CRISC Questions With Answers 100%
Correct
Internal control reporting is carried by the _______ line of defense first
Assurance functions are generally delivered by the ______ line of defense third
The _______ line of defense includes compliance, ethics and risk management and is intended to
provide guidance. second
Establishing a risk management framework, providing awareness training, and supervising
overall risk management are responsibilities of the _______ line of defense second
Identifying, assessing and selecting responses for risk are part of operational management, which
is the ________ line of defense first
Implementing controls is part of ____ line of defense first
Testing controls for effectiveness and reporting to management are part of the ______ line of
defense. third. this is an auditors job
, CRISC Questions With Answers 100%
Correct
Risk profile and risk factors are defined during the _________ process risk assessment
Relevance risk is a composite form of business risk, requiring both ____________ and
_____________ to be addressed for it to be reasonably controlled integrity and
availability
A lapsed insurance premium describes a _________ this is a vulnerability
_______________ (type of personel/position/title) are the best to manage and execute an
enterprise's risk management program because they are the most centrally located within the
organizational hierarchy, and they combine a sufficient breadth of influence with adequate
proximity to day-to-day operations. mid level managers
In a _________ organizational structure, decisions are made by each division (sales, human
resources, etc.). In this kind of organization, different and perhaps conflicting IT policies can be
developed. decentralized
, CRISC Questions With Answers 100%
Correct
In a __________ organizational structure, each geographic area, or each product or service, will
have its own group. divisional
A _____________ is responsible for consulting on risk and recommending possible solutions for
risk responses risk practitioner/advisor
Control owners own controls but don't make the decision on which control to use Control
owners own controls but don't make the decision on which control to use
________ is accountable for a risk treatment plan. risk owner
With the ___________ technique, polling or information gathering is done either anonymously
or privately between the interviewer and interviewee. delphi
___________ determines aggregate risk in a financial portfolio Financial risk modeling. It
is generally not used to provide the financial impact of individual risk scenarios.
Correct
Internal control reporting is carried by the _______ line of defense first
Assurance functions are generally delivered by the ______ line of defense third
The _______ line of defense includes compliance, ethics and risk management and is intended to
provide guidance. second
Establishing a risk management framework, providing awareness training, and supervising
overall risk management are responsibilities of the _______ line of defense second
Identifying, assessing and selecting responses for risk are part of operational management, which
is the ________ line of defense first
Implementing controls is part of ____ line of defense first
Testing controls for effectiveness and reporting to management are part of the ______ line of
defense. third. this is an auditors job
, CRISC Questions With Answers 100%
Correct
Risk profile and risk factors are defined during the _________ process risk assessment
Relevance risk is a composite form of business risk, requiring both ____________ and
_____________ to be addressed for it to be reasonably controlled integrity and
availability
A lapsed insurance premium describes a _________ this is a vulnerability
_______________ (type of personel/position/title) are the best to manage and execute an
enterprise's risk management program because they are the most centrally located within the
organizational hierarchy, and they combine a sufficient breadth of influence with adequate
proximity to day-to-day operations. mid level managers
In a _________ organizational structure, decisions are made by each division (sales, human
resources, etc.). In this kind of organization, different and perhaps conflicting IT policies can be
developed. decentralized
, CRISC Questions With Answers 100%
Correct
In a __________ organizational structure, each geographic area, or each product or service, will
have its own group. divisional
A _____________ is responsible for consulting on risk and recommending possible solutions for
risk responses risk practitioner/advisor
Control owners own controls but don't make the decision on which control to use Control
owners own controls but don't make the decision on which control to use
________ is accountable for a risk treatment plan. risk owner
With the ___________ technique, polling or information gathering is done either anonymously
or privately between the interviewer and interviewee. delphi
___________ determines aggregate risk in a financial portfolio Financial risk modeling. It
is generally not used to provide the financial impact of individual risk scenarios.
