Isaca Isaca Certification CRISC New Questions

Comprehensive and Detailed Explanation From Exact Extract:

The risk management function acts as a consultant and facilitator in IT projects, helping the project team identify, assess, and respond to risks effectively. It does not directly control project status or costs but supports decision-making. Updating risk registers is an operational task often handled by the project team with guidance from risk management. Eliminating all risk is impractical; instead, risks are managed within appetite levels.

Comprehensive and Detailed Explanation From Exact Extract:

A global policy that accommodates country-specific requirements balances consistency and compliance. It establishes a baseline of controls while allowing adaptation to local laws and cultural differences. Uniform application without adaptation risks non-compliance. Country-specific policies alone may lack global coherence. Therefore, accommodating local requirements within a global policy framework is best practice.

A BIA identifies critical processes and interdependencies, enabling prioritization of recovery efforts based on business impact.

The first activity that should be performed when the time required to complete daily processing for a legacy application is approaching a risk threshold is to conduct a root-cause analysis. This will help to identify the source of the problem and the factors that are contributing to the increased processing time. By conducting a root-cause analysis, the enterprise can determine the most appropriate and effective solution to address the problem and prevent it from recurring. Temporarily increasing the risk threshold, suspending processing to investigate the problem, and initiating a feasibility study for a new application are not the first activities that should be performed, as they may not resolve the underlying issue and may introduce additional risks or costs. References = Risk and Information Systems Control Study Manual, 7th Edition, Chapter 4, Section 4.2.1.2, page 193.