PrepAway - Latest Free Exam Questions & Answers

Which of the following come under the phases of risk identification and evaluation?

Which of the following come under the phases of risk identification and evaluation?

Each correct answer represents a complete solution. Choose three.

PrepAway - Latest Free Exam Questions & Answers

A.
Maintain a risk profile

B.
Collecting data

C.
Analyzing risk

D.
Applying controls

Explanation:

Risk identification is the process of determining which risks may affect the project. It also
documents risks’ characteristics.
Following are high-level phases that are involved in risk identification and evaluation:
Collecting data- Involves collecting data on the business environment, types of events, risk
categories, risk scenarios, etc., to identify relevant data to enable effective risk identification,
analysis and reporting.
Analyzing risk- Involves analyzing risk to develop useful information which is used while taking
risk-decisions. Risk-decisions take into account the business relevance of risk factors.
Maintain a risk profile- Requires maintaining an up-to-date and complete inventory of known
threats and their attributes (e.g., expected likelihood, potential impact, and disposition), IT
resources, capabilities, and controls as understood in the context of business products, services
and processes to effectively monitor risk over time.
Answer D is incorrect. It comes under risk management process, and not in risk identification and
evaluation process.


Leave a Reply