The MOST effective use of a risk register is to:
A.
identify risks and assign roles and responsibilities for mitigation.
B.
identify threats and probabilities.
C.
facilitate a thorough review of all IT-related risks on a periodic basis.
D.
record the annualized financial amount of expected losses due to risks.
Explanation:
A risk register is more than a simple list—it should lie used as a tool to ensure comprehensive
documentation, periodic review and formal update of all risk elements in the enterprise’s IT and
related organization. Identifying risks and assigning roles and responsibilities for mitigation are
elements of the register. Identifying threats and probabilities are two elements that are defined in
the risk matrix, as differentiated from the broader scope of content in, and purpose for, the risk
register. While the annualized loss expectancy (ALE) should be included in the register, this
quantification is only a single element in the overall risk analysis program.