Identifying and Managing Enterprise Security Risks in Online

NBIMC440 rue King Street, Tour York TowerFredericton, NB E3B 5H8Enterprise Risk Management FrameworkAugust 2007Updated: February 2008ContentsI.OverviewII.Risk Management PhilosophyIII.General Risk Management Activities IV.Types of Riska.Strategic Riskb.Investment Riskc.Operational RiskV.ConclusionsAppendix A: Risk Governance Structure Appendix B: Risk Management OutlineI.OverviewRisk is an inherent part of investing and therefore risk management is a very important component of our business and in reaching our primary goal to“…assist the plan sponsor in meeting the pension promise to itsmembers.”In order to meet this pension promise NBIMC has based its investment policies on the following two objectives:i.Maximize investment returns, andii.Protect accumulated assetsThe NBIMC Board of Directors, as outlined in section 2.6 of their Terms of Reference, is responsible for understanding the principal risk facing the corporation and the systems that management has put in place to mitigate and manage those risks as outlined in this document.While each Board Committee supports the Board’s risk management oversight in areas related to their specific mandate, the Audit Committee is specifically assigned the task of assisting the Board in its oversight of risk management.Our enterprise risk management framework has been put in place to integrate strong corporate oversight with a series of well-defined independent risk management systems and processes within the various NBIMC business teams. The process involves the participation of the NBIMC Board, management, and external service providers. An outline of the risk governance structure is provided in Appendix A.The following document presents NBIMC’s philosophy and management of risk by identifying:•the types of risks faced by the corporation in its normal business operations and, •what parties are accountable for monitoring each risk type, while also outlining the means and timing through which we seek to measure and manage these risks.An overall risk review is provided through the President’s Report at each quarterly Board Meeting, and a more detailed review of this Risk Framework and related issues is conducted annually by the Audit Committee and subsequently the Board.The corporation believes that this system will significantly contribute to providing the highest long-term risk adjusted returns possible to meet the actuarial requirements of our funds under management.II. Risk Management PhilosophyNBIMC bases the core of its investment decision making processes on the following Investment Beliefs:i.NBIMC is a relatively low risk investment manager when compared to itspeers.ii.Real Return Bonds, because of their long-term inflation-linked characteristics, are considered to be an excellent match for our pension liabilities.iii.New asset classes are introduced incrementally in order to progressively gain experience and to minimize transition costs.iv.The establishment of the appropriate asset mix for each of the funds under management is heavily influenced by both the actuarial profile and fundingstatus of each plan.v.NBIMC believes that market inefficiencies present opportunities to add value through active management.Given the importance that NBIMC places on comprehensively managing risks, each of the first four core beliefs of the corporation concern (either directly or indirectly) the management or reduction of risk.In general, NBIMC faces three major categories of risk related to its business activities; Strategic Risk, Investment Risk, and Operational Risk. Risk management is a primary responsibility of the Board of Directors and is guided by a specific Board approved Risk Management Policy. Oversight of specific risks may be delegated to one of the Board Committees as outlined in their Committee Terms of Reference.Board of Directors Risk Management ProcessNBIMC’s risk management process provides a general framework through which the corporation carries out its risk management activities, and is intended to:i.Ensure that NBIMC takes a proactive and systematic approach to identifyingand managing the risks inherent in its operations and environment ii.Ensure that there is agreement among NBIMC stakeholders (Board, senior management, and staff) as to its risk management priorities at any point intimeiii.Ensure appropriate involvement by the Board and senior management in setting the above prioritiesIII. General Risk Management ActivitiesIn general, risk management is a circular process, where potential risks are identified, methods to measure and manage these risks are designed and implemented, and systems are put in place to monitor the effectiveness of the original risk management systems, thus allowing for the identification of new potential risks.Risk management at NBIMC is based on several principles and assumptions designed to ensure that the Corporation takes a “proactive and systematic” approach to managing risk. Specifically, the Corporation believes through its Risk Management Policy that:i.Risk management is an input into, rather than a substitute for, the businessplanning process.ii.Establishing a risk framework is a necessary prerequisite to meaningful discussions on risk by NBIMC fiduciaries.iii.Due to its detailed understanding of the operations of the Corporation, management should play a leading role in identifying the primary risks of thecorporation. The role of the Board is to provide input into, and ultimatelyapprove, the risk management priorities identified by management, and toensure that management then develops a business plan and budget foraddressing the risk priorities.iv.Risk should be defined broadly enough to encompass all major aspects of the Corporation, including