1. Right Answer: D
Explanation: They are monitored on regular basis as they indicate high probability and high impact risks. As risks change over time, hence KRIs should also be monitored regularly for its effectiveness on these changing risks.Incorrect Answers:A, B, C: These all are true for KRIs. Key Risk Indicators are the prime monitoring indicators of the enterprise. KRIs are highly relevant and possess a high probability of predicting or indicating important risk. KRIs help in avoiding excessively large number of risk indicators to manage and report that a large enterprise may have.The complete set of KRIs should also balance indicators for risk, root causes and business impact, so as to indicate the risk and its impact completely.

2. Right Answer: A,B,D
Explanation: Chief Risk Officer is the executive-level manager in an organization. They provide corporate, guidance, governance, and oversight over the enterprise's risk management activities. The main priority for the CRO is to ensure that the organization is in full compliance with applicable regulations. They may also deal with areas regarding insurance, internal auditing, corporate investigations, fraud, and information security.CRO's responsibilities include: Managing the risk assessment process Implementation of corrective actions Communicate risk management issues Supporting the risk management functions

3. Right Answer: A
Explanation: Direct extraction from the source system involves management monitoring its own controls, instead of auditors/third parties monitoring management's controls. It is preferable over extraction from the system custodian.Incorrect Answers:B: Extracting data from the system custodian (IT) after system owner approval, involves auditors or third parties monitoring management's controls. Here, in this management does not monitors its own control.C, D: These are not data extraction methods.

4. Right Answer: A
Explanation: Because this change deals with the change of the deliverable, it should pass through the cost change control system. The cost change control system reviews the reason why the change has happened, what the cost affects, and how the project should respond.Incorrect Answers:B: This is not a contract change. According to the evidence that a contract exists or that the cost of the materials is outside of the terms of a contract if one existed.Considered a time and materials contract where a change of this nature could be acceptable according to the terms of the contract. If the vendor wanted to change the terms of the contract then it would be appropriate to enter the change into the contract change control system.C: The scope of the project will not change due to the cost of the materials.D: There are four change control systems that should always be entertained for change: schedule, cost, scope, and contract.

5. Right Answer: B
Explanation: An insurance policy can compensate the enterprise up to 100% by transferring the risk to another company. Hence in this stem risk is being transferred.Incorrect Answers:A: Updating the risk registry (with lower values for impact and probability) will not actually change the risk, only management's perception of it.C: Outsourcing the process containing the risk does not necessarily remove or change the risk. While on other hand, insurance will completely remove the risk.D: Staff capacity to detect or mitigate the risk may potentially reduce the financial impact, but insurance allows for the risk to be mitigated up to 100%.