ExamTopics Logo
Mail Us[email protected]
Menu
Isaca Discussions
exam questions

Exam CRISC All Questions

View all questions & answers for the CRISC exam
Go to Exam

Exam CRISC topic 1 question 1063 discussion

Actual exam question from Isaca's CRISC
Question #: 1063
Topic #: 1
[All CRISC Questions]

Which of the following standard operating procedure (SOP) statements BEST illustrates appropriate risk register maintenance?

  • A. Remove risk that management has decided to accept.
  • B. Remove risk only following a significant change in the risk environment.
  • C. Remove risk when mitigation results in residual risk within tolerance levels.
  • D. Remove risk that has been mitigated by third-party transfer.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by john_boogieman at Jan. 31, 2023, 8:23 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
CbtL
8 months, 2 weeks ago
Selected Answer: B
You only remove risk from the register if the environment changes and the risk no longer applies. Really, you should keep it for historical purposes. For all the others you keep them to show the risk response decision.
upvoted 1 times
...
Koulyo
9 months, 1 week ago
I am telling you B is the answer.
upvoted 2 times
Koulyo
9 months, 1 week ago
This is the reasoning: The most appropriate statement that illustrates appropriate risk register maintenance is B. "Remove risk only following a significant change in the risk environment." It is important to regularly review and update the risk register, but risks should not be removed without a valid reason. Significant changes in the risk environment, such as changes in project scope, stakeholder expectations, or external factors, may warrant a review of the risk register and the removal or addition of risks.
upvoted 3 times
...
...
john_boogieman
10 months, 3 weeks ago
Selected Answer: D
After better reading and hundreds of questions analyzed... best is 'D' really. When a risk has been mitigated by third-party transfer, it means that the responsibility for managing the risk has been transferred to another party, and the likelihood and impact of the risk have been reduced. In this case, it is appropriate to remove the risk from the risk register, as it is no longer a relevant risk to the organization.
upvoted 1 times
...
john_boogieman
11 months, 1 week ago
Selected Answer: B
Caught with tweezers, it seems the least bad of all.
upvoted 2 times
john_boogieman
10 months, 2 weeks ago
'D' is correct, reason: when a risk has been effectively transferred to a third party, it is no longer necessary to track it in the organization's risk register. Removing such risks from the risk register ensures that the risk register remains current and relevant, and helps to focus the organization's resources on addressing the most significant and relevant risks.
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel