CRISC Certified in Risk and Information Systems Control - Practice Questions

Question 4 (Volume A)

Which of the following are risk components of the COSO ERM framework?

Each correct answer represents a complete solution. (Choose three.)

Select all that apply, then click Submit answer.

○
Risk response
○
Internal environment
○
Business continuity
○
Control activities

Question 5 (Volume C)

You work as a Project Manager for Company Inc. You have to conduct the risk management activities for a project. Which of the following inputs will you use in the plan risk management process?

Each correct answer represents a complete solution. (Choose three.)

Select all that apply, then click Submit answer.

○
Quality management plan
○
Schedule management plan
○
Cost management plan
○
Project scope statement

Reference / correct answer:

Schedule management plan

Cost management plan

Project scope statement

The inputs to the plan risk management process are as follows:

Project scope statement: It provides a clear sense of the range of possibilities associated with the project and establishes the framework for how significant the risk management effort may become. Cost management plan: It describes how risk budgets, contingencies, and management reserves will be reported and accessed.

Schedule management plan: It describes how the schedule contingencies will be reported and assessed.

Communication management plan: It describes the interactions, which occurs on the project and determines who will be available to share information on various risks and responses at different times.

Enterprise environmental factors: It include, but are not limited to, risk attitudes and tolerances that describe the degree of risk that an organization withstand.

Organizational process assets: It includes, but are not limited to, risk categories, risk statement formats, standard templates, roles and responsibilities, authority levels for decision-making, lessons learned, and stakeholder registers.

Incorrect Answers:

A: It is not an input for Plan risk management process.

Question 6 (Volume B)

Which of the following statements are true for risk communication? Each correct answer represents a complete solution. (Choose three.)

Select all that apply, then click Submit answer.

○
It requires a practical and deliberate scheduling approach to identify stakeholders, actions, and concerns.
○
It helps in allocating the information concerning risk among the decision-makers.
○
It requires investigation and interconnectivity of procedural, legal, social, political, and economic factors.
○
It defines the issue of what a stakeholder does, not just what it says.

Reference / correct answer:

It requires a practical and deliberate scheduling approach to identify stakeholders, actions, and concerns.

It requires investigation and interconnectivity of procedural, legal, social, political, and economic factors.

It defines the issue of what a stakeholder does, not just what it says.

Risk communication is the process of exchanging information and views about risks among stakeholders, such as groups, individuals, and institutions. Risk communication is mostly concerned with the nature of risk or expressing concerns, views, or reactions to risk managers or institutional bodies for risk management. The key plan to consider and communicate risk is to categorize and impose priorities, and acquire suitable measures to reduce risks. It is important throughout any crisis to put across multifaceted information in a simple and clear manner.

Risk communication helps in switching or allocating the information concerning risk among the decision-maker and the stakeholders.

Risk communication can be explained more clearly with the help of the following definitions:

It defines the issue of what a group does, not just what it says.

It must take into account the valuable element in user's perceptions of risk. It will be more valuable if it is thought of as conversation, not instruction.

Risk communication is a fundamental and continuing element of the risk analysis exercise, and the involvement of the stakeholder group is from the beginning. It makes the stakeholders conscious of the process at each phase of the risk assessment. It helps to guarantee that the restrictions, outcomes, consequence, logic, and risk assessment are undoubtedly understood by all the stakeholders.

Incorrect Answers:

B: It helps in allocating the information concerning risk not only among the decision-makers but also stakeholders.

CRISC – Certified in Risk and Information Systems Control