Posts

Audience is a key in CRISC Questions

One main factor in correct responses to CRISC questions is that you identify the relevance of the question to the audience or target of the question.  For example, monitoring and analyzing "key control indicators" can mean one thing for operational teams who are directly in charge of controls and monitoring htem, but another for senior management, who are typicall on the 3rd line of defence. Therefore, if the question is asking about main purpose of monitoring key control indicators for sernior management, the answer can not be directly related to controls themselves and it should be something in lines of impacts to risk profile.  Pay attention to audience and who the question is asking the question for! 
Post a Comment
Read more

Audience for Info collected about several KRI, in regard to a financial app

Image
 A risk practitioner has collected several IT-related key risk indicators related to the core financial application. These would MOST likely be reported to:" Executives / Business Leaders – ⚠️ Likely but not most likely. They care about risk impacts, but not raw IT KRIs directly. Usually they get aggregated risk reports, not technical KRIs. IT Management – ✅ They are responsible for implementing mitigation and controls. Not administrators as they are responsible for technical operations rather than managerial oversight of the IT.  Compliance/Audit – ✅ Likely but not most likely. They may require visibility for oversight and reporting obligations but they receive KRIs to review and assure that management is doing its job, and not as part of their day-to-day operations. . Finance department – ⚠️ Not usually directly, unless they are stakeholders in the risk decision or require reporting for regulatory purposes. They are affected by the risk , but they don’t typica...
Post a Comment
Read more

Risk Management Plan

 Risk Management Plan is discussed in: Domain 1 "RISK GOVERNANCE"  section B.1:    Enterprise Risk Management and Risk Management Framework. Question came up about the initial stages of Risk Management Planning. I mistakenly thought, it would be establishing ownership of identified risks. But NO! Before that, you need to need identify context and extent of the program. How could I be so foolish and think so? I assumed with planning, we have already the context and extend already, and thought it was not part of Risk Management Plan.. but boy I was wrong... This is type of things you get wrong when doing CRISC questions. Now Risk Management Plan, according the the AI:    Developing a robust risk management program involves a systematic approach. Here are the typical stages involved: 1. Establishing the Context: Define Objectives and Scope: Clearly articulate the organization's goals and the specific areas the risk management program will cover. This sets th...
Post a Comment
Read more

CRISC Exam Preprations

 As I am preparing myself for the exam, I will be jotting down my thoughts and the ideas I come across about CRIS exam here, as a practice for myself, and hope they will be useful for some too. 
Post a Comment
Read more