account during every risk analysis, when likelihood and impact are assessed.
Incorrect Answers:
A: The enterprise must consider risk that has not yet occurred and should develop scenarios around unlikely, obscure or non-historical events.
Such scenarios can be developed by considering two things:
Visibility

Recognition

For the fulfillment of this task enterprise must:
Be in a position that it can observe anything going wrong

Have the capability to recognize an observed event as something wrong

C: A risk analysis involves identifying the most probable threats to an organization and analyzing the related vulnerabilities of the organization to these threats. A risk from an organizational perspective consists of:
Threats to various processes of organization.

Threats to physical and information assets.

Likelihood and frequency of occurrence from threat.

Impact on assets from threat and vulnerability.

Risk analysis allows the auditor to do the following tasks:
Identify threats and vulnerabilities to the enterprise and its information system.

Provide information for evaluation of controls in audit planning.

Aids in determining audit objectives.

Supporting decision based on risks.

D: A risk event represents the situation where you have a risk that only occurs with a certain probability and where the risk itself is represented by a specified distribution.

Comment: *

Name: *

Email: *

Verification: *

An organization operates in a jurisdiction where heavy fines are imposed for leakage of customer data. Which of the following provides the BEST input to assess the inherent risk impact?

• A.Number of customer records held
• B.Number of databases that host customer data
• C.Number of encrypted customer databases
• D.Number of staff members having access to customer data

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the MOST important consideration when sharing risk management updates with executive management?

• A.Trend analysis of risk metrics
• B.Relying on key risk indicator (KRI) data Including
• C.Ensuring relevance to organizational goals
• D.Using an aggregated view of organizational risk

Comment: *

Name: *

Email: *

Verification: *

A change management process has recently been updated with new testing procedures. The NEXT course of action is to:

• A.communicate to those who test and promote changes
• B.assess the maturity of the change management process
• C.conduct a cost-benefit analysis to justify the cost of the control
• D.monitor processes to ensure recent updates are being followed

Comment: *

Name: *

Email: *

Verification: *