Which of the following does the TOGAF document describe as the risk categorization prior to determining and implementing mitigating actions?
Which of the following does the TOGAF document describe as the risk categorization prior to determining and implementing mitigating actions?
The correct answer is the initial level of risk. The TOGAF document describes the initial level of risk as the risk categorization prior to determining and implementing mitigating actions. This is the assessment made before any mitigation strategies are put into place.
27.1 Introduction There are two levels of risk that should be considered, namely: Initial Level of Risk: risk categorization prior to determining and implementing mitigating actions Residual Level of Risk: risk categorization after implementation of mitigating actions (if any) https://pubs.opengroup.org/architecture/togaf9-doc/arch/chap27.html
B. The initial level of risk
Correct Answer 27.1 Introduction There will always be risk with any architecture/business transformation effort. It is important to identify, classify, and mitigate these risks before starting so that they can be tracked throughout the transformation effort. Mitigation is an ongoing effort and often the risk triggers may be outside the scope of the transformation planners (e.g., merger, acquisition) so planners must monitor the transformation context constantly. It is also important to note that the Enterprise Architect may identify the risks and mitigate certain ones, but it is within the governance framework that risks have to be first accepted and then managed. There are two levels of risk that should be considered, namely: Initial Level of Risk: risk categorization prior to determining and implementing mitigating actions Residual Level of Risk: risk categorization after implementation of mitigating actions (if any)