CRISC Certified in Risk and Information Systems Control – Question318

Adrian is a project manager for a new project using a technology that has recently been released and there's relatively little information about the technology. Initial testing of the technology makes the use of it look promising, but there's still uncertainty as to the longevity and reliability of the technology. Adrian wants to consider the technology factors a risk for her project. Where should she document the risks associated with this technology so she can track the risk status and responses?

A.
Project scope statement
B. Project charter
C. Risk low-level watch list
D. Risk register

Correct Answer: D

Explanation:

Explanation:
A risk register is an inventory of risks and exposure associated with those risks. Risks are commonly found in project management practices, and provide information to identify, analyze, and manage risks. Typically a risk register contains:

  • A description of the risk
  • The impact should this event actually occur
  • The probability of its occurrence
  • Risk Score (the multiplication of Probability and Impact)
  • A summary of the planned response should the event occur
  • A summary of the mitigation (the actions taken in advance to reduce the probability and/or impact of the event)
  • Ranking of risks by Risk Score so as to highlight the highest priority risks to all involved.
  • It records the initial risks, the potential responses, and tracks the status of each identified risk in the project.

Incorrect Answers:
A: The project scope statement does document initially defined risks but it is not a place that will record risks responses and status of risks.
B: The project charter does not define risks.
C: The risk low-level watch list is for identified risks that have low impact and low probability in the project.