When a risk cannot be sufficiently mitigated through manual or automatic controls, which of the following options will BEST protect the enterprise from the potential financial impact of the risk? A. Updating the IT risk registry B. Insuring against the risk C. Outsourcing the related business process to a third party D. Improving staff-training in the risk area
Correct Answer: B
Explanation:
Explanation: An insurance policy can compensate the enterprise up to 100% by transferring the risk to another company. Hence in this stem risk is being transferred.
Incorrect Answers:
A: Updating the risk registry (with lower values for impact and probability) will not actually change the risk, only management’s perception of it.
C: Outsourcing the process containing the risk does not necessarily remove or change the risk. While on other hand, insurance will completely remove the risk.
D: Staff capacity to detect or mitigate the risk may potentially reduce the financial impact, but insurance allows for the risk to be mitigated up to 100%.
You are the project manager for your organization to install new workstations, servers, and cabling throughout a new building, where your company will be moving into. The vendor for the project informs you that the cost of the cabling has increased due to some reason. This new cost will cause the cost of your project to increase by nearly eight percent. What change control system should the costs be entered into for review? A. Cost change control system B. Contract change control system C. Scope change control system D. Only changes to the project scope should pass through a change control system.
Correct Answer: A
Explanation:
Explanation: Because this change deals with the change of the deliverable, it should pass through the cost change control system. The cost change control system reviews the reason why the change has happened, what the cost affects, and how the project should respond.
Incorrect Answers:
B: This is not a contract change. According to the evidence that a contract exists or that the cost of the materials is outside of the terms of a contract if one existed. Considered a time and materials contract, where a change of this nature could be acceptable according to the terms of the contract. If the vendor wanted to change the terms of the contract then it would be appropriate to enter the change into the contract change control system.
C: The scope of the project will not change due to the cost of the materials.
D: There are four change control systems that should always be entertained for change: schedule, cost, scope, and contract.
You are the project manager of the GHT project. You are accessing data for further analysis. You have chosen such a data extraction method in which management monitors its own controls. Which of the following data extraction methods you are using here? A. Extracting data directly from the source systems after system owner approval B. Extracting data from the system custodian (IT) after system owner approval C. Extracting data from risk register D. Extracting data from lesson learned register
Correct Answer: A
Explanation:
Explanation: Direct extraction from the source system involves management monitoring its own controls, instead of auditors/third parties monitoring management’s controls. It is preferable over extraction from the system custodian.
Incorrect Answers:
B: Extracting data from the system custodian (IT) after system owner approval, involves auditors or third parties monitoring management’s controls. Here, in this management does not monitors its own control. C, D: These are not data extraction methods.
Which of the following is the BEST way to determine the ongoing efficiency of control processes? A. Interview process owners B. Review the risk register C. Perform annual risk assessments D. Analyze key performance indicators (KPIs)
Which of the following is NOT true for Key Risk Indicators? A. They are selected as the prime monitoring indicators for the enterprise B. They help avoid having to manage and report on an excessively large number of risk indicators C. The complete set of KRIs should also balance indicators for risk, root causes and business impact. D. They are monitored annually
Correct Answer: D
Explanation:
Explanation: They are monitored on regular basis as they indicate high probability and high impact risks. As risks change over time, hence KRIs should also be monitored regularly for its effectiveness on these changing risks.
Incorrect Answers:
A, B, C: These all are true for KRIs. Key Risk Indicators are the prime monitoring indicators of the enterprise. KRIs are highly relevant and possess a high probability of predicting or indicating important risk. KRIs help in avoiding excessively large number of risk indicators to manage and report that a large enterprise may have. The complete set of KRIs should also balance indicators for risk, root causes and business impact, so as to indicate the risk and its impact completely.
You are working in Bluewell Inc. which make advertisement Websites. Someone had made unauthorized changes to your Website. Which of the following terms refers to this type of loss? A. Loss of confidentiality B. Loss of integrity C. Loss of availability D. Loss of revenue
Correct Answer: B
Explanation:
Explanation:
Loss of integrity refers to the following types of losses:
An e-mail message is modified in transit
A virus infects a file
Someone makes unauthorized changes to a Web site
Incorrect Answers:
A: Someone sees a password or a company’s secret formula, this is referred to as loss of confidentiality.
C: An e-mail server is down and no one has e-mail access, or a file server is down so data files aren’t available comes under loss of availability.
D: This refers to the events which would eventually cause loss of revenue.
