CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CRISC—Certified in Risk and Information Systems Control Certification Questions and answer - Part 4
1. You are the project manager of the NKJ Project for your company. The project's success or failure will have a significant impact on your organization's profitability for the coming year. Management has asked you to identify the risk events and communicate the event's probability and impact as early as possible in the project.Management wants to avoid risk events and needs to analyze the cost-benefits of each risk event in this project. What term is assigned to the low-level of stakeholder tolerance in this project?
A) Mitigation-ready project management
B) Risk avoidance
C) Risk utility function
D) Risk-reward mentality
2. How residual risk can be determined?
A) By determining remaining vulnerabilities after countermeasures are in place.
B) By transferring all risks.
C) By threat analysis
D) By risk assessment
3. Which of the following are the MOST important risk components that must be communicated among all the stakeholders?Each correct answer represents a part of the solution. Choose three.(Select 3answers)
A) Various risk response used in the project
B) Expectations from risk management
C) Current risk management capability
D) Status of risk with regard to IT risk
4. You work as a project manager for BlueWell Inc. You are involved with the project team on the different risk issues in your project. You are using the applications of IRGC model to facilitate the understanding and managing the rising of the overall risks that have impacts on the economy and society. One of your team members wants to know that what the need to use the IRGC is. What will be your reply?
A) IRGC models aim at building robust, integrative inter-disciplinary governance models for emerging and existing risks.
B) IRGC is both a concept and a tool.
C) IRGC addresses the development of resilience and the capacity of organizations and people to face unavoidable risks.
D) IRGC addresses understanding of the secondary impacts of a risk.
5. You are elected as the project manager of GHT project. You are in project initialization phase and are busy in defining requirements for your project. While defining requirements you are describing how users will interact with a system. Which of the following requirements are you defining here?
A) Technical requirement
B) Project requirement
C) Functional requirement
D) Business requirement
A) Mitigation-ready project management
B) Risk avoidance
C) Risk utility function
D) Risk-reward mentality
2. How residual risk can be determined?
A) By determining remaining vulnerabilities after countermeasures are in place.
B) By transferring all risks.
C) By threat analysis
D) By risk assessment
3. Which of the following are the MOST important risk components that must be communicated among all the stakeholders?Each correct answer represents a part of the solution. Choose three.(Select 3answers)
A) Various risk response used in the project
B) Expectations from risk management
C) Current risk management capability
D) Status of risk with regard to IT risk
4. You work as a project manager for BlueWell Inc. You are involved with the project team on the different risk issues in your project. You are using the applications of IRGC model to facilitate the understanding and managing the rising of the overall risks that have impacts on the economy and society. One of your team members wants to know that what the need to use the IRGC is. What will be your reply?
A) IRGC models aim at building robust, integrative inter-disciplinary governance models for emerging and existing risks.
B) IRGC is both a concept and a tool.
C) IRGC addresses the development of resilience and the capacity of organizations and people to face unavoidable risks.
D) IRGC addresses understanding of the secondary impacts of a risk.
5. You are elected as the project manager of GHT project. You are in project initialization phase and are busy in defining requirements for your project. While defining requirements you are describing how users will interact with a system. Which of the following requirements are you defining here?
A) Technical requirement
B) Project requirement
C) Functional requirement
D) Business requirement
1. Right Answer: C
Explanation: Risk utility function is assigned to the low-level of stakeholder tolerance in this project.The risk utility function describes a person's or organization's willingness to accept risk. It is synonymous with stakeholder tolerance to risk.Risk utility function facilitates the selection and acceptance of risk and provides opportunity to merge the approach with setting thresholds of risk acceptability and using utility-risk ratios if necessary.Incorrect Answers:A: This is not a valid project management and risk management term.B: Risk avoidance is a risk response to avoid negative risk events.D: Risk-reward describes the balance between accepting risks and the expected reward for the risk event. Risk-reward mentality is not a valid project management term.
2. Right Answer: D
Explanation: All risks are determined by risk assessment, regardless whether risks are residual or not.Incorrect Answers:A: Determining remaining vulnerabilities after countermeasures are in place says nothing about threats, therefore risk cannot be determined.B: Transferring all the risks in not relevant to determining residual risk. It is one of the method of risk management.C: Risk cannot be determined by threat analysis alone, regardless whether it is residual or not.
3. Right Answer: B,C,D
Explanation: The broad array of information and the major types of IT risk information that should be communicated are as follows: Expectations from risk management: They include risk strategy, policies, procedures, awareness training, uninterrupted reinforcement of principles, etc. This essential communication drives all subsequent efforts on risk management and sets the overall expectations from risk management. Current risk management capability: This allows monitoring of the status of the risk management engine in the enterprise. It is a key indicator for effective risk management and has predictive value for how well the enterprise is managing risk and reducing exposure. Status with regard to IT risk: This describes the actual status with regard to IT risk including information of risk profile of the enterprise, Key risk indicators(KRIs) to support management reporting on risk, event-loss data, root cause of loss events and options to mitigate risk.Incorrect Answers:A: Risk response is only communicated to some of the stakeholders not all, as it is irrelevant for them. It is not communicated to the stakeholders of the project like project sponsors, etc.
