Cisco Cyber Security Practice Exam

Which of the following is a key principle of due diligence in risk management?

• A. Ignore minor threats
• B. Document all processes and controls
• C. Focus only on financial impacts
• D. Trust employees to act correctly

The correct answer is: Document all processes and controls

A key principle of due diligence in risk management is to document all processes and controls. This practice is essential for several reasons. Firstly, comprehensive documentation ensures that there is a clear understanding of the procedures and policies implemented within the organization. This transparency is vital during risk assessments, as it allows stakeholders to identify potential vulnerabilities and assess the effectiveness of existing controls. Furthermore, thorough documentation serves as a reference point for training and onboarding new employees, helping them to understand the organization's risk framework. It also aids in regulatory compliance, as many industries require strict adherence to standards and the existence of documented processes to demonstrate that due diligence has been exercised. Lastly, having well-documented processes facilitates better communication among team members and departments. It ensures that everyone is aligned and informed about protocols, which is critical when responding to incidents or managing risks. In contrast, ignoring minor threats could lead to unforeseen consequences, while focusing solely on financial impacts overlooks other significant risks. Trusting employees to act correctly without adequate documentation undermines accountability and can result in inconsistencies in risk management practices. Therefore, documenting processes and controls stands out as a fundamental element in effectively managing risks and demonstrating due diligence.