CRISC Dumps 2022 – New ISACA CRISC Exam Questions [Q567-Q583]

Section: Volume D

Explanation/Reference:
Explanation:
Risk communication is the process of exchanging information and views about risks among stakeholders, such as groups, individuals, and institutions. Risk communication is mostly concerned with the nature of risk or expressing concerns, views, or reactions to risk managers or institutional bodies for risk management. The key plan to consider and communicate risk is to categorize and impose priorities, and acquire suitable measures to reduce risks. It is important throughout any crisis to put across multifaceted information in a simple and clear manner. Risk communication helps in switching or allocating the information concerning risk among the decision-maker and the stakeholders. Risk communication can be explained more clearly with the help of the following definitions:
It defines the issue of what a group does, not just what it says.

It must take into account the valuable element in user’s perceptions of risk.

It will be more valuable if it is thought of as conversation, not instruction.

Risk communication is a fundamental and continuing element of the risk analysis exercise, and the involvement of the stakeholder group is from the beginning. It makes the stakeholders conscious of the process at each phase of the risk assessment. It helps to guarantee that the restrictions, outcomes, consequence, logic, and risk assessment are undoubtedly understood by all the stakeholders.
Incorrect Answers:
A: Risk governance is a systemic approach to decision making processes associated to natural and technological risks. It is based on the principles of cooperation, participation, mitigation and sustainability, and is adopted to achieve more effective risk management. It seeks to reduce risk exposure and vulnerability by filling gaps in risk policy, in order to avoid or reduce human and economic costs caused by disasters.
Risk governance is a continuous life cycle that requires regular reporting and ongoing review. The risk governance function must oversee the operations of the risk management team.
B: The International Risk Governance Council (IRGC) is a self-governing organization whose principle is to facilitate the understanding and managing the rising overall risks that have impacts on the economy and society, human health and safety, the environment at large. IRGC’s effort is to build and develop concepts of risk governance, predict main risk issues and present risk governance policy recommendations for the chief decision makers. IRGC mainly emphasizes on rising, universal risks for which governance deficits exist.
Its goal is to present recommendations for how policy makers can correct them. IRGC models at constructing strong, integrative inter-disciplinary governance models for up-coming and existing risks.
C: Risk response is a process of deciding what measures should be taken to reduce threats and take advantage of the opportunities discovered during the risk analysis processes. This process also includes assigning departments or individual staff members the responsibility of carrying out the risk response plans and these folks are known as risk owners.
The prioritization of the risk responses and development of the risk response plan is based on following parameters:
Cost of the response to reduce risk within tolerance levels

Importance of the risk

Capability to implement the response

Effectiveness and efficiency of the response

Risk prioritization strategy is used to create a risk response plan and implementation schedule because all risk cannot be addressed at the same time. It may take considerable investment of time and resources to address all the risk identified in the risk analysis process. Risk with a greater likelihood and impact on the enterprise will prioritized above other risk that is considered less likely or lay less impact.

Section: Volume C
Explanation:
This is categorized as a Business case to be made because the project cost is very large. The response to be implemented requires quite large investment. Therefore it comes under business case to be made.
Incorrect Answers:
A: It addresses costly risk response to a low risk. But here the response is less costly than that of business case to be made.
B: Quick win is very effective and efficient response that addresses medium to high risk. But in this the response does not require large investments.
D: This is not risk response prioritization option, instead it is a type of risk that happen with the several of the enterprise’s business partners within a very short time frame.

Section: Volume D
Explanation:
The power/interest grid groups stakeholders based on their level of authority (power) and their level of interest in your project. The power/interest grid forms a group of the stakeholders based on their level of authority (power) and their level of interest in the project.
Interest accounts to what degree the stakeholders are affected by examining the project or policy change, and to what degree of interest or concern they have about it. Power accounts for the influence the stakeholders have over the project or policy, and to what degree they can help to accomplish, or block, the preferred change.
Stakeholders, who have high power and interests associated with the project, are the people or organizations that are fully engaged with the project. When trying to generate strategic change, this community is the target of any operation.
Incorrect Answers:
B: The stakeholder register is a listing of stakeholder information and communication requirements.
C: The influence/impact grid charts is based on the stakeholder’s involvement and ability to effect changes to the project’s planning and execution.
D: The salience model groups the stakeholders based on their power, urgency, and legitimacy in the project.

Explanation/Reference:
Explanation:
SWOT analysis is a strategic planning method used to evaluate the Strengths, Weaknesses, Opportunities, and Threats involved in a project or in a business venture. It involves specifying the objective of the business venture or project and identifying the internal and external factors that are favorable and unfavorable to achieving that objective.
Incorrect Answers:
B, C: Brainstorming and Delphi techniques are used to identify risks in a project through consensus. Delphi differs in that as the members of the team do not know each other.
D: In this technique, risks can be identified directly by experts with relevant experience of similar projects or business areas.

Section: Volume D

Explanation/Reference:
Explanation:
By focusing on the high-priority of risk events through qualitative risk analysis you can improve the project’s performance.
Qualitative analysis is the definition of risk factors in terms of high/medium/low or a numeric scale (1 to 10).
Hence it determines the nature of risk on a relative scale.
Some of the qualitative methods of risk analysis are:
Scenario analysis- This is a forward-looking process that can reflect risk for a given point in time.

Risk Control Self -assessment (RCSA) – RCSA is used by enterprises (like banks) for the identification

and evaluation of operational risk exposure. It is a logical first step and assumes that business owners and managers are closest to the issues and have the most expertise as to the source of the risk. RCSA is a constructive process in compelling business owners to contemplate, and then explain, the issues at hand with the added benefit of increasing their accountability.
Incorrect Answers:
A: Subject matter experts can help the qualitative risk assessment, but by focusing on high-priority risks the project’s performance can improve by addressing these risk events.
B: Stakeholders should be involved throughout the project as situations within the project demand their input to risk identification and analysis.
C: Qualitative analysis does use a fast approach of analyzing project risks, but it’s not the best answer for this

Section: Volume D

and B are incorrect. These are used for calculating Annual loss expectancy (ALE) in quantitative risk assessment. Formula is given as follows: ALE= SLE*ARO

Section: Volume C
Explanation:
Root node is the starting node in the decision tree.
Incorrect Answers:
A: Decision nodes represents the choice available to the decision maker, usually between a risky choice and its non-risky counterpart.
C: Event node represents the possible uncertain outcomes of a risky decision, with at least two nodes to illustrate the positive and negative range of events.
B: End node represents the outcomes of risk and decisions.

Section: Volume D