CISSP Question #988: Real Exam Question with Answer & Explanation

Question

What is the BEST reason to include supply chain risks in a corporate risk register?

Options

• ARisk registers help fund corporate supply chain risk management (SCRM) systems.
• BRisk registers classify and categorize risk and allow risks to be compared to corporate risk
• CRisk registers can be used to illustrate residual risk across the company.
• DRisk registers allow for the transfer of risk to third parties.

Explanation

A risk register is a governance tool used to document, classify, and compare risks across an organization, making it the ideal place to record supply chain risks alongside other corporate risks.

Common mistakes.

• A. Risk registers are documentation and governance tools used to track and manage risk, not financial instruments or funding mechanisms for procuring SCRM systems.
• C. While risk registers can reference residual risk for individual items, their primary and best purpose is the classification, categorization, and comparison of risks - not solely illustrating residual risk across the company.
• D. Risk transference (e.g., via insurance or contracts) is a risk response strategy, not a function of a risk register itself; the register documents risks and responses but does not itself transfer risk to third parties.

Concept tested. Purpose and function of a corporate risk register

Reference. https://csrc.nist.gov/glossary/term/risk_register

No community discussion yet for this question.