Isaca Certified in Risk and Information Systems Control CRISC Question # 361 Topic 37 Discussion
CRISC Exam Topic 37 Question 361 Discussion:
Question #: 361
Topic #: 37
During a risk assessment, the risk practitioner finds a new risk scenario without controls has been entered into the risk register. Which of the following is the MOST appropriate action?
A.
Include the new risk scenario in the current risk assessment.
B.
Postpone the risk assessment until controls are identified.
C.
Request the risk scenario be removed from the register.
D.
Exclude the new risk scenario from the current risk assessment
A new risk scenario without controls means that there is a potential threat or event that could adversely affect the organization’s objectives, and there are no existing measures to prevent or reduce the impact or likelihood of the risk. Therefore, the most appropriate action is to include the new risk scenario in the current risk assessment, so that the risk practitioner can analyze therisk, evaluate its severity and priority, and recommend suitable controls to mitigate the risk. By including the new risk scenario in the current riskassessment, the risk practitioner can ensure that the risk register is updated and reflects the current risk profile of the organization. The other options are not appropriate because they either ignore the new risk scenario, delay the risk assessment process, or remove valuable information from the risk register. References = Risk and Information Systems Control Study Manual, Chapter 3, Section 3.4.1, page 95.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit