CRISC Exam Questions and
Answers 100% Pass
The potential loss to an area due to the occurrence of an adverse event - ✔✔exposure
An accurate bit-for-bit reproduction of the information contained on an electronic device or associated
media, whose validity and integrity has been verified using an accepted algorithm (2 words) - ✔✔forensic
copy
for each risk located in the risk register, it should at a minimum include..... - ✔✔date, description, impact,
probability, risk score, mitigation action and owner
main reference for all risk-related information, supporting risk-related decisions such as risk response
activities and their prioritization - ✔✔risk register
Preparing the risk management strategy is a ____ activity - ✔✔internal audit
key to achieving an effective risk management capability. - ✔✔joint planning across the three lines of
defense
control execution is generally the responsibility of the _____ line of defense - ✔✔first
Internal control reporting is carried by the _______ line of defense - ✔✔first
Assurance functions are generally delivered by the ______ line of defense - ✔✔third
The _______ line of defense includes compliance, ethics and risk management and is intended to provide
guidance. - ✔✔second
EMILY CHARLENE © 2025, ALL RIGHTS RESERVED 1
, Establishing a risk management framework, providing awareness training, and supervising overall risk
management are responsibilities of the _______ line of defense - ✔✔second
Identifying, assessing and selecting responses for risk are part of operational management, which is the
________ line of defense - ✔✔first
Implementing controls is part of ____ line of defense - ✔✔first
Testing controls for effectiveness and reporting to management are part of the ______ line of defense. -
✔✔third. this is an auditors job
Risk profile and risk factors are defined during the _________ process - ✔✔risk assessment
Relevance risk is a composite form of business risk, requiring both ____________ and _____________ to be
addressed for it to be reasonably controlled - ✔✔integrity and availability
A lapsed insurance premium describes a _________ - ✔✔this is a vulnerability
_______________ (type of personel/position/title) are the best to manage and execute an enterprise's risk
management program because they are the most centrally located within the organizational hierarchy,
and they combine a sufficient breadth of influence with adequate proximity to day-to-day operations. -
✔✔mid level managers
In a _________ organizational structure, decisions are made by each division (sales, human resources,
etc.). In this kind of organization, different and perhaps conflicting IT policies can be developed. -
✔✔decentralized
In a __________ organizational structure, each geographic area, or each product or service, will have its
own group. - ✔✔divisional
A _____________ is responsible for consulting on risk and recommending possible solutions for risk
responses - ✔✔risk practitioner/advisor
EMILY CHARLENE © 2025, ALL RIGHTS RESERVED 2
Answers 100% Pass
The potential loss to an area due to the occurrence of an adverse event - ✔✔exposure
An accurate bit-for-bit reproduction of the information contained on an electronic device or associated
media, whose validity and integrity has been verified using an accepted algorithm (2 words) - ✔✔forensic
copy
for each risk located in the risk register, it should at a minimum include..... - ✔✔date, description, impact,
probability, risk score, mitigation action and owner
main reference for all risk-related information, supporting risk-related decisions such as risk response
activities and their prioritization - ✔✔risk register
Preparing the risk management strategy is a ____ activity - ✔✔internal audit
key to achieving an effective risk management capability. - ✔✔joint planning across the three lines of
defense
control execution is generally the responsibility of the _____ line of defense - ✔✔first
Internal control reporting is carried by the _______ line of defense - ✔✔first
Assurance functions are generally delivered by the ______ line of defense - ✔✔third
The _______ line of defense includes compliance, ethics and risk management and is intended to provide
guidance. - ✔✔second
EMILY CHARLENE © 2025, ALL RIGHTS RESERVED 1
, Establishing a risk management framework, providing awareness training, and supervising overall risk
management are responsibilities of the _______ line of defense - ✔✔second
Identifying, assessing and selecting responses for risk are part of operational management, which is the
________ line of defense - ✔✔first
Implementing controls is part of ____ line of defense - ✔✔first
Testing controls for effectiveness and reporting to management are part of the ______ line of defense. -
✔✔third. this is an auditors job
Risk profile and risk factors are defined during the _________ process - ✔✔risk assessment
Relevance risk is a composite form of business risk, requiring both ____________ and _____________ to be
addressed for it to be reasonably controlled - ✔✔integrity and availability
A lapsed insurance premium describes a _________ - ✔✔this is a vulnerability
_______________ (type of personel/position/title) are the best to manage and execute an enterprise's risk
management program because they are the most centrally located within the organizational hierarchy,
and they combine a sufficient breadth of influence with adequate proximity to day-to-day operations. -
✔✔mid level managers
In a _________ organizational structure, decisions are made by each division (sales, human resources,
etc.). In this kind of organization, different and perhaps conflicting IT policies can be developed. -
✔✔decentralized
In a __________ organizational structure, each geographic area, or each product or service, will have its
own group. - ✔✔divisional
A _____________ is responsible for consulting on risk and recommending possible solutions for risk
responses - ✔✔risk practitioner/advisor
EMILY CHARLENE © 2025, ALL RIGHTS RESERVED 2
