Which of the following statements are true for enterprise’s risk management capability maturity
level 3?
A.
Workflow tools are used to accelerate risk issues and track decisions
B.
The business knows how IT fits in the enterprise risk universe and the risk portfolio view
C.
The enterprise formally requires continuous improvement of risk management skills, based on
clearly defined personal and enterprise goals
D.
Risk management is viewed as a business issue, and both the drawbacks and benefits of risk
are recognized
Explanation:
An enterprise’s risk management capability maturity level is 3 when:
Risk management is viewed as a business issue, and both the drawbacks and benefits of risk are
recognized.
There is a selected leader for risk management, engaged with the enterprise risk committee,
across the enterprise.
The business knows how IT fits in the enterprise risk universe and the risk portfolio view.
Local tolerances drive the enterprise risk tolerance.
Risk management activities are being aligned across the enterprise.
Formal risk categories are identified and described in clear terms.
Situations and scenarios are included in risk awareness training beyond specific policy and
structures and promote a common language for communicating risk.
Defined requirements exist for a centralized inventory of risk issues.
Workflow tools are used to accelerate risk issues and track decisions.Answer C is incorrect. Enterprise having risk management capability maturity level 5 requires
continuous improvement of risk management skills, based on clearly defined personal and
enterprise goals.