Question 1

The assessment of risk is not part of the change management process.

Accepted Answer

The assessment of risk is an important part of the change management process. It involves identifying potential risks associated with a change, evaluating their impact and likelihood, and developing plans to mitigate or manage those risks. Risk assessment helps to ensure that changes are implemented in a way that minimizes the potential for negative impacts or disruptions to operations.

Question 2

Performance Metrics must be:

Accepted Answer

Performance metrics must be actionable, meaning they should be designed in a way that they can be acted upon to improve performance or address any issues. Qualitative metrics alone may not provide enough specific actions for improvement. While vendor feedback may be considered, the metrics should not solely be accepted from vendors as they may have a bias. Steering committees can design effective performance metrics with input from relevant stakeholders.

Question 3

A documented post-incident analysis is required every time the plan is activated (invoked).

Accepted Answer

A post-incident analysis helps to evaluate the effectiveness of the plan and identify areas for improvement. It also provides valuable insights for future incident responses. Therefore, it is required every time the plan is activated.

Question 4

The Business Continuity Manager is an important member of the audit team.

Accepted Answer

The Business Continuity Manager is primarily responsible for planning and ensuring that an organization can continue operating in case of serious incidents or disasters and is not typically a member of the audit team, whose role is to examine the financial records and operational procedures of an organization.

Question 5

"Planned intervals" according to ISO 22301:

Accepted Answer

The standard ISO 22301 does not define planned intervals for exercising and testing, leaving it to the organization to determine based on their needs and risks.

Question 6

When interviewing someone during a root cause analysis where culpability may be an issue, the team should:

Accepted Answer

Interviewing the person last allows the team to gather all relevant information before hearing the individual's perspective. This prevents the team from introducing biases or assumptions that could affect the investigation. Additionally, if individual culpability is a concern, it can help to prevent defensive or evasive behavior from the individual during subsequent interviews.

Question 7

A RACI chart is a useful tool to manage complex corrective actions.

Accepted Answer

A RACI chart helps to clarify roles and responsibilities for different tasks in a corrective action plan, making it easier to manage and implement.

Question 8

Which is not a framework for developing metrics?

Accepted Answer

Learning and Growth is not a framework for developing metrics; it is a perspective within the Balanced Scorecard framework, focusing on employee skills and organizational culture improvements.

Question 9

What is most important to accurate results from a Five Whys analysis?

Accepted Answer

The answer of What is most important to accurate results...

Question 10

Overdue corrective actions should only be reported to top management if the responsible individual refuses to take action

Accepted Answer

Overdue corrective actions should always be reported to top management, regardless of whether the responsible individual refuses to take action or not. It is important for top management to be aware of any unresolved issues that could potentially pose a risk to the organization's operations or reputation. This way, they can take appropriate measures to address these issues and prevent them from occurring in the future.

Question 11

Cascading functions are always mapped from the top down.

Accepted Answer

Cascading functions, such as those in cascading style sheets (CSS) or programming, can be applied in various directions, not strictly from top down. They can be inherited or overridden based on specificity, order, and scope, rather than just a top-down approach.

Question 12

One or more of the standards require the maintenance of an audit program.

Accepted Answer

Many quality management system standards, such as ISO 9001 or AS9100, require the establishment and maintenance of an audit program to ensure ongoing compliance with the standard and identify opportunities for improvement.

Question 13

A balanced Scorecard is an example of an un-actionable metric.

Accepted Answer

A balanced scorecard is a strategic management tool that includes both quantitative and qualitative metrics that are aligned with the goals and objectives of an organization. These metrics are usually actionable and measurable, making it possible to assess performance and make informed decisions to improve performance.

Question 14

An Extent of Condition is a type of Root Cause Analysis.

Accepted Answer

An Extent of Condition is a process used to determine the scope of a problem or condition, identifying how widespread it is, rather than identifying the underlying cause of the problem, which is the goal of Root Cause Analysis.

Question 15

Who is required under one or more of the standards to review the Business Continuity Management System at planned intervals?

Accepted Answer

Top Management is responsible for reviewing the effectiveness and adequacy of the Business Continuity Management System at planned intervals, as stated in ISO 22301 (7.3).

Question 16

RACI stands for :

Accepted Answer

RACI stands Responsible, Accountable, Consulted, Informed. This is a framework to define roles and responsibilities for each task/project within an organization.

Question 17

A nonconformity is any of the standard's requirements that were not met.

Accepted Answer

A nonconformity refers to a situation where a requirement of a standard is not met. Therefore, the statement "A nonconformity is any of the standard's requirements that were not met" is true.

Question 18

SMART stands for:

Accepted Answer

The correct acronym for SMART is "Specific, Measurable, Achievable, Relevant, Time-bound". However, the closest option is D which uses "Accountable" instead of "Achievable" but still covers the relevant criteria.

Question 19

The Information Technology department intends to change the process that all employees are now required to log onto the system each day with a password. What type of change management process should they use to introduce the change?

Accepted Answer

The change being introduced is a change in the organization's policy of accessing the system. Therefore, an organizational change management process should be used to ensure that the employees are aware of the change and are equipped with the necessary skills to adapt to the new process. A process change management process would be more appropriate if the change were to occur within an existing process or procedure. Emergency change would be used for urgent changes, and a change agent would be a person or group responsible for facilitating the change management process.

Question 20

Under one or more of the standards, Root Cause Analysis tools do not include:

Accepted Answer

Root Cause Analysis (RCA) tools typically include methodologies focused on identifying the fundamental cause of problems or events. While Failure Mode Effects Analysis (FMEA), Human Performance Improvement (HPI), and Bayesian Analysis are recognized tools or approaches used in RCA to analyze and solve problems or to predict the likelihood of failures, a Retrospective Cohort Study is a type of observational study used in medical and epidemiological research to compare outcomes of two groups who are alike in many ways but differ by a certain characteristic, not a direct tool for RCA.

Quiz 10: Continuous Improvement