CAS-005 · Question #279
CAS-005 Question #279: Real Exam Question with Answer & Explanation
The correct answer is A: Add the risk to the risk register and assign the owner and severity.. A risk register is a tool commonly used in risk management to document all identified risks, their assessment in terms of likelihood and impact, and the actions steps to manage them. By adding the newly identified risks to the risk register and assigning an owner and severity, th
Question
During a periodic internal audit, a company identifies a few new, critical security controls that are missing. The company has a mature risk management program in place, and the following requirements must be met: - The stakeholders should be able to see all the risks. - The risks need to have someone accountable for them. Which of the following actions should the GRC analyst take next?
Options
- AAdd the risk to the risk register and assign the owner and severity.
- BChange the risk appetite and assign an owner to it.
- CMitigate the risk and change the status to accepted.
- DReview the risk to decide whether to accept or reject it.
Explanation
A risk register is a tool commonly used in risk management to document all identified risks, their assessment in terms of likelihood and impact, and the actions steps to manage them. By adding the newly identified risks to the risk register and assigning an owner and severity, the organization ensures that each risk is visible to stakeholders and has a designated individual responsible for its management. This aligns with the company's requirements for transparency and accountability in risk management.
Community Discussion
No community discussion yet for this question.