Question 1

Which of the following is the MOST important use of KRIs?

Options :

A : Providing a backward-looking view on risk events that have occurred

B : Providing an early warning signal

C : Providing an indication of the enterprise-s risk appetite and tolerance

D : Enabling the documentation and analysis of trends

Answer: B

Question 2

Which of the following is the MOST important consideration when creating a risk management framework?

Options :

A : Assigning roles and responsibilities

B : Aligning with corporate goals and objectives

C : Adjusting risk appetite and tolerance

D : Defining acceptable residual risk

Answer: B

Question 3

An IT control gap has been identified in a key process. Who would be the MOST appropriate owner of the risk associated with this gap?

Options :

A : Business process owner

B : Chief information security officer

C : Operational risk manager

D : Key control owner

Answer: A

Question 4

Which of the following is the BEST approach to use when creating a comprehensive set of IT risk scenarios?

Options :

A : Gather scenarios from senior management

B : Derive scenarios from IT risk policies and standards

C : Benchmark scenarios against industry peers

D : Map scenarios to a recognized risk management framework

Answer: D

Question 5

An organization is in the process of reviewing its risk appetite statement and re-defining the risk tolerance threshold. Which of the following elements of the risk register is MOST likely to change as a result of this review?

Options :

A : Risk impact

B : Risk response

C : Risk likelihood

D : Risk ownership

Answer: B