Which of the following statements is true for risk analysis? A. Risk analysis should assume an equal degree of protection for all assets. B. Risk analysis should give more weight to the likelihood than the size of loss. C. Risk analysis should limit the scope to a benchmark of similar companies D. Risk analysis should address the potential size and likelihood of loss.
Correct Answer: D
Explanation:
Explanation:
A risk analysis deals with the potential size and likelihood of loss. A risk analysis involves identifying the most probable threats to an organization and analyzing the related vulnerabilities of the organization to these threats. A risk from an organizational perspective consists of:
Threats to various processes of organization.
Threats to physical and information assets.
Likelihood and frequency of occurrence from threat.
Impact on assets from threat and vulnerability.
Risk analysis allows the auditor to do the following tasks :
Identify threats and vulnerabilities to the enterprise and its information system.
Provide information for evaluation of controls in audit planning.
Aids in determining audit objectives.
Supporting decision based on risks.
Incorrect Answers:
A: Assuming equal degree of protection would only be rational in the rare event that all the assets are similar in sensitivity and criticality. Hence this is not practiced in risk analysis.
B: Since the likelihood determines the size of the loss, hence both elements must be considered in the calculation.
C: A risk analysis would not normally consider the benchmark of similar companies as providing relevant information other than for comparison purposes.
What are the key control activities to be done to ensure business alignment? Each correct answer represents a part of the solution. Choose two. A. Define the business requirements for the management of data by IT B. Conduct IT continuity tests on a regular basis or when there are major changes in the IT infrastructure C. Periodically identify critical data that affect business operations D. Establish an independent test task force that keeps track of all events
Correct Answer: AC
Explanation:
Explanation:
Business alignment require following control activities:
Defining the business requirements for the management of data by IT.
Periodically identifying critical data that affect business operations, in alignment with the risk management model and IT service as well as the business continuity plan.
Incorrect Answers:
B: Conducting IT continuity tests on a regular basis or when there are major changes in the IT infrastructure is done for testing IT continuity plan. It does not ensure alignment with business.
D: This is not a valid answer.
Henry is the project manager of the QBG Project for his company. This project has a budget of $4,576,900 and is expected to last 18 months to complete. The CIO, a stakeholder in the project, has introduced a scope change request for additional deliverables as part of the project work. What component of the change control system would review the proposed changes' impact on the features and functions of the project's product? A. Cost change control system B. Configuration management system C. Scope change control system D. Integrated change control
Correct Answer: B
Explanation:
Explanation:
The configuration management system ensures that proposed changes to the project’s scope are reviewed and evaluated for their affect on the project’s product.
Configure management process is important in achieving business objectives. Ensuring the integrity of hardware and software configurations requires the establishment and maintenance of an accurate and complete configuration repository. This process includes collecting initial configuration information, establishing baselines, verifying and auditing configuration information, and updating the configuration repository as needed. Effective configuration management facilitates greater system availability minimizes production issues and resolves issues more quickly.
Incorrect Answers:
A: The cost change control system is responsible for reviewing and controlling changes to the project costs.
C: The scope change control system focuses on reviewing the actual changes to the project scope. When a change to the project’s scope is proposed, the configuration management system is also invoked.
D: Integrated change control examines the affect of a proposed change on the project as a whole.
What are the functions of the auditor while analyzing risk? Each correct answer represents a complete solution. Choose three. A. Aids in determining audit objectives B. Identify threats and vulnerabilities to the information system C. Provide information for evaluation of controls in audit planning D. Supporting decision based on risks
Correct Answer: ACD
Explanation:
Explanation:
A risk analysis involves identifying the most probable threats to an organization and analyzing the related vulnerabilities of the organization to these threats. A risk from an organizational perspective consists of:
Threats to various processes of organization.
Threats to physical and information assets.
Likelihood and frequency of occurrence from threat.
Impact on assets from threat and vulnerability.
Risk analysis allows the auditor to do the following tasks :
Threats to various processes of organization.
Threats to physical and information assets.
Likelihood and frequency of occurrence from threat.
Impact on assets from threat and vulnerability.
Risk analysis allows the auditor to do the following tasks :
Identify threats and vulnerabilities to the enterprise and its information system.
Provide information for evaluation of controls in audit planning.
Aids in determining audit objectives.
Supporting decision based on risks.
Incorrect Answers:
B: Auditors identify threats and vulnerability not only in the IT but the whole enterprise as well.
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
Cookie
Duration
Description
cookielawinfo-checkbox-analytics
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional
11 months
The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy
11 months
The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.