QUESTION 1
A. Answer all of the following
(a) What is risk appetite?
(b) List any two risk responses
(c) What does ITIL stand for?
(d) What is a business case?
(e) Define Internal control
(f) What do you understand by IT organization?
(g) The overall responsibility for IT risk management lies solely with the IT Department. True or False?
(h) The risks facing an organisation and its operations can result from factors both external and internal to the organisation. True or False?
(i) What are Key Performance Indicators?
(j) Define IT architecture
B. Risk management is a central part of the strategic management of any organization. Explain briefly any six sections that should be included in a risk management policy
C. Risk Assessment is one of the five key components of internal controls. Briefly describe the major principles related to the achievement of control objectives at this level
QUESTION 2
(a) Explain the framework for managing risk based on ISO 31000
(b) Scenario analysis is used as a part of stress testing and can be a useful tool to identify, understand and articulate the technology risks faced by their organizations by expressing future losses in the form of a loss distribution. An IT risk scenario is a description of an IT-related event that can lead to a business impact
i. Differentiate between historical and hypothetical scenarios
ii. Distinguish between expected and unexpected losses
iii. For IT risk scenarios to be complete and usable for risk analysis purposes, what components should it include?