CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. ISACA
  5. CRISC

Free CRISC Exam Braindumps (page: 49)

Page 49 of 451
PDF with 1871 Questions

Jane is the project manager of the NHJ Project for his company. He has identified several positive risk events within his project and he thinks these events can save the project time and money. Positive risk events, such as these within the NHJ Project are referred to as?

  1. Contingency risks
  2. Benefits
  3. Residual risk
  4. Opportunities

Answer(s): D

Explanation:

A positive risk event is also known as an opportunity. Opportunities within the project to save time and money must be evaluated, analyzed, and responded to.

Incorrect Answers:
A: A contingency risk is not a valid risk management term.

B: Benefits are the good outcomes of a project endeavor. Benefits usually have a cost factor associated with them.

C: Residual risk is the risk that remains after applying controls. It is not feasible to eliminate all risks from an organization. Instead, measures can be taken to reduce risk to an acceptable level. The risk that is left is residual risk.



During qualitative risk analysis you want to define the risk urgency assessment. All of the following are indicators of risk priority except for which one?

  1. Warning signs
  2. Symptoms
  3. Risk rating
  4. Cost of the project

Answer(s): D

Explanation:

The cost of the project is not an indicator of risk urgency. The affect of the risk on the overall cost of the project may be considered, but it is not the best answer.

Incorrect Answers:
A: Warning signs are an indicator of the risk urgency. B: Symptoms are an indicator of the risk urgency.
C: The risk rating can be an indicator of the risk urgency.



Which of the following phases is involved in the Data Extraction, Validation, Aggregation and Analysis?

  1. Risk response and Risk monitoring
  2. Requirements gathering, Data access, Data validation, Data analysis, and Reporting and corrective action
  3. Data access and Data validation
  4. Risk identification, Risk assessment, Risk response and Risk monitoring

Answer(s): B

Explanation:

The basic concepts related to data extraction, validation, aggregation and analysis is important as KRIs often rely on digital information from diverse sources. The phases which are involved in this are:
Requirements gathering: Detailed plan and project's scope is required for monitoring risks. In the case of a monitoring project, this step should involve process owners, data owners, system custodians and other process stakeholders.

Data access: In the data access process, management identifies which data are available and how they can be acquired in a format that can be used for analysis. There are two options for data extraction:
- Extracting data directly from the source systems after system owner approval
- Receiving data extracts from the system custodian (IT) after system owner approval

Direct extraction is preferred, especially since this involves management monitoring its own controls, instead of auditors/third parties monitoring management's controls. If it is not feasible to get direct access, a data access request form should be submitted to the data owners that detail the appropriate data fields to be extracted. The request should specify the method of delivery for the file.
Data validation: Data validation ensures that extracted data are ready for analysis. One of its important objective is to perform tests examining the data quality to ensure data are valid complete and free of errors. This may also involve making data from different sources suitable for comparative analysis. Following concepts should be considered while validating data:
- Ensure the validity, i.e., data match definitions in the table layout
- Ensure that the data are complete
- Ensure that extracted data contain only the data requested
- Identify missing data, such as gaps in sequence or blank records
- Identify and confirm the validity of duplicates
- Identify the derived values
- Check if the data given is reasonable or not
- Identify the relationship between table fields
- Record, in a transaction or detail table, that the record has no match in a master table

Data analysis: Analysis of data involves simple set of steps or complex combination of commands and other functionality. Data analysis is designed in such a way to achieve the stated objectives from the project plan. Although this may be applicable to any monitoring activity, it would be beneficial to consider transferability and scalability. This may include robust documentation, use of software development standards and naming conventions.

Reporting and corrective action: According to the requirements of the monitoring objectives and the technology being used, reporting structure and distribution are decided. Reporting procedures indicate to whom outputs from the automated monitoring process are distributed so that they are directed to the right people, in the right format, etc. Similar to the data analysis stage, reporting may also identify areas in which changes to the sensitivity of the reporting parameters or the timing and frequency of the monitoring activity may be required.

Incorrect Answers:
D: These are the phases that are involved in risk management.



Which of the following items is considered as an objective of the three dimensional model within the framework described in COSO ERM?

  1. Risk assessment
  2. Financial reporting
  3. Control environment
  4. Monitoring

Answer(s): B

Explanation:

The COSO ERM (Enterprise Risk Management) frame work is a 3-dimensional model. The dimensions and their components include:
Strategic Objectives - includes strategic, operations, reporting, and compliance.
Risk Components - includes Internal Environment, Objectives settings, Event identification, Risk assessment, Risk response, Control activities, Information and communication, and monitoring. Organizational Levels - include subsidiary, business unit, division, and entity-level.

The COSO ERM framework contains eight risk components: Internal Environment
Objective Settings Event Identification Risk Assessment Risk Response Control Activities
Information and Communication Monitoring

Section 404 of the Sarbanes-Oley act specifies a three dimensional model- COSO ERM, comprised of Internal control components, Internal control objectives, and organization entities. All the items listed are components except Financial reporting which is an internal control objective.

Incorrect Answers:
A, C, D: They are the Internal control components, not the Internal control objectives.



Page 49 of 451



Post your Comments and Discuss ISACA CRISC exam with other Community members:

Fei commented on November 26, 2024
Very good resources
UNITED STATES
upvote

Yingying Li commented on December 02, 2023
Very useful practice tests.
Anonymous
upvote

Stephen commented on August 27, 2023
Can you please share CIMAPRA19-FO2-1 Exam dumps please
Anonymous
upvote

Parsad commented on June 04, 2023
Thank you for the buy 1 get 1 free discount. This helped me a lot. I donot have a lot of money.
INDIA
upvote

Petros commented on May 01, 2023
I could not have passed my certification test without the help of this study guide - highly recommend it!
PORTUGAL
upvote

Bobby commented on January 18, 2022
Passed easily.
UNITED STATES
upvote

Santosh commented on January 29, 2020
Passed my exam today with a score of 798. This is good material.
INDIA
upvote

Arron commented on January 26, 2020
This saved me so much time. The questions and answers are adequate and close to real exam. I like the PDF and its format. Just put it on my iPad and studied while traveling to work. This was my first time using this site and I am pretty happy about their service and price.
GERMANY
upvote

Suresh commented on April 17, 2019
This download is a waste of time . I downloaded the windows app and installed and it is asking to load the test. No documentation provided on how to use the desk top tool. Unable to install on my MAC not Iphone compatible. RE- Admin: Suresh, our website clearly says that the Test Engine software is for Windows only. We have not advertised anywhere in our website saying the Test Engine Software is for MAC as well.
UNITED STATES
upvote