Q: 3
Which of the following is the MOST important detail to capture in an organization's risk register?
Options
Discussion
Ownership is the main thing that makes a risk register actionable, so D. If nobody's assigned, nothing gets done even if you know the severity. Seen similar in exam practice, pretty sure this is what ISACA expects but correct me if you disagree.
B . I get that ownership (D) matters for action, but severity (B) feels like the main thing you need to log first so you know where to focus. Unless I’m missing something from the CISM perspective.
D tbh. B is tempting since severity helps sort risks but ISACA usually prioritizes clear accountability. Saw similar in practice dumps.
Option D every time with ISACA, gets me how often folks overthink this. If you don’t have risk ownership documented, nobody’s accountable and nothing gets managed in practice.
B tbh
B , severity level is usually what I see prioritized in real risk registers on exams.
D
B is tempting, but D is correct. Assigning ownership ensures accountability, while severity (B) mostly helps rank risks. Saw this type of wording in other ISACA practice runs-ownership always wins for 'most important'. Pretty sure about it.
I don’t think B is right here. D is most important since without risk ownership there’s no accountability and risks just sit unmanaged. Severity (B) is a trap since it helps with prioritizing, but doesn’t drive action by itself. Seen this asked in similar CISM sample questions-ISACA likes accountability focus.
D imo. You absolutely need risk ownership recorded so someone is on the hook for action and tracking. Without that, risks fall through the cracks. Severity matters too but accountability is what makes the register useful. Pretty sure ISACA exams focus on this.
Be respectful. No spam.
