In the technical reviee manual for CRISC, Risk analysis is included under Risk assessment. Therefore, one could easily view risk analysis as a subset activity in risk assessment. However, in the QAE database or the Questions & Answers book, several answers point to completely separate the two. For example:
Whichof the following objectives is the PRIMARY reason that risk professionalsconduct risk assessments?
A. The maintenance of therisk register is part of the ongoing risk assessment process.
B. Management choosesthe right risk response strategy based on risk analysis. A risk assessmentitself is not sufficient to make educated risk response decisions.
C. Assurance on riskmanagement is not the main reason risk assessment is performed by the riskprofessional.
D. A risk assessment is the process used to identify risk anddevelop risk scenarios to determine how specific threats may adversely affectthe business.
Option B does exactly that...completely separating both activities. Isn't there some disparity between the text and the QAE database / Questions & Answers book?
You must sign in to rate content.