CRISC Certified in Risk and Information Systems Control – Question005

You are the risk official in Bluewell Inc. You are supposed to prioritize several risks. A risk has a rating for occurrence, severity, and detection as 4, 5, and 6, respectively. What Risk Priority Number (RPN) you would give to it?

A.
120
B. 100
C. 15
D. 30

Correct Answer: A

Explanation:

Explanation:
Steps involving in calculating risk priority number are as follows:

  • Identify potential failure effects
  • Identify potential causes
  • Establish links between each identified potential cause
  • Identify potential failure modes
  • Assess severity, occurrence and detection
  • Perform score assessments by using a scale of 1 -10 (low to high rating) to score these assessments.
  • Compute the RPN for a particular failure mode as Severity multiplied by occurrence and detection. RPN = Severity * Occurrence * Detection
    Hence, RPN = 4 * 5 * 6
    = 120

Incorrect Answers: B, C, D: These are not RPN for given values of severity, occurrence, and detection.