- (Exam Topic 3)
The design of procedures to prevent fraudulent transactions within an enterprise resource planning (ERP) system should be based on:

1. A. stakeholder risk tolerance.
2. B. benchmarking criteria.
3. C. suppliers used by the organization.
4. D. the control environment.

Correct Answer: D

- (Exam Topic 2)
An organization has identified that terminated employee accounts are not disabled or deleted within the time required by corporate policy. Unsure of the reason, the organization has decided to monitor the situation for three months to obtain more information. As a result of this decision, the risk has been:

1. A. avoided.
2. B. accepted.
3. C. mitigated.
4. D. transferred.

Correct Answer: B

- (Exam Topic 3)
Which of the following is the BEST indication of a mature organizational risk culture?

1. A. Corporate risk appetite is communicated to staff members.
2. B. Risk owners understand and accept accountability for risk.
3. C. Risk policy has been published and acknowledged by employees.
4. D. Management encourages the reporting of policy breaches.

Correct Answer: B

- (Exam Topic 2)
Which of the following would be of GREATEST assistance when justifying investment in risk response strategies?

1. A. Total cost of ownership
2. B. Resource dependency analysis
3. C. Cost-benefit analysis
4. D. Business impact analysis

Correct Answer: C

- (Exam Topic 2)
Which of the following is MOST important for a risk practitioner to consider when evaluating plans for changes to IT services?

1. A. Change testing schedule
2. B. Impact assessment of the change
3. C. Change communication plan
4. D. User acceptance testing (UAT)

Correct Answer: B