CRISC Certified in Risk and Information Systems Control – Question204

You are the project manager for TTP project. You are in the Identify Risks process. You have to create the risk register. Which of the following are included in the risk register? Each correct answer represents a complete solution. (Choose two.)

A.
List of potential responses
B. List of key stakeholders
C. List of mitigation techniques
D. List of identified risks

Correct Answer: AD

Explanation:

Explanation:
Risk register primarily contains the following:

  • List of identified risks: A reasonable description of the identified risks is noted in the risk register. The description includes event, cause, effect, impact related to the risks identified. In addition to the list of identified risks, the root causes of those risks may appear in the risk register.
  • List of potential responses: Potential responses to a risk may be identified during the Identify Risks process. These responses are useful as inputs to the Plan Risk Responses process.
  • [/*]
  • Incorrect Answers:
  • B: This is not a valid content of risk register. A risk register is an inventory of risks and exposure associated with those risks. Risks are commonly found in project management practices, and provide information to identify, analyze, and manage risks. Typically a risk register contains:
  • [*]
  • A description of the risk
  • The impact should this event actually occur
  • The probability of its occurrence
  • Risk Score (the multiplication of Probability and Impact)
  • A summary of the planned response should the event occur
  • A summary of the mitigation (the actions taken in advance to reduce the probability and/or impact of the event)
  • Ranking of risks by Risk Score so as to highlight the highest priority risks to all involved.

C: Risk register do contain the summary of mitigation, but only after the applying risk response. Here in this scenario you are in risk identification phase, hence mitigation techniques cannot be documented at this situation.