Question 1

Which of the following is the MOST effective approach for an organization to establish and promote a strong risk culture?

Options :

A : Map risk management policies and procedures to business objectives

B : Appoint a risk management steering committee with business representation

C : Incorporate risk management objectives into job descriptions

D : Obtain senior management commitment for organization-wide risk awareness

Answer: C

Question 2

To help ensure the success of a major IT project, it is MOST important to:

Options :

A : obtain approval from business process owners

B : obtain the appropriate stakeholders' commitment

C : update the risk register on a regular basis

D : align the project with the IT risk framework

Answer: B

Question 3

A new regulatory requirement imposes severe fines for data leakage involving customers' personally identifiable information (PII). The risk practitioner has recommended avoiding the risk. Which of the following actions would BEST align with this recommendation?

Options :

A : Implement strong encryption for PII.

B : Modify business processes to stop collecting PII.

C : Move PII to a highly secured outsourced site.

D : Reduce retention periods for PII data.

Answer: B

Question 4

Which of the following will BEST ensure that controls adequately support business goals and objectives?

Options :

A : Using the risk management process

B : Enforcing strict disciplinary procedures in case of noncompliance

C : Adopting internationally accepted controls

D : Reviewing results of the annual company external audit

Answer: A

Question 5

While reviewing the risk register, a risk practitioner notices that different business units have significant variances in inherent risk for the same risk scenario. Which of the following is the BEST course of action?

Options :

A : Request that both business units conduct another review of the risk.

B : Review the assumptions of both risk scenarios to determine whether the variance is reasonable.

C : Update the risk register with the average of residual risk for both business units.

D : Update the risk register to ensure both risk scenarios have the highest residual risk.

Answer: B