Which of the following is the PRIMARY reason to have the risk management process reviewed by a third party?

• A.Obtain objective assessment of the control environment.
• B.Obtain an objective view of process gaps and systemic errors.
• C.Ensure the risk profile is defined and communicated.
• D.Validate the threat management process.

Comment: *

Name: *

Email: *

Verification: *

Risk mitigation procedures should include:

• A.enterprise architecture implementation.
• B.acceptance of exposures
• C.deployment of counter measures.
• D.buying an insurance policy.

Comment: *

Name: *

Email: *

Verification: *

You are the project manager of the QPS project. You and your project team have identified a pure risk.
You along with the key stakeholders, decided to remove the pure risk from the project by changing the project plan altogether. What is a pure risk?

• A.It is a risk event that only has a negative side and not any positive result.
• B.It is a risk event that is created by the application of risk response.
• C.It is a risk event that is generated due to errors or omission in the project work.
• D.It is a risk event that cannot be avoided because of the order of the work.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the best reason for performing risk assessment?

• A.To determine the present state of risk
• B.To analyze the effect on the business
• C.To satisfy regulatory requirements
• D.To budget appropriately for the application of various controls
• E.Explanation:
  Risk assessment is a process of analyzing the identified risk, both quantitatively and qualitatively. Quantitative risk assessment requires calculations of two components of risk, the magnitude of the potential loss, and the probability that the loss will occur. While qualitatively risk assessment
  checks the severity of risk. Hence risk assessment helps in determining the present state of the
  risk.
• F.is incorrect. Budgeting appropriately is one the results of risk assessment but is not the
  reason for performing the risk assessment.
• G.is incorrect. Analyzing the effect of risk on an enterprise is the part of the process while
  performing risk assessment, but is not the reason for doing it.

Comment: *

Name: *

Email: *

Verification: *

When reporting risk assessment results to senior management, which of the following is MOST important to include to enable risk-based decision making?

• A.A list of assets exposed to the highest risk
• B.Recent audit and self-assessment results
• C.Risk action plans and associated owners
• D.Potential losses compared to treatment cost

Comment: *

Name: *

Email: *

Verification: *