CRISC Certified in Risk and Information Systems Control – Question383

You work as a Project Manager for Company Inc. You are incorporating a risk response owner to take the job for each agreed-to and funded risk response. On which of the following processes are you working?

A.
Quantitative Risk Analysis
B. Identify Risks
C. Plan risk response
D. Qualitative Risk Analysis

Correct Answer: C

Explanation:

Explanation: The plan risk response project management process aims to reduce the threats to the project objectives and to increase opportunities. It follows the perform qualitative risk analysis process and perform quantitative risk analysis process. Plan risk response process includes the risk response owner to take the job for each agreed-to and funded risk response. This process addresses the risks by their priorities, schedules the project management plan as required, and inserts resources and activities into the budget. The inputs to the plan risk response process are as follows:

  • Risk register
  • Risk management plan
  • [/*]
  • Incorrect Answers:
  • A: Quantitative analysis is the use of numerical and statistical techniques rather than the analysis of verbal material for analyzing risks. Some of the quantitative methods of risk analysis are:
  • [*]
  • Internal loss method
  • External data analysis
  • Business process modeling (BPM) and simulation
  • Statistical process control (SPC)
  • [/*]
  • B: Identify Risks is the process of determining which risks may affect the project. It also documents risks’ characteristics. The Identify Risks process is part of the Project Risk Management knowledge area. As new risks may evolve or become known as the project progresses through its life cycle, Identify Risks is an iterative process. The process should involve the project team so that they can develop and maintain a sense of ownership and responsibility for the risks and associated risk response actions. Risk Register is the only output of this process.
  • D: Qualitative analysis is the definition of risk factors in terms of high/medium/low or a numeric scale (1 to 10). Hence it determines the nature of risk on a relative scale.
  • Some of the qualitative methods of risk analysis are:
  • [*]
  • Scenario analysis- This is a forward-looking process that can reflect risk for a given point in time.
  • Risk Control Self -assessment (RCSA) – RCSA is used by enterprises (like banks) for the identification and evaluation of operational risk exposure. It is a logical first step and assumes that business owners and managers are closest to the issues and have the most expertise as to the source of the risk. RCSA is a constructive process in compelling business owners to contemplate, and then explain, the issues at hand with the added benefit of increasing their accountability.