You are the project manager of your enterprise. While performing risk management, you are given a task to identify where your enterprise stands in certain practice and also to suggest the priorities for improvements. Which of the following models would you use to accomplish this task?
Correct Answer: A
Section: Volume D Explanation: Capability maturity models are the models that are used by the enterprise to rate itself in terms of the least mature level (having nonexistent or unstructured processes) to the most mature (having adopted and optimized the use of good practices). The levels within a capability maturity model are designed to allow an enterprise to identify descriptions of its current and possible future states. In general, the purpose is to: * Identify, where enterprises are in relation to certain activities or practices. * Suggest how to set priorities for improvements Incorrect Answers: D: There is no such model exists in risk management process. B: Decision tree analysis is a risk analysis tool that can help the project manager in determining the best risk response. The tool can be used to measure probability, impact, and risk exposure and how the selected risk response can affect the probability and/or impact of the selected risk event. It helps to form a balanced image of the risks and opportunities connected with each possible course of action. This makes them mostly useful for choosing between different strategies, projects, or investment opportunities particularly when the resources are limited. A decision tree is a decision support tool that uses a tree-like graph or model of decisions and their possible consequences, including chance event outcomes, resource costs, and utility. C: Fishbone diagrams or Ishikawa diagrams shows the relationships between the causes and effects of problems.
Question 777
Which of the following is PRIMARILY a risk management responsibly of the first line of defense?
Correct Answer: B
Question 778
An organization is planning to engage a cloud-based service provider for some of its data-intensive business processes. Which of the following is MOST important to help define the IT risk associated with this outsourcing activity?
Correct Answer: A
Section: Volume D
Question 779
What are the responsibilities of the CRO? Each correct answer represents a complete solution. Choose three.
Correct Answer: A,B,D
Section: Volume A Explanation/Reference: Explanation: Chief Risk Officer is the executive-level manager in an organization. They provide corporate, guidance, governance, and oversight over the enterprise's risk management activities. The main priority for the CRO is to ensure that the organization is in full compliance with applicable regulations. They may also deal with areas regarding insurance, internal auditing, corporate investigations, fraud, and information security. CRO's responsibilities include: * Managing the risk assessment process * Implementation of corrective actions * Communicate risk management issues * Supporting the risk management functions
Question 780
Which of the following should be of GREATEST concern to a risk practitioner when determining the effectiveness of IT controls?
