CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. ISACA
  5. CRISC

Free CRISC Exam Braindumps (page: 45)

Page 45 of 451
PDF with 1871 Questions

Which of the following guidelines should be followed for effective risk management? Each correct answer represents a complete solution. Choose three.

  1. Promote and support consistent performance in risk management
  2. Promote fair and open communication
  3. Focus on enterprise's objective
  4. Balance the costs and benefits of managing risk

Answer(s): B,C,D

Explanation:

The primary function of the enterprise is to meet its objective. Each business activity for fulfilling enterprise's objective carries both risk and opportunity, therefore objective should be considered while managing risk.

Open and fair communication should me there for effective risk management. Open, accurate, timely and transparent information on lT risk is exchanged and serves as the basis for all risk-related decisions.

Cost-benefit analysis should be done for proper weighing the total costs expected against the total benefits expected, which is the major aspect of risk management.

Incorrect Answers:
A: For effective risk management, there should be continuous improvement, not consistent. Because of the dynamic nature of risk, risk management is an iterative, perpetual and ongoing process; that's why, continuous improvement is required.



According to the Section-302 of the Sarbanes-Oxley Act of 2002, what does certification of reports implies? Each correct answer represents a complete solution. Choose three.

  1. The signing officer has evaluated the effectiveness of the issuer's internal controls as of a date at the time to report.
  2. The financial statement does not contain any materially untrue or misleading information.
  3. The signing officer has reviewed the report.
  4. The signing officer has presented in the report their conclusions about the effectiveness of their internal controls based on their evaluation as of that date.

Answer(s): B,C,D

Explanation:

Section 302 of Sarbanes-Oxley act has the tremendous impact on the risk management solution adopted by corporations. This section specifies that the reports must be certified by the CEO, CFO, or other senior officer performing similar functions.

Certification of reports establishes:
The signing officer has reviewed the report.
The financial statement does not contain, to the knowledge of signing officer, any materially untrue or misleading information and represent fairly all financial conditions and results of the enterprise’s operations. The signing officers:
- are responsible for establishing and maintaining internal controls
- have designed such internal controls to ensure that material information relating to the issuer and its consolidated subsidiaries is made - known to such officers by others within those entities, particularly during the period in which the periodic reports are being prepared
- have evaluated the effectiveness of the issuer's internal controls as of a date within 90 days prior to the report
- have presented in the report their conclusions about the effectiveness of their internal controls base on their evaluation as of that date

The signing officer have disclosed to external auditors, audit committee, and other directors:
- all significant deficiencies in the design or operation of internal controls which could adversely affect the reliability of the reported financial data
- any fraud, whether or not material, that involves management or other employees who have a significant role in the internal controls of the enterprise

The signing officer have indicated in the report any internal controls or changes to those internal controls which have been implemented since they were evaluated.

Incorrect Answers:
A: The signing officer has evaluated the effectiveness of the issuer's internal controls as of a date within 90 days prior to the report, not at the time of the report.



Thomas is a key stakeholder in your project. Thomas has requested several changes to the project scope for the project you are managing.

Upon review of the proposed changes, you have discovered that these new requirements are laden with risks and you recommend to the change control board that the changes be excluded from the project scope. The change control board agrees with you. What component of the change control system communicates the approval or denial of a proposed change request?

  1. Configuration management system
  2. Integrated change control
  3. Change log
  4. Scope change control system

Answer(s): B

Explanation:

Integrated change control is responsible for facilitating, documenting, and dispersing information on a proposed change to the project scope.

Integrated change control is a way to manage the changes incurred during a project. It is a method that manages reviewing the suggestions for changes and utilizing the tools and techniques to evaluate whether the change should be approved or rejected. Integrated change control is a primary component of the project's change control system that examines the affect of a proposed change on the entire project.

Incorrect Answers:
A: The configuration management system controls and documents changes to the project's product C: The change log documents approved changes in the project scope.
D: The scope change control system controls changes that are permitted to the project scope.



Which of the following process ensures that the risk response strategy remains active and that proposed controls are implemented according to schedule?

  1. Risk management
  2. Risk response integration
  3. Risk response implementation
  4. Risk response tracking

Answer(s): D

Explanation:

Risk response tracking tracks the ongoing status of risk mitigation processes as part of risk response process. This tracking ensures that the risk response strategy remains active and that proposed controls are implemented according to schedule. When an enterprise is conscious of a risk, but does not have an appropriate risk response strategy, then it leads to the increase of the liability of the organization to adverse publicity or even civil or criminal penalties.

Incorrect Answers:
A: Risk management provides an approach for individuals and groups to make a decision on how to deal with potentially harmful situations

B: Integrating risk response options to address more than one risk together, help in achieving greater efficiency.

The use of techniques that are versatile and enterprise-wide, rather than individual solutions provides better justification for risk response strategies and related costs.

C: Implementation of risk response ensures that the risks analyzed in risk analysis process are being lowered to level that the enterprise can accept, by applying appropriate controls.



Page 45 of 451



Post your Comments and Discuss ISACA CRISC exam with other Community members:

Fei commented on November 26, 2024
Very good resources
UNITED STATES
upvote

Yingying Li commented on December 02, 2023
Very useful practice tests.
Anonymous
upvote

Stephen commented on August 27, 2023
Can you please share CIMAPRA19-FO2-1 Exam dumps please
Anonymous
upvote

Parsad commented on June 04, 2023
Thank you for the buy 1 get 1 free discount. This helped me a lot. I donot have a lot of money.
INDIA
upvote

Petros commented on May 01, 2023
I could not have passed my certification test without the help of this study guide - highly recommend it!
PORTUGAL
upvote

Bobby commented on January 18, 2022
Passed easily.
UNITED STATES
upvote

Santosh commented on January 29, 2020
Passed my exam today with a score of 798. This is good material.
INDIA
upvote

Arron commented on January 26, 2020
This saved me so much time. The questions and answers are adequate and close to real exam. I like the PDF and its format. Just put it on my iPad and studied while traveling to work. This was my first time using this site and I am pretty happy about their service and price.
GERMANY
upvote

Suresh commented on April 17, 2019
This download is a waste of time . I downloaded the windows app and installed and it is asking to load the test. No documentation provided on how to use the desk top tool. Unable to install on my MAC not Iphone compatible. RE- Admin: Suresh, our website clearly says that the Test Engine software is for Windows only. We have not advertised anywhere in our website saying the Test Engine Software is for MAC as well.
UNITED STATES
upvote