CRISC Practice Test

Which of the following is MOST important for developing effective key risk indicators (KRIs)?

A.

Engaging sponsorship by senior management

B.

Utilizing data and resources internal to the organization

C.

Including input from risk and business unit management

D.

Developing in collaboration with internal audit

Which of the following would be of GREATEST assistance when justifying investment in risk response
strategies?

A.

Total cost of ownership

B.

Resource dependency analysis

C.

Cost-benefit analysis

D.

Business impact analysis

Which of the following should be the PRIMARY focus of a risk owner once a decision is made to mitigate a risk?

A.

Updating the risk register to include the risk mitigation plan

B.

Determining processes for monitoring the effectiveness of the controls

C.

Ensuring that control design reduces risk to an acceptable level

D.

Confirming to management the controls reduce the likelihood of the risk

Which of the following is the BEST measure of the effectiveness of an employee deprovisioning process?

A.

Number of days taken to remove access after staff separation dates

B.

Number of days taken for IT to remove access after receipt of HR instructions

C.

Number of termination requests processed per reporting period

D.

Number of days taken for HR to provide instructions to IT after staff separation dates

During a risk assessment, the risk practitioner finds a new risk scenario without controls has been entered into
the risk register. Which of the following is the MOST appropriate action?

A.

Include the new risk scenario in the current risk assessment.

B.

Postpone the risk assessment until controls are identified.

C.

Request the risk scenario be removed from the register.

D.

Exclude the new risk scenario from the current risk assessment