* A risk register is a document that records and tracks the information and status of the identified risks and their responses. It includes the risk description, category, source, cause, impact, probability, priority, response, owner, action plan, status, etc.
* A risk register update is a change or modification to the information or status of the risks and their responses in the risk register. It may be triggered by the occurrence or resolution of a risk event, the identification or evaluation of a new or emerging risk, the implementation or completion of a risk response, the monitoring or review of the risk performance, etc.
* The most important risk register update for senior management to review is avoiding a risk that was previously accepted, which means that the organization has decided to eliminate or withdraw from the risk exposure or activity that may cause the risk, instead of tolerating or retaining the risk as before.
This may indicate a significant change in the organization's risk appetite, strategy, objectives, or environment, and it may have a major impact on the organization's performance and value.
* The other options are not the most important risk register updates for senior management to review, because they do not indicate a significant change or impact on the organization's risk profile or performance.
* Extending the date of a future action plan by two months means that the organization has postponed the implementation or completion of the planned actions or measures to address the risk, due to some reasons or constraints. This may indicate a delay or deviation from the expected or desired risk outcome, but it may not have a major impact on the organization's performance and value, unless the risk is very urgent or critical.
* Retiring a risk scenario no longer used means that the organization has removed or discarded the risk scenario that is no longer relevant or applicable to the organization's objectives or operations, due to some changes or developments. This may indicate a reduction or improvement in the organization's risk exposure or level, but it may not have a major impact on the organization's performance and value, unless the risk scenario was very significant or influential.
* Changing a risk owner means that the organization has assigned or transferred the responsibility and accountability for the risk and its response to a different person or role, due to some reasons or circumstances. This may indicate a change or improvement in the organization's risk governance or culture, but it may not have a major impact on the organization's performance and value, unless the risk owner was very ineffective or inappropriate. References =
* ISACA, CRISC Review Manual, 7th Edition, 2022, pp. 19-20, 23-24, 27-28, 31-32, 40-41, 47-48, 54-
55, 58-59, 62-63
* ISACA, CRISC Review Questions, Answers & Explanations Database, 2022, QID 160
* CRISC Practice Quiz and Exam Prep

Explanation/Reference:
Explanation:
This is a positive risk response, as crashing is an example of enhancing. You are enhancing the probability of finishing the project early to realize the reward of bonus. Enhancing doesn't ensure positive risks, but it does increase the likelihood of the event.
Incorrect Answers:
A: Crashing is a positive risk response. Generally, crashing doesn't add risks and is often confused with other predominant schedule compression techniques of fast tracking - which does add risks.
C: This isn't an example of exploiting. Exploiting is an action to take advantage of a positive risk response that will happen.
D: Crashing does add costs, but in this instance, crashing is an example of the positive risk response of enhancing.