ExamGecko
Search Search Login
Home Home / Isaca / IT Risk Fundamentals
Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following is used to estimate the frequency and magnitude of a given risk scenario?
Which of the following is the PRIMARY concern with vulnerability assessments?
Which of the following risk analysis methods gathers different types of potential risk ideas to be validated and ranked by an individual or small groups during interviews?
Which of the following statements on an organization's cybersecurity profile is BEST suited for presentation to management?
An enterprise has moved its data center from a flood-prone area where it had experienced significant service disruptions to one that is not a flood zone. Which risk response strategy has the organization selected?
Which of the following is MOST likely to promote ethical and open communication of risk management activities at the executive level?
Which of the following is the MAIN objective of governance?
Which of the following would be considered a cyber-risk?
Which of the following is of GREATEST concern when aggregating risk information in management reports?
The MOST important reason to monitor implemented controls is to ensure the controls:

Question 63 - IT Risk Fundamentals discussion

Report
Export

Which of the following is a valid source or basis for selecting key risk indicators (KRIs)?

A.

Historical enterprise risk metrics

Answers
A.

Historical enterprise risk metrics

B.

Risk workshop brainstorming

Answers
B.

Risk workshop brainstorming

C.

External threat reporting services

Answers
C.

External threat reporting services

Suggested answer: A

Explanation:

Sources for Selecting KRIs:

Historical Enterprise Risk Metrics: These provide data-driven insights into past risk events, helping to identify patterns and potential future risks.

Risk Workshop Brainstorming: While valuable, this approach relies on subjective input and may not be as reliable as historical data.

External Threat Reporting Services: Useful for understanding external risks, but may not provide comprehensive insights specific to the enterprise.

Importance of Historical Data:

Using historical risk metrics ensures that KRIs are based on actual risk occurrences and trends within the enterprise.

This approach allows for more accurate and relevant KRIs that reflect the enterprise's specific risk profile.

Reference:

ISA 315 (Revised 2019), Anlage 6 highlights the importance of using reliable and relevant data sources for risk management, ensuring that KRIs are effective in predicting and monitoring risks.

Show Answer
asked 18/11/2024
Kevin Harley
29 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms