Risk Aggregation Guidelines

Questions and Answers

What should be considered when aggregating risk according to the guidelines?

• Aggregating risk in multiple dimensions (correct)
• Aggregating different types of data
• Obscuring actionable details
• Focusing on risk that is easy to measure but less relevant

Why should entities only aggregate like data?

• To make the aggregation process more complex
• To ensure consistency and meaningful aggregation (correct)
• To focus on unreal risk
• To increase business impact

What is the suggested approach for focusing on risk?

• Aggregating different types of data
• Focusing on risk that is easy to measure but less relevant
• Avoiding obscuring actionable details (correct)
• Not focusing on real risk

Why is it important to aggregate risk at the enterprise level?

To consider in combination with all other risks the enterprise needs to manage (D)

What should be visible to those responsible for managing risks?

Root cause of risk (C)

What is the purpose of a risk response plan?

To outline the requirements for implementing the approved risk response strategy (B)

Who should run a risk response plan as a project?

The project manager (C)

What is used to determine the critical path of a project?

The end date of the project (C)

What does a risk response plan need to consider regarding project delays?

Feasibility of project dates (A)

What is outlined in a risk response plan?

Detailed action and tasks for implementation (B)