CRISC Practice Test

The PRIMARY reason to have risk owners assigned to entries in the risk register is to ensure:

A.

risk is treated appropriately

B.

mitigating actions are prioritized

C.

risk entries are regularly updated

D.

risk exposure is minimized.

An organization has identified a risk exposure due to weak technical controls in a newly implemented HR system. The risk practitioner is documenting the risk in the risk register. The risk should be 

A.

owned by the:

B.

chief risk officer.

C.

project manager.

D.

chief information officer.

E.

business process owner.

The PRIMARY benefit associated with key risk indicators (KRls) is that they:

A.

help an organization identify emerging threats.

B.

benchmark the organization's risk profile.

C.

identify trends in the organization's vulnerabilities.

D.

enable ongoing monitoring of emerging risk.

Which of the following would prompt changes in key risk indicator {KRI) thresholds?

A.

Changes to the risk register

B.

Changes in risk appetite or tolerance

C.

Modification to risk categories

D.

Knowledge of new and emerging threats

After undertaking a risk assessment of a production system, the MOST appropriate action is for the risk manager to

A.

recommend a program that minimizes the concerns of that production system.

B.

inform the development team of the concerns, and together formulate risk reduction measures.

C.

inform the process owner of the concerns and propose measures to reduce them

D.

inform the IT manager of the concerns and propose measures to reduce them.