Senior management has asked a risk practitioner to develop technical risk scenarios related to a recently developed enterprise resource planning (ERP) system. These scenarios will be owned by the system manager.
Which of the following would be the BEST method to use when developing the scenarios?

• A.Bottom-up approach
• B.Cause-and-effect diagram
• C.Top-down approach
• D.Delphi technique

Comment: *

Name: *

Email: *

Verification: *

Risks with low ratings of probability and impact are included for future monitoring in which of the following?

• A.Risk alarm
• B.Observation list
• C.Watch-list
• D.Risk register
• E.Explanation:
  Watch-list contains risks with low rating of probability and impact. This list is useful for future monitoring of low risk factors.
• F.is incorrect. Risk register is a document that contains the results of the qualitative risk analysis, quantitative risk analysis, and risk response planning. Description, category, cause, probability of occurring, impact on objectives, proposed responses, owner, and the current status
  of all identified risks are put in the risk register.

Comment: *

Name: *

Email: *

Verification: *

You are the project manager for your organization to install new workstations, servers, and cabling throughout a new building, where your company will be moving into. The vendor for the project informs you that the cost of the cabling has increased due to some reason. This new cost will cause the cost of your project to increase by nearly eight percent. What change control system should the costs be entered into for review?

• A.Cost change control system
• B.Contract change control system
• C.Scope change control system
• D.Only changes to the project scope should pass through a change control system.

Comment: *

Name: *

Email: *

Verification: *

Which of the following process ensures that extracted data are ready for analysis?

• A.Data analysis
• B.Data validation
• C.Data gathering
• D.Data access
• E.Explanation:
  Data validation ensures that extracted data are ready for analysis. One objective is to perform data quality tests to ensure data are valid complete and free of errors. This may also involve making data from different sources suitable for comparative analysis.

Comment: *

Name: *

Email: *

Verification: *

The PRIMARY reason, a risk practitioner would be interested in an internal audit report is to:

• A.maintain a risk register based on noncompliances
• B.plan awareness programs for business managers
• C.assist in the development of a risk profile
• D.evaluate maturity of the risk management process

Comment: *

Name: *

Email: *

Verification: *