Which of the following is NOT true for Key Risk Indicators?

• A.They are selected as the prime monitoring indicators for the enterprise
• B.They help avoid having to manage and report on an excessively large number of risk indicators
• C.The complete set of KRIs should also balance indicators for risk, root causes and business impact.
• D.They are monitored annually
• E.Explanation:
  They are monitored on regular basis as they indicate high probability and high impact risks. As risks change over time, hence KRIs should also be monitored regularly for its effectiveness on these changing risks.

Comment: *

Name: *

Email: *

Verification: *

You are the project manager of HGT project. You are in the first phase of the risk response process and are doing following tasks :
Communicating risk analysis results
Reporting risk management activities and the state of compliance
Interpreting independent risk assessment findings
Identifying business opportunities
Which of the following process are you performing?

• A.Articulating risk
• B.Mitigating risk
• C.Tracking risk
• D.Reporting risk

Correct Answer: A

Explanation/Reference:
Explanation:
Articulating risk is the first phase in the risk response process to ensure that information on the true state of exposures and opportunities are made available in a timely manner and to the right people for appropriate response. Following are the tasks that are involved in articulating risk:
Communicate risk analysis results.

Report risk management activities and the state of compliance.

Interpret independent risk assessment findings.

Identify business opportunities.

Incorrect Answers:
B: Risk mitigation attempts to reduce the probability of a risk event and its impacts to an acceptable level.
Risk mitigation can utilize various forms of control carefully integrated together. This comes under risk response process and is latter stage after articulating risk.
C: Tracking risk is the process of tracking the ongoing status of risk mitigation processes. This tracking ensures that the risk response strategy remains active and that proposed controls are implemented according to schedule.
D: This is not related to risk response process. It is a type of risk. Reporting risks are the risks that are caused due to wrong reporting which leads to bad decision.

Comment: *

Name: *

Email: *

Verification: *

Which of the following individuals is responsible for identifying process requirements, approving process design and managing process performance?

• A.Business process owner
• B.Risk owner
• C.Chief financial officer
• D.Chief information officer
• E.Explanation:
  Business process owners are the individuals responsible for identifying process requirements, approving process design and managing process performance. In general, a business process owner must be at an appropriately high level in the enterprise and have authority to commit resources to process-specific risk management activities.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the BEST indication of an effective risk management program?

• A.Risk action plans are approved by senior management
• B.Mitigating controls are designed and implemented
• C.Residual risk is within the organizational risk appetite
• D.Risk is recorded and tracked in the risk register

Comment: *

Name: *

Email: *

Verification: *

Which of the following controls will BEST detect unauthorized modification of data by a database administrator?

• A.Reviewing database access rights
• B.Reviewing changes to edit checks
• C.Comparing data to input records
• D.Reviewing database activity logs

Comment: *

Name: *

Email: *

Verification: *