4. Right Answer: A
Explanation: IRGC is aimed at building robust, integrative inter-disciplinary governance models for emerging and existing risks.The International Risk Governance Council (IRGC) is a self-governing organization whose principle is to facilitate the understanding and managing the rising overall risks that have impacts on the economy and society, human health and safety, the environment at large. IRGC's effort is to build and develop concepts of risk governance, predict main risk issues and present risk governance policy recommendations for the chief decision makers. IRGC mainly emphasizes on rising, universal risks for which governance deficits exist. Its goal is to present recommendations for how policy makers can correct them. IRGC models at constructing strong, integrative inter-disciplinary governance models for up-coming and existing risks.Incorrect Answers:B: As IRGC is aimed at building robust, integrative inter-disciplinary governance models for emerging and existing risks, so it is the best answer for this question.C, D: Risk governance addresses understanding of the secondary impacts of a risk, the development of resilience and the capacity of organizations and people to face unavoidable risks.
5. Right Answer: C
Explanation: While defining requirements, there is need to define three requirements of the project- Business requirement, Functional requirement, and Technical requirementFunctional requirements and use case models describe how users will interact with a system. Therefore here in this stem you are defining the functional requirement of the project.Incorrect Answers:A: Technical requirements and design specifications and coding specifications describe how the system will interact, conditions under which the system will operate and the information criteria the system should meet.B: Business requirement, Functional requirement, and Technical requirement come under project requirement. In this stem it is particular defining the functional requirement, hence this is not the best answer.D: Business requirements contain descriptions of what a system should do.
Explanation: Risk utility function is assigned to the low-level of stakeholder tolerance in this project.The risk utility function describes a person's or organization's willingness to accept risk. It is synonymous with stakeholder tolerance to risk.Risk utility function facilitates the selection and acceptance of risk and provides opportunity to merge the approach with setting thresholds of risk acceptability and using utility-risk ratios if necessary.Incorrect Answers:A: This is not a valid project management and risk management term.B: Risk avoidance is a risk response to avoid negative risk events.D: Risk-reward describes the balance between accepting risks and the expected reward for the risk event. Risk-reward mentality is not a valid project management term.
2. Right Answer: D
Explanation: All risks are determined by risk assessment, regardless whether risks are residual or not.Incorrect Answers:A: Determining remaining vulnerabilities after countermeasures are in place says nothing about threats, therefore risk cannot be determined.B: Transferring all the risks in not relevant to determining residual risk. It is one of the method of risk management.C: Risk cannot be determined by threat analysis alone, regardless whether it is residual or not.
3. Right Answer: B,C,D
Explanation: The broad array of information and the major types of IT risk information that should be communicated are as follows: Expectations from risk management: They include risk strategy, policies, procedures, awareness training, uninterrupted reinforcement of principles, etc. This essential communication drives all subsequent efforts on risk management and sets the overall expectations from risk management. Current risk management capability: This allows monitoring of the status of the risk management engine in the enterprise. It is a key indicator for effective risk management and has predictive value for how well the enterprise is managing risk and reducing exposure. Status with regard to IT risk: This describes the actual status with regard to IT risk including information of risk profile of the enterprise, Key risk indicators(KRIs) to support management reporting on risk, event-loss data, root cause of loss events and options to mitigate risk.Incorrect Answers:A: Risk response is only communicated to some of the stakeholders not all, as it is irrelevant for them. It is not communicated to the stakeholders of the project like project sponsors, etc.
4. Right Answer: A
Explanation: IRGC is aimed at building robust, integrative inter-disciplinary governance models for emerging and existing risks.The International Risk Governance Council (IRGC) is a self-governing organization whose principle is to facilitate the understanding and managing the rising overall risks that have impacts on the economy and society, human health and safety, the environment at large. IRGC's effort is to build and develop concepts of risk governance, predict main risk issues and present risk governance policy recommendations for the chief decision makers. IRGC mainly emphasizes on rising, universal risks for which governance deficits exist. Its goal is to present recommendations for how policy makers can correct them. IRGC models at constructing strong, integrative inter-disciplinary governance models for up-coming and existing risks.Incorrect Answers:B: As IRGC is aimed at building robust, integrative inter-disciplinary governance models for emerging and existing risks, so it is the best answer for this question.C, D: Risk governance addresses understanding of the secondary impacts of a risk, the development of resilience and the capacity of organizations and people to face unavoidable risks.
5. Right Answer: C
Explanation: While defining requirements, there is need to define three requirements of the project- Business requirement, Functional requirement, and Technical requirementFunctional requirements and use case models describe how users will interact with a system. Therefore here in this stem you are defining the functional requirement of the project.Incorrect Answers:A: Technical requirements and design specifications and coding specifications describe how the system will interact, conditions under which the system will operate and the information criteria the system should meet.B: Business requirement, Functional requirement, and Technical requirement come under project requirement. In this stem it is particular defining the functional requirement, hence this is not the best answer.D: Business requirements contain descriptions of what a system should do.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment