Why should the people on the RA team be different from the people responsible for correcting deficiencies?
to avoid potential losses
to increase profitability
to avoid conflicts of interest
to increase survivability
A risk assessment is the same as a risk management program.
True
False
Residual risk is any risk that remains after management has decided to implement controls.
True
False
RAs are simpler to complete than risk management plans, because risk management plans are continuous processes while RAs are simple point-in-time documents that can easily be completed in a single sitting.
True
False
Change management is a process that ensures that changes are made only after a review process.
True
False
When using the Delphi Method, it is best to collect data in a meeting.
True
False
An RA ends with a report.
True
False
Calculations used in quantitative RAs usually include depreciation costs, maintenance costs, and replacement costs for follow-on years.
True
False
The first section of a qualitative RA attempts to prioritize risk. The second section of a qualitative RA evaluates the effectiveness of controls.
True
False