CRISC Certified in Risk and Information Systems Control – Question275
Assessing the probability and consequences of identified risks to the project objectives, assigning a risk score to each risk, and creating a list of prioritized risks describes which of the following processes? A. Qualitative Risk Analysis B. Plan Risk Management C. Identify Risks D. Quantitative Risk Analysis
Correct Answer: A
Explanation:
Explanation:
The purpose of qualitative risk analysis is to determine what impact the identified risk events will have on the project and the probability they’ll occur. It also puts risks in priority order according to their effects on the project objectives and assigns a risk score for the project.
Incorrect Answers:
B: Risk Management is used to identify, assess, and control risks. It includes analyzing the value of assets to the business, identifying threats to those assets, and evaluating how vulnerable each asset is to those threats. Assessing the probability and consequences of identified risks is only the part of risk management.
C: It involves listing of all the possible risks so as to cure them before it can occur. In risk identification both threats and opportunities are considered, as both carry some level of risk with them.
D: This process does not involve assessing the probability and consequences of identified risks. Quantitative analysis is the use of numerical and statistical techniques rather than the analysis of verbal material for analyzing risks. Some of the quantitative methods of risk analysis are:
Internal loss method
External data analysis
Business process modeling (BPM) and simulation
Statistical process control (SPC)
Please disable your adblocker or whitelist this site!