Which of the following statements are true for enterprise’s risk management capability maturity level 3?
A . Workflow tools are used to accelerate risk issues and track decisions
B . The business knows how IT fits in the enterprise risk universe and the risk portfolio view
C . The enterprise formally requires continuous improvement of risk management skills, based on clearly defined personal and enterprise goals
D . Risk management is viewed as a business issue, and both the drawbacks and benefits of risk are recognized
Answer: ABD
Explanation:
An enterprise’s risk management capability maturity level is 3 when:
– Risk management is viewed as a business issue, and both the drawbacks and benefits of risk are recognized.
– There is a selected leader for risk management, engaged with the enterprise risk committee, across the enterprise.
– The business knows how IT fits in the enterprise risk universe and the risk portfolio view.
– Local tolerances drive the enterprise risk tolerance.
– Risk management activities are being aligned across the enterprise.
– Formal risk categories are identified and described in clear terms.
– Situations and scenarios are included in risk awareness training beyond specific policy and structures and promote a common language for communicating risk.
– Defined requirements exist for a centralized inventory of risk issues.
– Workflow tools are used to accelerate risk issues and track decisions.
Incorrect Answers:
C: Enterprise having risk management capability maturity level 5 requires continuous improvement of risk management skills, based on clearly defined personal and enterprise goals.
Leave a Reply