When making decisions on prioritizing risk mitigation activities, which of the following would provide senior management with the MOST comprehensive information?
C. I understand what Bro is saying below about answer A. But a risk register is to be more comprehensive then just one assessment, right? It should be way more comprehensive then a risk assessment. Two cents.
A risk register is the inventory of all existing risks of an organization. The best method to understand any kind of risk is to review the risk register. It includes details of all risks along with relevant control activities. The most effective use of a risk register is to facilitate
a thorough review of all risks on a periodic basis. So I'd say it's C.
Risk Assessment is used to identify, analyze, and evaluate effectiveness of controls, this is done after the risk has already been addressed. The correct answer is Risk Register.
C- Risk assessment is a process of risk identification, evaluation and prioritization that would result in a formal risk assessment document. Risk register is a document that contains a list of all the risks identified by the company and prioritized in order of importance.
A. Risk assessment report
A risk assessment report typically includes an analysis of various risks, their likelihood, impact, and potential consequences, as well as recommended mitigation strategies. It often provides a broader and more comprehensive overview of risks compared to the other options listed.
Risk register if normally a document that contains a list of all the risks identified by the company and prioritised in order of importance.
IMHO Risk assessment is the
process of risk identification, evaluation and prioritisation that would result in a formal risk assessment document and would include a Risk Register as well as risk maps, risk action plans, control activities and communication protocols.
C. Although RA results in prioritization of risks, the risk register is the most comprehensive source here which gives a view of the current risk profile and risk assessment results are reflected also in the risk register. Also, from CRISC QAE, the best value derived from the risk register is that it drives risk response. So yeah, C for me.
A risk assessment report provides senior management with the most comprehensive information for making decisions on prioritizing risk mitigation activities. A risk assessment is a systematic process for identifying, evaluating, and prioritizing risks to an organization. A risk assessment report typically includes an analysis of the likelihood and impact of identified risks, as well as a recommendation for risk mitigation strategies and activities.
upvoted 3 times
...
This section is not available anymore. Please use the main Exam Page.CISM Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
CarlLimps
Highly Voted 1 year, 8 months agoSborrainculo
1 year, 8 months agonezeranonymous
Most Recent 1 week agoAlexJacobson
10 months agoSaisharan
11 months, 3 weeks agoPOWNED
11 months, 4 weeks agoXJ
1 year agooluchecpoint
1 year, 2 months agoAgamennore
1 year, 2 months ago[Removed]
1 year, 4 months agojennarink13
1 year, 4 months agorichck102
1 year, 5 months agodedfef
1 year, 7 months agoBroesweelies
1 year, 9 months ago