Please select 2 correct answers
Enterprise Risk Management (ERM) focuses on managing risks across the entire organization, including strategic, operational, and financial risks.
Operational Risk Management (ORM) deals with identifying, assessing, monitoring, and mitigating risks arising from internal processes, people, systems, or external events.
Incident response and financial audits are managed by other tools and processes outside RSA Archer’s core ERM/ORM functionality.
Please select 3 correct answers
Risk Register: Centralized repository of risks, capturing details such as risk source, severity, and mitigation status.
Control Management: Helps document, evaluate, and test controls that mitigate operational risks.
Key Risk Indicators (KRIs): Metrics that help monitor and measure changes in risk exposure over time.
SLA reporting relates to Third-Party Governance or IT performance rather than core ORM processes.
Please select 3 correct answers
RSA Archer identifies and assesses operational risks using:
Risk Registers: Document known risks and related details.
Risk Assessments: Use criteria like impact, likelihood, and control effectiveness to evaluate risks.
Risk Scoring: Quantifies risks, helping prioritize mitigation strategies.
Risks cannot be eliminated automatically; this requires organizational action.
Please select 2 correct answers
KRIs serve as early warning signals to detect potential changes in risk exposure.
They allow organizations to track risk trends and monitor risk performance over time, ensuring proactive risk management.
KRIs do not manage financial transactions; they focus purely on monitoring risk metrics.
The Risk Register is a centralized repository where organizations document and manage all identified risks. It includes details such as risk source, likelihood, impact, mitigation steps, and current status.
It is not limited to compliance risks or notifications.
