Which of the following are the MOST important risk components that must be communicated
among all the stakeholders?
Each correct answer represents a part of the solution. Choose three.
A.
Various risk response used in the project
B.
Expectations from risk management
C.
Current risk management capability
D.
Status of risk with regard to IT risk
Explanation:
The broad array of information and the major types of IT risk information that should be
communicated are as follows:
Expectations from risk management: They include risk strategy, policies, procedures, awareness
training, uninterrupted reinforcement of principles, etc. This essential communication drives allsubsequent efforts on risk management and sets the overall expectations from risk management.
Current risk management capability: This allows monitoring of the status of the risk management
engine in the enterprise. It is a key indicator for effective risk management and has predictive
value for how well the enterprise is managing risk and reducing exposure.
Status with regard to IT risk: This describes the actual status with regard to IT risk including
information of risk profile of the enterprise, Key risk indicators (KRIs) to support management
reporting on risk, event-loss data, root cause of loss events and options to mitigate risk.
Answer A is incorrect. Risk response is only communicated to some of the stakeholders not all, as
it is irrelevant for them. It is not communicated to the stakeholders of the project like project
sponsors, etc.