Exam OG0-093 topic 1 question 158 discussion

In TOGAF, the initial level of risk refers to the categorization of risk before any mitigating actions are taken. This is the raw or inherent level of risk associated with a particular situation or decision, assessed prior to determining and implementing strategies to address or mitigate it. Reference: This is discussed in Part III, Chapter 27: Risk Management, in the TOGAF 9.2 standard, which outlines the importance of understanding risks at their initial level to develop appropriate mitigation plans.

27.1 Introduction There are two levels of risk that should be considered, namely: Initial Level of Risk: risk categorization prior to determining and implementing mitigating actions Residual Level of Risk: risk categorization after implementation of mitigating actions (if any) https://pubs.opengroup.org/architecture/togaf9-doc/arch/chap27.html

B. The initial level of risk

Correct Answer 27.1 Introduction There will always be risk with any architecture/business transformation effort. It is important to identify, classify, and mitigate these risks before starting so that they can be tracked throughout the transformation effort. Mitigation is an ongoing effort and often the risk triggers may be outside the scope of the transformation planners (e.g., merger, acquisition) so planners must monitor the transformation context constantly. It is also important to note that the Enterprise Architect may identify the risks and mitigate certain ones, but it is within the governance framework that risks have to be first accepted and then managed. There are two levels of risk that should be considered, namely: Initial Level of Risk: risk categorization prior to determining and implementing mitigating actions Residual Level of Risk: risk categorization after implementation of mitigating actions (if any)