Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Isaca Discussions
exam questions

Exam CRISC All Questions

View all questions & answers for the CRISC exam
Go to Exam

Exam CRISC topic 1 question 8 discussion

Actual exam question from Isaca's CRISC
Question #: 8
Topic #: 1
[All CRISC Questions]

What are the requirements for creating risk scenarios? Each correct answer represents a part of the solution. (Choose three.)

  • A. Determination of cause and effect
  • B. Determination of the value of business process at risk
  • C. Potential threats and vulnerabilities that could cause loss
  • D. Determination of the value of an asset
Show Suggested Answer Hide Answer
Suggested Answer: BCD 🗳️
Creating a scenario requires determination of the value of an asset or a business process at risk and the potential threats and vulnerabilities that could cause loss.
The risk scenario should be assessed for relevance and realism, and then entered into the risk register if found to be relevant.
In practice following steps are involved in risk scenario development:
✑ First determine manageable set of scenarios, which include:
- Frequently occurring scenarios in the industry or product area.
- Scenarios representing threat sources that are increasing in count or severity level.
- Scenarios involving legal and regulatory requirements applicable to the business.
✑ After determining manageable risk scenarios, perform a validation against the business objectives of the entity.
✑ Based on this validation, refine the selected scenarios and then detail them to a level in line with the criticality of the entity.
✑ Lower down the number of scenarios to a manageable set. Manageable does not signify a fixed number, but should be in line with the overall importance and criticality of the unit.
✑ Risk factors kept in a register so that they can be reevaluated in the next iteration and included for detailed analysis if they have become relevant at that time.
✑ Risk factors kept in a register so that they can be reevaluated in the next iteration and included for detailed analysis if they have become relevant at that time.
✑ Include an unspecified event in the scenarios, that is, address an incident not covered by other scenarios.
Incorrect Answers:
A: Cause-and-effect analysis is a predictive or diagnostic analytical tool used to explore the root causes or factors that contribute to positive or negative effects or outcomes. It is used during the process of exposing risk factors.
by somkiatr at Oct. 25, 2024, 7:12 a.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
somkiatr
3 weeks ago
I think D is not fully corrected, It should be say that "Determination of the value of an asset at risk" because the "Determination of the value of an asset" takes place in the process of asset valuation and prioritization which is occurred before the risk scenario process.
upvoted 1 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel