Which term is used to catalog identified risks and their analyses for governance?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Prepare for the ISACA IT Risk Fundamentals Test. Find flashcards and multiple choice questions, complete with hints and explanations. Ace your exam with confidence!

Multiple Choice

Which term is used to catalog identified risks and their analyses for governance?

Explanation:
When governance needs a clear view of risk, the term used to catalog identified risks and their analyses is the risk register. This central record lists each risk with its description, likelihood, impact, and overall risk rating, along with who owns it, the current controls in place, planned mitigation actions, target dates, and residual risk. Having this structured repository lets leadership see the organization’s risk posture, assign accountability, and track remediation efforts over time to ensure responses stay aligned with strategic goals. Other options describe different activities: continuous risk and control monitoring refers to ongoing oversight of controls rather than maintaining the catalog itself; a business case justifies a project or investment; a penetration test is a security assessment to identify vulnerabilities.

When governance needs a clear view of risk, the term used to catalog identified risks and their analyses is the risk register. This central record lists each risk with its description, likelihood, impact, and overall risk rating, along with who owns it, the current controls in place, planned mitigation actions, target dates, and residual risk. Having this structured repository lets leadership see the organization’s risk posture, assign accountability, and track remediation efforts over time to ensure responses stay aligned with strategic goals.

Other options describe different activities: continuous risk and control monitoring refers to ongoing oversight of controls rather than maintaining the catalog itself; a business case justifies a project or investment; a penetration test is a security assessment to identify vulnerabilities.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy