Which of the following is true for risk evaluation?

QuestionsCategory: CRISCWhich of the following is true for risk evaluation?
Admin Staff asked 6 months ago
Which of the following is true for risk evaluation?

A. Risk evaluation is done only when there is significant change.

B. Risk evaluation is done once a year for every business processes.

C. Risk evaluation is done annually or when there is significant change.

D. Risk evaluation is done every four to six months for critical business processes.








 

Suggested Answer: C

Due to the reason that risk is constantly changing, it is being evaluated annually or when there is significant change. This gives best alternative as it takes into consideration a reasonable time frame of one year, and meanwhile it also addresses significant changes (if any).
Incorrect Answers:
A: Evaluating risk only when there are significant changes do not take into consideration the effect of time. As the risk is changing constantly, small changes do occur with time that would affect the overall risk. Hence risk evaluation should be done annually too.
B: Evaluating risk once a year is not sufficient in the case when some significant change takes place. This significant change should be taken into account as it affects the overall risk.
D: Risk evaluation need not to be done every four to six months for critical processes, as it does not address important changes in timely manner.

This question is in CRISC exam 
For getting Risk and Information Systems Control Certificate


Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by ISACA.
The website does not contain actual questions and answers from ISACA's Certification Exams.
Trademarks, certification & product names are used for reference only and belong to ISACA.

Next Post

Recommended

Welcome Back!

Login to your account below

Create New Account!

Fill the forms below to register

Retrieve your password

Please enter your username or email address to reset your password.