ExamTopics Logo
Mail Us[email protected]
Menu
Isaca Discussions
exam questions

Exam CRISC All Questions

View all questions & answers for the CRISC exam
Go to Exam

Exam CRISC topic 1 question 470 discussion

Actual exam question from Isaca's CRISC
Question #: 470
Topic #: 1
[All CRISC Questions]

A risk practitioner has populated the risk register with industry-based generic risk scenarios to be further assessed by risk owners. Which of the following is the
GREATEST concern with this approach?

  • A. Risk scenarios in the generic list may not help in building risk awareness
  • B. Risk scenarios that are not relevant to the organization may be assessed
  • C. Developing complex risk scenarios using the generic list will be difficult
  • D. Relevant risk scenarios that do not appear in the generic list may not be assessed
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by PGopinath at Jan. 6, 2021, 12:16 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
PGopinath
Highly Voted 3 years, 9 months ago
I think it’s D because not knowing/ assessing/ mitigating a true risk (which is relevant to the company and not generic) is worse than spending time and resources on an irrelevant risk (waste).
upvoted 10 times
...
joeyng
Most Recent 5 days, 2 hours ago
Selected Answer: B
B is corret coz risk owners may focus on irrelevant situations to lead to waste effort
upvoted 1 times
...
8e1c45b
6 months, 1 week ago
Selected Answer: D
D is correct
upvoted 1 times
...
cliffin
11 months ago
Selected Answer: D
I chose D because missing to assess a risk is riskier than wasting resources for assessing an irrelevant risk (option B).
upvoted 1 times
...
01010100
1 year, 3 months ago
Selected Answer: D
D. Relevant risk scenarios that do not appear in the generic list may not be assessed While using an industry-based generic list can help to start the risk management process, it might miss risks that are specific to the organization's unique context, operations, or environment. If those specific risks are not included in the generic list, they may not be assessed at all, which would leave the organization exposed to unidentified and unmanaged risks. Hence, the biggest concern with this approach would be the potential overlooking of relevant risk scenarios unique to the organization.
upvoted 1 times
8e1c45b
6 months, 1 week ago
Did you pass the exam?
upvoted 1 times
...
...
john_boogieman
1 year, 8 months ago
Selected Answer: D
Agree 'D'.
upvoted 2 times
...
Suchib
1 year, 10 months ago
Its D, all risk need to be identified for consideration.
upvoted 1 times
...
johnwalters
2 years, 1 month ago
D makes sense
upvoted 2 times
...
Raj1510
2 years, 9 months ago
I will go with D
upvoted 3 times
...
Anon530
3 years, 7 months ago
I would have picked D. I rather over analyze than under analyzed. Under analyzing may result in missing a critical risk.
upvoted 3 times
Ics2Pass
3 years, 7 months ago
I think B is correct. Wasting time and money on analyzing irrelevant risks...
upvoted 3 times
tsangckl
2 years, 7 months ago
its D. if the risk is not relevant, it will cater out in the risk analysis process. but if the risk is missed. it is the big problem.
upvoted 1 times
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago