Assessing the probability and consequences of identified risks to the project objectives, assigning a risk score to each risk, and creating a list of prioritized risks describes which of the following processes?

• A.Qualitative Risk Analysis
• B.Plan Risk Management
• C.Identify Risks
• D.Quantitative Risk Analysis

Correct Answer: A

Explanation/Reference:
Explanation:
The purpose of qualitative risk analysis is to determine what impact the identified risk events will have on the project and the probability they'll occur. It also puts risks in priority order according to their effects on the project objectives and assigns a risk score for the project.
Incorrect Answers:
B: Risk Management is used to identify, assess, and control risks. It includes analyzing the value of assets to the business, identifying threats to those assets, and evaluating how vulnerable each asset is to those threats. Assessing the probability and consequences of identified risks is only the part of risk management.
C: It involves listing of all the possible risks so as to cure them before it can occur. In risk identification both threats and opportunities are considered, as both carry some level of risk with them.
D: This process does not involve assessing the probability and consequences of identified risks.
Quantitative analysis is the use of numerical and statistical techniques rather than the analysis of verbal material for analyzing risks. Some of the quantitative methods of risk analysis are:
Internal loss method

External data analysis

Business process modeling (BPM) and simulation

Statistical process control (SPC)

Comment: *

Name: *

Email: *

Verification: *

According to the Section-302 of the Sarbanes-Oxley Act of 2002, what does certification of reports implies? Each correct answer represents a complete solution. Choose three.

• A.The signing officer has evaluated the effectiveness of the issuer's internal controls as of a date at the time to report.
• B.The financial statement does not contain any materially untrue or misleading information.
• C.The signing officer has reviewed the report.
• D.The signing officer has presented in the report their conclusions about the effectiveness of their internal controls based on their evaluation as of that date.

Correct Answer: B,C,D

Section 302 of Sarbanes-Oxley act has the tremendous impact on the risk management solution
adopted by corporations. This section specifies that the reports must be certified by the CEO,
CFO, or other senior officer performing similar functions.
Certification of reports establishes:

Comment: *

Name: *

Email: *

Verification: *

When updating a risk register with the results of an IT risk assessment, the risk practitioner should log:

• A.high likelihood scenarios.
• B.high impact scenarios.
• C.known risk scenarios.
• D.treated risk scenarios.

Comment: *

Name: *

Email: *

Verification: *

When evaluating enterprise IT risk management it is MOST important to:

• A.report identified IT risk scenarios to senior management
• B.review alignment with the organization's investment plan
• C.create new control processes to reduce identified IT risk scenarios
• D.confirm the organization s risk appetite and tolerance

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the MOST important characteristic of an effective risk management program?

• A.Risk response plans are documented.
• B.Key risk indicators are defined.
• C.Risk ownership is assigned.
• D.Controls are mapped to key risk scenarios.

Comment: *

Name: *

Email: *

Verification: *