such areas as Investments, Administration, HumanResources, and Technology.v.No risk framework can be expected to identify or address every conceivable risk. It is important, therefore, that once adopted, the risk managementframework be continually refined and updated to reflect new risks once theyare identified.vi.At any point in time, the risks that can be identified will exceed the Corporation’s capacity to address them. Resources must therefore be focusedon those risks that are deemed to be the most critical.NBIMC manages risk through a number of processes: investment risk is measured and managed within various systems from both a policy perspective as well as an active management/relative return perspective, while operational risks are managed through the activities of various committees and policies. The following section provides details on the specific functioning of the risk systems, controls and responsibilities, with an emphasis on explaining the rationale for their existence, the techniques by which they operate, and the information they provide to senior management and the Board to aid in risk management decision making.IV. Types of RiskNBIMC has identified three main categories of risk related to its business activities. Within these sections we have also subdivided a number of specific risk areas in which we have assigned specific monitoring and control responsibilities and set out the specific measures used to achieve them.The following chart summarizes each of the three main risk categories and the respective specific risk elements.Strategic Risk Investment Risk Operational Risk Governance Investment Legal, Regulatory, and PolicyComplianceStrategyBusinessOperationsFiduciaryTechnologyBusinessEnvironmentHuman ResourcesReputationalExternal CommunicationThe following section outlines a more detailed description of each risk category and specific risk element that is reviewed by the corporation. A summary of this information is provided in a table contained in Appendix B.Category A: Strategic RiskStrategic risk is the risk of not achieving the Objects and Purposes of the Corporation (or mission) as outlined in the New Brunswick Investment Management Corporation Act, within the parameters provided in the legislation. It is significantly related to many of the other shorter term risks faced by the organization but manifests itself in the long-term time frame under which pension investment management activities are managed. NBIMC subdivides Strategic Risk as follows:Governance riskThis risk comes about through potential improper governance structures (including delegation of authority) between directors, senior management, and staff, leading to improper decision making in the Corporation. Good governance processes thatoutline key responsibility and accountability areas is a key part of overall riskmanagement.ResponsibilityThe NBIMC Act and By-Laws outline the governance responsibilities of theCorporation as well as related reporting obligations.The Board of Directors have set out a series of Board Policies that must befollowed, of which first and foremost are the Investment Policies for each fundunder management. The Board and each Board Committee also have Terms ofReference that outline their respective responsibilities.NBIMC management has developed an extensive Administration Manual andInvestment Procedures Manual that outline specific operational responsibilitiesand authorities. All staff members also have position descriptions that outlinetheir specific responsibilities.MeasuresThe Governance Committee of the Board of Directors oversees and coordinatesthe governance responsibilities of the organization.The Board of Directors, and Board Committees, meets at least quarterly. TheCorporation is also scheduled to appear annually before the Crown Corporation’s Committee of the Legislature.Business strategy riskThe risk of not developing, executing, or monitoring the business activities of the corporation in order to achieve the mission of the Corporation.ResponsibilityThe Board of Directors and management participate in creating a five-yearstrategic plan for the organization and review it on an annual basis.Management develops an annual business plan that is reviewed with the Board of Directors near the inception of each fiscal year. Progress against the plan isreviewed by the Board periodically throughout the year, and in measuring overall performance at year-end.MeasuresQuarterly Board Meetings and annual Strategic Plan review sessions (Board &Management)Fiduciary riskThe risk that fiduciary responsibilities are not fully respected or executed by NBIMC on behalf of its investment management and trustee responsibilities.ResponsibilityThe Board of Directors acts in a fiduciary capacity and do not represent anyspecific constituency. Their focus is therefore solely on the best interest of thefunds under management The Board is responsible for approving governingPolicies and also a Code of Ethics and Business Conduct that governs the ethical affairs of the corporation. Management is responsible for setting outadministrative and procedural guidelines.MeasuresDirectors and employees annually acknowledge understanding and compliancewith the Code of Ethics and Business Conduct. Management assembles acorporate Administration Manual and an Investment Risk ManagementCommittee meet on an ad-hoc basis to consider changes to an InvestmentProcedure Manual.NBIMC also has set-out a clear segregation of duties between the investmentoperations activity and the accounting and performance measurement activities of the corporation.Business environment riskThe risk that NBIMC is not continuously anticipating, monitoring, understanding, or reacting to external changes to the business environment in which NBIMC