CISSP · Question #1457
What is the FIRST step in risk management?
The correct answer is C. Establish the scope and actions required.. Risk management follows a structured process, and the first step is always to define scope, context, and objectives before any other activity can meaningfully occur.
Question
What is the FIRST step in risk management?
Options
- AEstablish the expectations of stakeholder involvement.
- BIdentify the factors that have potential to impact business.
- CEstablish the scope and actions required.
- DIdentify existing controls in the environment.
How the community answered
(56 responses)- A7% (4)
- B4% (2)
- C79% (44)
- D11% (6)
Why each option
Risk management follows a structured process, and the first step is always to define scope, context, and objectives before any other activity can meaningfully occur.
Stakeholder involvement expectations are important but are defined as part of the communication and consultation component that runs alongside the process, not as the first discrete step before scope is established.
Identifying factors that could impact the business (risk identification) is the second major phase of risk management and cannot be performed effectively until the scope and context have first been defined.
Establishing scope and required actions is the foundational first step in risk management because it defines the boundaries of the risk program, the assets or processes under consideration, and the criteria for decision-making. Without a defined scope, subsequent activities such as risk identification or control assessment lack context and direction. This aligns with frameworks like ISO 31000, which identifies 'establishing the context' (scope, criteria, and objectives) as the initial phase of the risk management process.
Identifying existing controls is part of risk analysis and risk treatment evaluation, which occurs later in the process after risks have been identified and the scope has already been established.
Concept tested: First step in the risk management process
Source: https://www.iso.org/obp/ui/#iso:std:iso:31000:ed-2:v1:en
Topics
Community Discussion
No community discussion yet for this question.