Certified in Risk and Information Systems Control (CRISC) — Question 1296

You are the project manager in your enterprise. You have identified occurrence of risk event in your enterprise. You have pre-planned risk responses. You have monitored the risks that had occurred. What is the immediate step after this monitoring process that has to be followed in response to risk events?

Answer options

• A. Initiate incident response
• B. Update the risk register
• C. Eliminate the risk completely
• D. Communicate lessons learned from risk events

Correct answer: A

Explanation

The immediate step after monitoring risk events is to initiate incident response, which allows you to address the impacts of the risk that has occurred. Updating the risk register is important but happens after the immediate response. Eliminating the risk completely may not be feasible if the risk event has already occurred, and communicating lessons learned is more of a reflective activity that occurs after managing the incident.