Which of the following role carriers has to account for collecting data on risk and articulating risk?

• A.Enterprise risk committee
• B.Business process owner
• C.Chief information officer (CIO)
• D.Chief risk officer (CRO)

Comment: *

Name: *

Email: *

Verification: *

What are the requirements of effectively communicating risk analysis results to the relevant stakeholders?
Each correct answer represents a part of the solution. Choose three.

• A.The results should be reported in terms and formats that are useful to support business decisions
• B.Communicate only the negative risk impacts of events in order to drive response decisions
• C.Communicate the risk-return context clearly
• D.Provide decision makers with an understanding of worst-case and most probable scenarios

Correct Answer: A,C,D

Explanation/Reference:
Explanation:
The result of risk analysis process is being communicated to relevant stakeholders. The steps that are involved in communication are:
The results should be reported in terms and formats that are useful to support business decisions.

Coordinate additional risk analysis activity as required by decision makers, like report rejection and

scope adjustment.
Communicate the risk-return context clearly, which include probabilities of loss and/or gain, ranges, and

confidence levels (if possible) that enable management to balance risk-return.
Identify the negative impacts of events that drive response decisions as well as positive impacts of

events that represent opportunities which should channel back into the strategy and objective setting process.
Provide decision makers with an understanding of worst-case and most probable scenarios, due

diligence exposures and significant reputation, legal or regulatory considerations.
Incorrect Answers:
B: Both the negative and positive risk impacts are being communicated to relevant stakeholders. Identify the negative impacts of events that drive response decisions as well as positive impacts of events that represent opportunities which should channel back into the strategy and objective setting process.

Comment: *

Name: *

Email: *

Verification: *

An organization has determined a risk scenario is outside the defined risk tolerance level. What should be the NEXT course of action?

• A.Identify risk responses
• B.Allocate remediation resources.
• C.Develop a compensating control.
• D.Perform a cost-benefit analysis.

Comment: *

Name: *

Email: *

Verification: *

Which of the following can be interpreted from a single data point on a risk heat map?

• A.Risk magnitude
• B.Risk response
• C.Risk appetite
• D.Risk tolerance

Comment: *

Name: *

Email: *

Verification: *

You are the risk professional in Bluewell Inc. You have identified a risk and want to implement a specific risk mitigation activity. What you should PRIMARILY utilize?

• A.Vulnerability assessment report
• B.Business case
• C.Technical evaluation report
• D.Budgetary requirements

Comment: *

Name: *

Email: *

Verification: *