1. Right Answer: B,C,D
Explanation: The primary function of the enterprise is to meet its objective. Each business activity for fulfilling enterprise's objective carries both risk and opportunity, therefore objective should be considered while managing risk.Open and fair communication should me there for effective risk management. Open, accurate, timely and transparent information on lT risk is exchanged and serves as the basis for all risk-related decisions.Cost-benefit analysis should be done for proper weighing the total costs expected against the total benefits expected, which is the major aspect of risk management.Incorrect Answers:A: For effective risk management, there should be continuous improvement, not consistent. Because of the dynamic nature of risk, risk management is an iterative, perpetual and ongoing process; that's why, continuous improvement is required.

2. Right Answer: B,C,D
Explanation: Section 302 of Sarbanes-Oxley act has the tremendous impact on the risk management solution adopted by corporations. This section specifies that the reports must be certified by the CEO, CFO, or other senior officer performing similar functions.Certification of reports establishes: The signing officer has reviewed the report. The financial statement do not contain, to the knowledge of signing officer, any materially untrue or misleading information and represent fairly all financial conditions and results of the enterprises operations. The signing officers:- are responsible for establishing and maintaining internal controls- have designed such internal controls to ensure that material information relating to the issuer and its consolidated subsidiaries is made - known to such officers by others within those entities, particularly during the period in which the periodic reports are being prepared- have evaluated the effectiveness of the issuer's internal controls as of a date within 90 days prior to the report- have presented in the report their conclusions about the effectiveness of their internal controls base on their evaluation as of that date The signing officer have disclosed to external auditors, audit committee, and other directors:- all significant deficiencies in the design or operation of internal controls which could adversely affect the reliability of the reported financial data- any fraud, whether or not material, that involves management or other employees who have a significant role in the internal controls of the enterprise The signing officer have indicated in the report any internal controls or changes to those internal controls which have been implemented since they were evaluated.Incorrect Answers:A: The signing officer has evaluated the effectiveness of the issuer's internal controls as of a date within 90 days prior to the report, not at the time of the report.

3. Right Answer: B
Explanation: Integrated change control is responsible for facilitating, documenting, and dispersing information on a proposed change to the project scope.Integrated change control is a way to manage the changes incurred during a project. It is a method that manages reviewing the suggestions for changes and utilizing the tools and techniques to evaluate whether the change should be approved or rejected. Integrated change control is a primary component of the project's change control system that examines the affect of a proposed change on the entire project.Incorrect Answers:A: The configuration management system controls and documents changes to the project's productC: The change log documents approved changes in the project scope.D: The scope change control system controls changes that are permitted to the project scope.

4. Right Answer: D
Explanation: Risk response tracking tracks the ongoing status of risk mitigation processes as part of risk response process. This tracking ensures that the risk response strategy remains active and that proposed controls are implemented according to schedule. When an enterprise is conscious of a risk, but does not have an appropriate risk response strategy, then it lead to the increase of the liability of the organization to adverse publicity or even civil or criminal penalties.Incorrect Answers:A: Risk management provides an approach for individuals and groups to make a decision on how to deal with potentially harmful situationsB: Integrating risk response options to address more than one risk together, help in achieving greater efficiency.The use of techniques that are versatile and enterprise-wide, rather than individual solutions provides better justification for risk response strategies and related costs.C: Implementation of risk response ensures that the risks analyzed in risk analysis process are being lowered to level that the enterprise can accept, by applying appropriate controls.

5. Right Answer: A
Explanation: Business process owners are the individuals responsible for identifying process requirements, approving process design and managing process performance. In general, a business process owner must be at an appropriately high level in the enterprise and have authority to commit resources to process-specific risk management activities.Incorrect Answers:B: Risk owner for each risk should be the person who has the most influence over its outcome. Selecting the risk owner thus usually involves considering the source of risk and identifying the person who is best placed to understand and implement what needs to be done.C: Chief financial officer is the most senior official of the enterprise who is accountable for financial planning, record keeping, investor relations and financial risks.D: Chief information officer is the most senior official of the enterprise who is accountable for IT advocacy; aligning IT and business strategies; and planning, resourcing and managing the delivery of IT services and information and the deployment of associated human resources.