Explanation/Reference:
Explanation:
The Identified risks and potential responses are documented in the risk register. A risk register is an inventory of risks and exposure associated with those risks. Risks are commonly found in project management practices, and provide information to identify, analyze, and manage risks. Typically a risk register contains:
A description of the risk

The impact should this event actually occur

The probability of its occurrence

Risk Score (the multiplication of Probability and Impact)

A summary of the planned response should the event occur

A summary of the mitigation (the actions taken in advance to reduce the probability and/or impact of the

event)
Ranking of risks by Risk Score so as to highlight the highest priority risks to all involved.

Incorrect Answers:
B: This is not a valid choice for this question
C: The project management plan is the parent of the risk management plan, but the best choice is the risk register.
D: The risk management plan is an input to the risk response planning, but it is not the best choice for this question

Section: Volume B
Explanation:
As the sensitivity of the monitoring tool has to be changed, therefore it requires optimization of Key Risk Indicator. The monitoring tool which is giving alerts is itself acting as a risk indicator. Hence to change the sensitivity of the monitoring tool to give alert only for critical situations requires optimization of the KRI.
Incorrect Answers:
A, C, D: These options are not relevant to the change of sensitivity of the monitoring tools.

Explanation/Reference:
Explanation:
Mitigation attempts to reduce the impact of a risk event in case it occurs. Making plans to arrange for the leased equipment reduces the consequences of the risk and hence this response in mitigation.
B: Risk transfer means that impact of risk is reduced by transferring or otherwise sharing a portion of the risk with an external organization or another internal entity. Transfer of risk can occur in many forms but is most effective when dealing with financial risks. Insurance is one form of risk transfer.
Here there no such action is taken, hence it is not a risk transfer.
Incorrect Answers:
A: Risk avoidance means to evade risk altogether, eliminate the cause of the risk event, or change the project plan to protect the project objectives from the risk event. Risk avoidance is applied when the level of risk, even after the applying controls, would be greater than the risk tolerance level of the enterprise.
Hence this risk response is adopted when:
There is no other cost-effective response that can successfully reduce the likelihood and magnitude

below the defined thresholds for risk appetite.
The risk cannot be shared or transferred.

The risk is deemed unacceptable by management.

C: Risk acceptance means that no action is taken relative to a particular risk; loss is accepted if it occurs. If an enterprise adopts a risk acceptance, it should carefully consider who can accept the risk. Risk should be accepted only by senior management in relationship with senior management and the board. There are two alternatives to the acceptance strategy, passive and active.
Passive acceptance means that enterprise has made no plan to avoid or mitigate the risk but willing to

accept the consequences of the risk.
Active acceptance is the second strategy and might include developing contingency plans and reserves

to deal with risks.

Explanation/Reference:
Explanation:
An enterprise's risk management capability maturity level is 3 when:
Risk management is viewed as a business issue, and both the drawbacks and benefits of risk are

recognized.
There is a selected leader for risk management, engaged with the enterprise risk committee, across the

enterprise.
The business knows how IT fits in the enterprise risk universe and the risk portfolio view.

Local tolerances drive the enterprise risk tolerance.

Risk management activities are being aligned across the enterprise.

Formal risk categories are identified and described in clear terms.

Situations and scenarios are included in risk awareness training beyond specific policy and structures

and promote a common language for communicating risk.
Defined requirements exist for a centralized inventory of risk issues.

Workflow tools are used to accelerate risk issues and track decisions.

Incorrect Answers:
C: Enterprise having risk management capability maturity level 5 requires continuous improvement of risk management skills, based on clearly defined personal and enterprise goals.