CRISC Practice Test

Which of the following is a KEY responsibility of the second line of defense?

A.

Implementing control activities

B.

Monitoring control effectiveness

C.

Conducting control self-assessments

D.

Owning risk scenarios

While evaluating control costs, management discovers that the annual cost exceeds the annual loss expectancy (ALE) of the risk. This indicates the:

A.

control is ineffective and should be strengthened

B.

risk is inefficiently controlled.

C.

risk is efficiently controlled.

D.

control is weak and should be removed.

Which of the following should be the HIGHEST priority when developing a risk response?

A.

The risk response addresses the risk with a holistic view.

B.

The risk response is based on a cost-benefit analysis.

C.

The risk response is accounted for in the budget.

D.

The risk response aligns with the organization's risk appetite

Which of the following is MOST important to communicate to senior management during the initial implementation of a risk management program?

A.

Regulatory compliance

B.

Risk ownership

C.

Best practices

D.

Desired risk level

Which of the following is the PRIMARY objective of providing an aggregated view of IT risk to business management?

A.

To enable consistent data on risk to be obtained

B.

To allow for proper review of risk tolerance

C.

To identify dependencies for reporting risk

D.

To provide consistent and clear terminology