CRISC Certified in Risk and Information Systems Control – Question217
Which of the following are the MOST important risk components that must be communicated among all the stakeholders?
Each correct answer represents a part of the solution. Choose three. A. Various risk response used in the project B. Expectations from risk management C. Current risk management capability D. Status of risk with regard to IT risk
Correct Answer: BCD
Explanation:
Explanation:
The broad array of information and the major types of IT risk information that should be communicated are as follows:
Expectations from risk management: They include risk strategy, policies, procedures, awareness training, uninterrupted reinforcement of principles, etc. This essential communication drives all subsequent efforts on risk management and sets the overall expectations from risk management.
Current risk management capability: This allows monitoring of the status of the risk management engine in the enterprise. It is a key indicator for effective risk management and has predictive value for how well the enterprise is managing risk and reducing exposure.
Status with regard to IT risk: This describes the actual status with regard to IT risk including information of risk profile of the enterprise, Key risk indicators (KRIs) to support management reporting on risk, event-loss data, root cause of loss events and options to mitigate risk.
Incorrect Answers:
A: Risk response is only communicated to some of the stakeholders not all, as it is irrelevant for them. It is not communicated to the stakeholders of the project like project sponsors, etc.
Please disable your adblocker or whitelist this site!