CRISC Certified in Risk and Information Systems Control – Question097 - CRISC Certified in Risk and Information Systems Control

Jenny is the project manager for the NBT projects. She is working with the project team and several subject matter experts to perform the quantitative risk analysis process. During this process she and the project team uncover several risks events that were not previously identified. What should Jenny do with these risk events?

A. The events should be entered into qualitative risk analysis.
B. The events should be determined if they need to be accepted or responded to.
C. The events should be entered into the risk register.
D. The events should continue on with quantitative risk analysis.

Correct Answer: C

Explanation:

Explanation:
All identified risk events should be entered into the risk register.
A risk register is an inventory of risks and exposure associated with those risks. Risks are commonly found in project management practices, and provide information to identify, analyze, and manage risks. Typically a risk register contains:

A description of the risk
The impact should this event actually occur
The probability of its occurrence
Risk Score (the multiplication of Probability and Impact)
A summary of the planned response should the event occur
A summary of the mitigation (the actions taken in advance to reduce the probability and/or impact of the event)
Ranking of risks by Risk Score so as to highlight the highest priority risks to all involved.

Incorrect Answers:
A: Before the risk events are analyzed they should be documented in the risk register.
B: The risks should first be documented and analyzed.
D: These risks should first be identified, documented, passed through qualitative risk analysis and then it should be determined if they should pass through the quantitative risk analysis process.