Exam CGEIT topic 1 question 359 discussion

Quantitive risk assessments are objective.

B. The objectivity of the risk assessment is of primary importance

A. The risk assessment is needed for an IT project business case. Quantitative risk assessments involve assigning numerical values to risks, probabilities, and impacts. This method is particularly suitable when precise estimations are needed, such as when developing business cases for IT projects. Quantitative assessments allow for detailed analysis, including cost-benefit analyses, return on investment calculations, and sensitivity analyses, which are critical components of business cases. While objectivity in risk assessment is important and may be addressed through quantitative or qualitative methods, and completing a risk assessment within a short period of time might favor qualitative methods due to their simplicity and speed, the lack of accurate and reliable past and present risk data could make quantitative assessment challenging. However, despite data limitations, if the risk assessment is necessary for a business case, quantitative methods may still be preferred as they provide a structured approach to estimating risks and their potential impacts.

It is MOST appropriate to use a quantitative risk assessment when the risk assessment is needed for an IT project business case (Option A). Quantitative risk assessments involve assigning numerical values to the various components of risk, such as the likelihood and impact of risks. This approach is particularly useful when there is a need to quantify the potential financial impact of risks on a project, making it relevant for business case analysis.