|
(a)Briefly describe the five main components,or
steps ,of risk control.[5 marks ] The
different stages or steps in the risk-control cycle:
•assign personnel, establish guidelines: people have to be identified
to perform specific roles in the case of emergency; they are to establish
clear and documented guidelines (1 mark)
•risk analysis: consider the probability and impact of different
risk categories (1 mark)
•implementation of risk control program: risks are divided into
categories and dealt with accordingly (1 mark)
•monitoring and evaluation: keep updating the program as situations
change (1 mark)
•adapt and change program: in response to monitoring and evaluation
(1 mark)
1 mark for each step or stage, provided that some suitable description
or elaboration is provided. [5 marks ]
(b)Risk control may involve:
(i)transfer of risk
(ii)detection of occurrence
(iii)reduction of effects
Explain what is meant by each form of risk control,and discuss how
each control
might be implemented with respect to the risk of fire .[6 marks ]
(i)transfer of risk: the consequences of risk ay be too costly to
recover from so the risk is transferred to an insurance company (1
mark) for example,the loss of a human life (1 mark)
(ii)detection of occurrence: it is necessary to detect the occurrence
of fire so that remedial actions can be taken (1 mark); for example,
employing heat and smoke detectors (1 mark)
(iii)reduction of effects: a means should be available of fighting
the fire thus minimising the damage and destruction when fire occurs
(1 mark); for example, having an appropriate fire extinguisher (1
mark) up to 2 marks for each explanation/discussion; candidates must
address the specific
risk of fire [6 marks ]
(c)Two general controls that may be placed
upon risk are:
•separation and distribution of EDP functions
•backup and recovery procedures
For each of these controls,give two examples of threats that the control
may help to counter,or the risks that they may be intended to reduce.[4
marks ]
•separation and distribution of EDP functions:may reduce fraud
(1mark); may reduce interruption of service in live system (1 mark);
may reduce impact of physical disaster (1 mark)
•backup and recovery procedures: protect against physical damage
—flood, fire, etc.(1 mark); protect against accidental user damage
or deletion (1 mark); protect against intruder attack (1 mark)
in each case, one mark for each correct answer, up to a maximum of
two marks in each case. [4 marks ]
|