READ Free Dumps For Isaca- CISA
Question ID 22457 | A team conducting a risk analysis is having difficulty projecting the financial losses that could result from a risk. To evaluate the potential losses, the team should:
|
Option A | compute the amortization of the related assets.
|
Option B | calculate a return on investment (ROI).
|
Option C | apply a qualitative approach.
|
Option D | spend the time needed to define exactly the loss amount.
|
Correct Answer | C |
Explanation The common practice, when it is difficult to calculate the financial losses, is to take a qualitative approach, in which the manager affected by the risk defines the financial loss in terms of a weighted factor {e.g., one is a very low impact to thebusiness and five is a very high impact). An ROI is computed when there is predictable savings or revenues that can be compared to the investment needed to realize the revenues. Amortization is used in a profit and loss statement, not in computing potential losses. Spending the time needed to define exactly the total amount is normally a wrong approach. If it has been difficult to estimate potential losses (e.g., losses derived from erosion of public image due to a hack attack), that situation is not likely to change, and at the end of the day, the result will be a not well-supported evaluation.
Question ID 22490 | Before implementing an IT balanced scorecard, an organization must:
|
Option A | deliver effective and efficient services.
|
Option B | define key performance indicators.
|
Option C | provide business value to IT projects.
|
Option D | control IT expenses.
|
Correct Answer | B |
Explanation A definition of key performance indicators is required before implementing an IT balanced scorecard. Choices A, C and D are objectives.