GRC Professional Certification Exam Questions and Answers
Question 73
Why is it essential to ensure that every issue or incident is addressed?
Options:
A.
To provide incentives to employees for favorable conduct.
B.
To compound and accelerate the impact of favorable events.
C.
To maintain employee and other stakeholder confidence in the system’s effectiveness.
D.
To escalate incidents for investigation and identify them as in-house or external.
Answer:
C
Explanation:
Addressing every issue or incident is critical to maintaining confidence in the organization’s governance and risk management systems.
Key Reasons to Address All Issues:
Employee and Stakeholder Confidence: Demonstrates that the organization takes issues seriously and acts responsibly.
System Integrity: Ensures the effectiveness and credibility of governance and compliance frameworks.
Impact of Neglecting Issues:
Loss of trust among employees and external stakeholders.
Increased risk of repeated incidents or unresolved weaknesses.
Why Other Options Are Incorrect:
A: Incentives promote positive conduct but do not directly relate to addressing every issue.
B: Compounding favorable events is unrelated to addressing specific issues.
D: Escalation is part of issue management but does not replace the need for comprehensive resolution.
[References:, COSO ERM Framework: Highlights the importance of addressing incidents to maintain trust in the system., OCEG GRC Capability Model: Recommends systematic resolution of all identified issues., , , ]
Question 74
What is the term used to describe a measure that estimates the consequence of an event?
Options:
A.
Impact
B.
Consequence
C.
Likelihood
D.
Cause
Answer:
A
Explanation:
The term impact refers to the severity or magnitude of the consequences of an event if it occurs. It is a key metric in risk analysis, used alongside likelihood to determine overall risk.
Key Points About Impact:
Definition: Impact measures the potential effect of an event on organizational objectives, such as financial losses, reputational harm, or operational disruptions.
Role in Risk Assessment:
Impact is evaluated to understand the significance of a risk.
Frameworks like COSO ERM recommend assessing impact in terms of quantitative and qualitative outcomes.
Examples:
Financial loss due to a data breach.
Customer dissatisfaction caused by product delays.
Why Option A is Correct:
Impact specifically estimates the consequences of an event, making it the correct answer.
Why the Other Options Are Incorrect:
B. Consequence: While consequence describes the outcome, impact specifically quantifies or qualifies its severity.
C. Likelihood: Likelihood measures probability, not consequences.
D. Cause: Cause identifies why an event happens, not its effects.
