Which of the following is the MOST important reason to maintain key risk indicators (KRIs)?
A. In order to avoid risk
B. Complex metrics require fine-tuning
C. Risk reports need to be timely
D. Threats and vulnerabilities change over time
Threats and vulnerabilities change over time and KRI maintenance ensures that KRIs continue
to effectively capture these changes.
The risk environment is highly dynamic as the enterprise's internal and external environments
are constantly changing. Therefore, the set of KRIs needs to be changed over time, so that they
can capture the changes in threat and vulnerability.
A: Risk avoidance is one possible risk response. Risk responses are based on KRI reporting,
but is not the reason for maintenance of KRIs.
B: While most key risk indicator (KRI) metrics need to be optimized in respect to their sensitivity,
the most important objective of KRI maintenance is to ensure that KRIs continue to effectively
capture the changes in threats and vulnerabilities over time. Hence the most important reason is
that because of change of threat and vulnerability overtime.
C: Risk reporting timeliness is a business requirement, but is not a reason for KRI maintenance.
You are the project manager of a HGT project that has recently finished the final compilation
process. The project customer has signed off on the project completion and you have to do few
administrative closure activities. In the project, there were several large risks that could have
wrecked the project but you and your project team found some new methods to resolve the risks
without affecting the project costs or project completion date. What should you do with the risk
responses that you have identified during the project's monitoring and controlling process?
A. Include the responses in the project management plan.
B. Include the risk responses in the risk management plan.
C. Include the risk responses in the organization's lessons learned database.
D. Nothing. The risk responses are included in the project's risk register already.