CRISC Risk Governance and Frameworks

Question 1

Which internationally recognized framework is MOST commonly used to align IT risk governance with enterprise risk management (ERM)?

Accepted Answer

COSO ERM

Answer

ISO 9001

Answer

ITIL v4

Answer

PRINCE2

Question 2

The THREE lines of defense model assigns IT risk oversight responsibility to which line?

Accepted Answer

Second line (risk management function)

Answer

First line (operational management)

Answer

Third line (internal audit)

Answer

Fourth line (external audit)

Question 3

A risk appetite statement should PRIMARILY be approved by which organizational body?

Accepted Answer

Board of Directors

Answer

Chief Information Officer

Answer

IT Steering Committee

Answer

Internal Audit Committee

Question 4

Which CRISC domain focuses on ensuring that risk management activities are integrated into the enterprise governance structure?

Accepted Answer

IT Risk Governance

Answer

IT Risk Identification

Answer

IT Risk Assessment

Answer

Risk Response and Reporting

Question 5

When developing a risk governance framework, which element BEST ensures accountability for risk decisions?

Accepted Answer

Defined RACI matrix for risk roles

Answer

Automated risk monitoring tools

Answer

Comprehensive risk register

Answer

Regular vulnerability scans

Question 6

Which statement BEST describes the relationship between risk tolerance and risk appetite?

Accepted Answer

Risk tolerance is the acceptable deviation from risk appetite

Answer

Risk tolerance and risk appetite are synonymous terms

Answer

Risk appetite is determined after risk tolerance is set

Answer

Risk tolerance applies only to operational risks