CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. ISACA
  5. CRISC

Free CRISC Exam Braindumps (page: 44)

Page 43 of 451
PDF with 1871 Questions

Which of the following actions assures management that the organization's objectives are protected from the occurrence of risk events?

  1. Internal control
  2. Risk management
  3. Hedging
  4. Risk assessment

Answer(s): A

Explanation:

Internal controls are the actions taken by the organization to help to assure management that the organization's objectives are protected from the occurrence of risk events. Internal control objectives are applicable to all manual or automated areas. Internal control objectives include:
Internal accounting controls- They control accounting operations, including safeguarding assets and financial records.
Operational controls- They focus on day-to-day operations, functions, and activities. They ensure that all the organization's objectives are being accomplished.
Administrative controls- They focus on operational efficiency in a functional area and stick to management policies.

Incorrect Answers:
B: Risk management is the identification, assessment, and prioritization of risks followed by coordinated and economical application of resources. It is done to minimize, monitor, and control the probability and impact of unfortunate events or to maximize the realization of opportunities.

C: Hedging is the process of managing the risk of price changes in physical material by offsetting that risk in the futures market. In other words, it is the avoidance of risk. So, it only avoids risk but can not assure protection against risk.

D: Risk assessment is a process of analyzing the identified risk, both quantitatively and qualitatively. Quantitative risk assessment requires calculations of two components of risk, the magnitude of the potential loss, and the probability that the loss will occur. While qualitatively risk assessment checks the severity of risk. The assessment attempts to determine the likelihood of the risk being realized and the impact of the risk on the operation. This provides several conclusions:
Probability-establishing the likelihood of occurrence and reoccurrence of specific risks, independently and combined.
Interdependencies-the relationship between different types of risk. For instance, one risk may have greater potential of occurring if another risk has occurred. Or probability or impact of a situation may increase with combined risk.



You are working as a project manager in Bluewell Inc.. You are nearing the final stages of project execution and looking towards the final risk monitoring and controlling activities. For your project archives, which one of the following is an output of risk monitoring and control?

  1. Qualitative risk analysis
  2. Risk audits
  3. Quantitative risk analysis
  4. Requested changes

Answer(s): D

Explanation:

Of all the choices given, only requested changes is an output of the monitor and control risks process. You might also have risk register updates, recommended corrective and preventive actions, organizational process assets, and updates to the project management plan.

Incorrect Answers:
A, C: These are the plan risk management processes. B: Risk audit is a risk monitoring and control technique.



You are the project manager of HGT project. You are in the first phase of the risk response process and are doing following tasks:
-Communicating risk analysis results
-Reporting risk management activities and the state of compliance Interpreting independent risk assessment findings
-Identifying business opportunities

Which of the following process are you performing?

  1. Articulating risk
  2. Mitigating risk
  3. Tracking risk
  4. Reporting risk

Answer(s): A

Explanation:

Articulating risk is the first phase in the risk response process to ensure that information on the true state of exposures and opportunities are made available in a timely manner and to the right people for appropriate response. Following are the tasks that are involved in articulating risk:
Communicate risk analysis results.
Report risk management activities and the state of compliance. Interpret independent risk assessment findings.
Identify business opportunities.

Incorrect Answers:
B: Risk mitigation attempts to reduce the probability of a risk event and its impacts to an acceptable level. Risk mitigation can utilize various forms of control carefully integrated together. This comes under risk response process and is latter stage after articulating risk.

C: Tracking risk is the process of tracking the ongoing status of risk mitigation processes. This tracking ensures that the risk response strategy remains active and that proposed controls are implemented according to schedule.

D: This is not related to risk response process. It is a type of risk. Reporting risks are the risks that are caused due to wrong reporting which leads to bad decision.



Which of the following BEST measures the operational effectiveness of risk management capabilities?

  1. Capability maturity models (CMMs)
  2. Metric thresholds
  3. Key risk indicators (KRIs)
  4. Key performance indicators (KPIs)

Answer(s): D

Explanation:

Key performance indicators (KPIs) provide insights into the operational effectiveness of the concept or capability that they monitor. Key Performance Indicators is a set of measures that a company or industry uses to measure and/or compare performance in terms of meeting their strategic and operational goals. KPIs vary with company to company, depending on their priorities or performance criteria.

A company must establish its strategic and operational goals and then choose their KPIs which can best reflect those goals. For example, if a software company's goal is to have the fastest growth in its industry, its main performance indicator may be the measure of its annual revenue growth.

Incorrect Answers:
A: Capability maturity models (CMMs) assess the maturity of a concept or capability and do not provide insights into operational effectiveness.

B: Metric thresholds are decision or action points that are enacted when a KPI or KRI reports a specific value or set of values. It does not provide any insights into operational effectiveness.

C: Key risk indicators (KRIs) only provide insights into potential risks that may exist or be realized within a concept or capability that they monitor. Key Risk Indicators are the prime monitoring indicators of the enterprise. KRIs are highly relevant and possess a high probability of predicting or indicating important risk. KRIs help in avoiding excessively large number of risk indicators to manage and report that a large enterprise may have.






Post your Comments and Discuss ISACA CRISC exam with other Community members:

CRISC Discussions & Posts