Risk Management

Question 1

Fundamental process that involves identifying, analyzing, treating, monitoring, & reporting risks. Crucial for projects & businesses, involving the identification & assessment of uncertainties that may impact objectives.

Answer 1

Risk Management

Question 2

Refers to how often the risk assessment process is conducted within an organization. The regularity with which risk assessments are conducted within an organization.

Answer 2

Risk Assessment Frequency

Question 3

Conducted as and when needed, often in response to a specific event or situation that has the potential to introduce new risks or change the nature of existing risks. Specific events or situations & may be repeated.

Answer 3

Ad-Hoc Risk Assessments.

Question 4

Conducted at regular intervals, such as annually, quarterly, or monthly.

Answer 4

Recurring Risk Assessments

Question 5

Conducted for a specific purpose & are not repeated. Specific project or initiative & are not repeated.

Answer 5

One-Time Risk Assessments

Question 6

Ongoing monitoring & evaluation of risks.

Answer 6

Continuous Risk Assessments

Question 7

Recognizing potential risks that could negatively impact an organization’s ability to operate or achieve its objectives.

Answer 7

Risk Identification

Question 8

Process that involves evaluating the potential effects of disruption to an organization’s business functions & processes.

Answer 8

Business Impact Analysis

Question 9

It represents the maximum acceptable length of time that can elapse before the lack of a business function severely impacts the organization.

Answer 9

Recovery Time Objective (RTO)

Question 10

It represents the maximum acceptable amount of data loss measured in time.

Answer 10

Recovery Point Objective (RPO)

Question 11

It represents the average time required to repair a failed component or system.

Answer 11

Mean Time to Repair (MTTR)

Question 12

It represents the average time between failures.

Answer 12

Mean Time Between Failures (MTBF)

Question 13

A document detailing identified risks, including their description, impact likelihood, and mitigation strategies.

Answer 13

Risk Register (Risk Log)

Question 14

Entails identifying & providing a detailed description of the risk.

Answer 14

Risk Description

Question 15

Potential consequences if the risk materializes.

Answer 15

Risk Impact

Question 16

Chance of a particular risk occurring.

Answer 16

Risk Likelihood/Probability

Question 17

Result of a risk, linked to its impact & likelihood.

Answer 17

Risk Outcome

Question 18

Determined by combining the impact & likelihood.

Answer 18

Risk Level/Threshold

Question 19

Pertains to its financial impact on the project, including potential expenses if it occurs or the cost of risk mitigation.

Answer 19

Cost

Question 20

Refers to an organization or individual’s willingness to deal with uncertainty in pursuit of their goals.

Answer 20

Risk Tolerance/Risk Acceptance

Question 21

Signifies an organization’s willingness to embrace or retain specific types and levels of risk to fulfill its strategic goals. An organization’s willingness to take on certain risks to achieve its objectives. It can be expansionary, conservative, or neutral, depending on the balance the organization seeks between risk & return.

Answer 21

Risk Appetite.

Question 22

Organization is open to taking more risk in the hopes of achieving greater returns

Answer 22

Expansionary Risk Appetite

Question 23

Implies that an organization favors less risk, even if it leads to lower returns.

Answer 23

Conservative Risk Appetite

Question 24

Signifies a balance between risk & return.

Answer 24

Neutral Risk Appetite

Question 25

Essential predictive metrics used by organizations to signal rising risk levels in different parts of the enterprise.

Answer 25

Key Risk Indicators (KRIs)

Question 26

Person or group responsible for managing the risk.

Answer 26

Risk Owner

Question 27

A method of assessing risks based on their potential impact & the likelihood of their occurrence. Subjective & high-level view of risks.

Answer 27

Qualitative Risk Analysis

Question 28

Objective & numerical evaluation of risks. A method of evaluating risk that uses numerical measurements. Is a potent risk management tool, offering numerical & Objective assessment of risks.

Answer 28

Quantitative Risk Analysis

Question 29

Proportion of an asset that is lost in an event.

Answer 29

Exposure Factor (EF)

Question 30

Monetary value expected to be lost in a single event.

Answer 30

Single Loss Expectancy (SLE)

Question 31

Estimated frequency with which a threat is expected to occur within a year.

Answer 31

Annualized Rate of Occurrence (ARO)

Question 32

Expected annual loss from a risk (SLE x ARO).

Answer 32

Annualized Loss Expectancy (ALE)

Question 33

Involves shifting the risk from the organization to another party. Seeks to move the financial burden of a potential loss from one party to another.

Answer 33

Risk Transference (Risk Sharing)

Question 34

A contractual agreement where one party agrees to cover the other's harm, liability, or loss stemming from the contract.

Answer 34

Contract Indemnity Clause

Question 35

Recognizing a risk & choosing to address it when it arrises. Recognizing & embracing a risk without implementing measures to reduce or avoid it.

Answer 35

Risk Acceptance

Question 36

Provision that grants an exception from a specific rule or requirement. The party is assuming risk by operating without the safeguards of a rule.

Answer 36

Exemption

Question 37

Provision that permits a party to bypass a rule or requirement in certain situations. The party is assuming risk by operating in a way that lets them evade the risk.

Answer 37

Exception

Question 38

Strategy of altering plans or approaches to completely eliminate a specific risk. Entails taking actions to entirely steer clear of a particular risk.

Answer 38

Risk Avoidance

Question 39

Implementing measures to decrease the likelihood or impact of a risk. Taking steps to reduce the potential impact or likelihood of a risk. Recognize when a risk is escalating to mitigate it before becoming an issue.

Answer 39

Risk Mitigation

Question 40

Involves continuously tracking identified risks, assessing new risks, executing response plans, & evaluating their effectiveness during a project's life-cycle.

Answer 40

Risk Monitoring

Question 41

Likelihood & impact after implementing mitigation, Transference, or acceptance measures on the initial risk.

Answer 41

Residual Risk

Question 42

Assessment of how a security measure has lost effectiveness over time.

Answer 42

Control Risk

Question 43

Process of communicating information about risk management activities.

Answer 43

Risk Reporting

Question 44

Offer insights for informed decisions on resource allocation, project timelines, & strategic planning.

Answer 44

Informed Decision-Making

Question 45

Assist in setting expectations & showing effective risk management.

Answer 45

Stakeholder Communication

Question 46

Demonstrate compliance with these regulations.

Answer 46

Regulatory Compliance.