CRISC · Question #507
CRISC Question #507: Real Exam Question with Answer & Explanation
The correct answer is B: Action plans to address risk scenarios requiring treatment. When updating a risk register, it is most important to capture action plans to address risk scenarios requiring treatment. This ensures that identified risks have defined responses and facilitates active risk management.
Question
A business unit is updating a risk register with assessment results for a key project. Which of the following is MOST important to capture in the register?
Options
- AThe methodology used to perform the risk assessment
- BAction plans to address risk scenarios requiring treatment
- CDate and status of the last project milestone
- DThe individuals assigned ownership of controls
Explanation
When updating a risk register, it is most important to capture action plans to address risk scenarios requiring treatment. This ensures that identified risks have defined responses and facilitates active risk management.
Common mistakes.
- A. While knowing the methodology used for assessment is useful context, it is less critical than documenting the actual plans to manage the risks identified.
- C. The date and status of the last project milestone are relevant for overall project management, but not the most critical piece of information for the risk management aspect captured in a risk register.
- D. Identifying control owners is important for accountability, but the action plans themselves (what will be done) are more fundamental to risk treatment than just who owns a control.
Concept tested. Risk register content and purpose
Reference. https://csrc.nist.gov/glossary/term/risk_register
Topics
Community Discussion
No community discussion yet for this question.