The purpose of requiring source code escrow in a contractual agreement is to:

• A.ensure the source code is available when bugs occur.
• B.review the source code for adequacy of controls.
• C.ensure that the source code is valid and exists.
• D.ensure that the source code is available if the vendor ceases to exist.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is NOT true for Key Risk Indicators?

• A.They are selected as the prime monitoring indicators for the enterprise
• B.They help avoid having to manage and report on an excessively large number of risk indicators
• C.The complete set of KRIs should also balance indicators for risk, root causes and business impact.
• D.They are monitored annually

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the PRIMARY responsibility of the first line of defense related to computer-enabled fraud?

• A.Implementing processes to detect and deter fraud
• B.Ensuring that risk and control assessments consider fraud
• C.Providing oversight of risk management processes
• D.Monitoring the results of actions taken to mitigate fraud

Comment: *

Name: *

Email: *

Verification: *

During an IT department reorganization, the manager of a risk mitigation action plan was replaced. The new manager has begun implementing a new control after identifying a more effective option. Which of the following is the risk practitioner's BEST course of action?

• A.Communicate the decision to the risk owner for approval
• B.Identify an owner for the new control
• C.Modify the action plan in the risk register
• D.Seek approval from the previous action plan manager

Comment: *

Name: *

Email: *

Verification: *

Which of the following IT key risk indicators (KRIs) provides management with the BEST feedback on IT capacity?

• A.Trends in IT resource usage.
• B.Increased resource availability.
• C.Trends in IT maintenance costs.
• D.Increased number of incidents.

Comment: *

Name: *

Email: *

Verification: *