operates.ResponsibilityManagement and staff are primarily responsible for keeping abreast of industrydevelopments through media reports, legislative pronouncements, and bothongoing peer and supplier communication.MeasuresThe Corporation is an active participant in a number of industry relatedassociations such as the Pension Investment Management Association of Canada(PIAC), and the Canadian Coalition for Good Governance (CCGG). Management also actively participates in a number of global industry conferences which notonly provide up-to-date information on emerging industry issues, but providegood networking opportunities with personnel from peer institutional investmentorganizations.A number of employees are also members of professional associations such as theCFA Institute, CA, CGA organizations etc.Reputational riskThe risk of damage to our reputation, image, or credibility as a prudent and effective investment manager due to internal or external factors.ResponsibilityThe Board and Government of New Brunswick (as key stakeholder) haveinstituted a number of oversight and audit relationships that provide third partyassurance to the corporation’s reputation.MeasuresThe Government, as plan sponsor, appoints an Actuary to review the fundingposition and investment assumptions for the Fund’s under management. TheAuditor General for the Province also has reviewed the corporation’s activitiesfrom time-to-time.The Board, through its Audit Committee, annually appoints both an External and Internal audit firm to review and advise on various corporate activities.External communication riskThe risk of not effectively communicating the governance structure, strategic plan, operational activities, and performance of the corporation to stakeholders.ResponsibilityThe Chairperson of the Board and the President are responsible for all officialCommunication activities.MeasuresThe NBIMC Act outlines specific communication requirements for theCorporation that include the provision of an annual budget, and submission of an annual report including an auditor’s report.The corporation has undertaken to provide a number of other communicationactivities that have been outlined in further detail in Appendix B.Category B: Investment RiskThe risk that investments are not made in accordance with NBIMC’s mission and do not achieve the long-term return on investments as required by the Plan Sponsor for the Funds under management.ResponsibilityThe Board of Directors is responsible for the Investment Policy of the Fundsunder management. This policy sets out the benchmark portfolio asset weights,permitted asset weight deviations from the benchmark, performance benchmarks, permissible investments, and performance evaluation metrics.Management is responsible for developing and managing the underlyinginvestment strategy and program that operates within the Board approvedguidelines. This program is outlined in an Investment Procedures Manual. AnInvestment Risk Management Committee, made up of representatives from both the investment and administration teams, review any changes to investmentstrategies before they are included in the Procedures Manual.There are a number of significant areas of investment related risk which are outlined in more detail in the section below:Asset-Liability Mismatch (ALM)Investments are made to support the pension obligations of each Fund. ALMrisk refers to the risk that the investment portfolio held for a particular fundwill be insufficient to meet the obligations set out by the specific pensionobligation.MeasuresEach fund undergoes an actuarial valuation, as determined by the PlanSponsor, at a minimum of every three years. The Board determines anappropriate asset mix that is believed to best meet the future pensionobligations of each fund. Funding status estimates are monitored by the Boardon a quarterly basis between valuation dates.Management assists the Board’s decision by undertaking an asset liabilitystudy which attempts to identify the most efficient mix of financial assets thatwill meet or exceed the Sponsor’s required funding rate with the least amountof risk. Management has also developed a Policy Asset Mix Capital-at-Risk(PAM CaR) process that estimates and monitors the risk between the actualasset mix and the pension liability estimate. This calculation estimates themaximum change in value of the funding position of the Fund that would beexpected at a 95 percent confidence level over a one year time period. Thereport is distributed weekly to the Board Chair and to members of theInvestment Risk Management Committee.Active ManagementActive risk, also known as relative return risk, is the risk that actualinvestment returns do not meet the pre-specified benchmark portfolio andresult in under-performance versus those that would have resulted frompassive management.MeasuresThe Board approved Investment Policies outline the expected return and valueadded objectives in excess of those achieved by a passive managementapproach.Management utilizes a risk budgeting approach to active management whichlinks the amount of active risk taken with the overall active return target.Management has also developed a Capital-at-Risk (CaR) process thatestimates and monitors the risk of the active value added investment activities conducted by the investment staff. This calculation estimates the maximumchange in value of the relative value added to the benchmark that would beexpected at a 95 percent confidence level over a one year time period. Thiscalculation is distributed weekly to the Board Chair and to members of theInvestment Risk Management Committee.Market RiskMarket risk is broadly defined as the risk of a change in the value at which an investment portfolio could be sold due to exposure of the portfolio to certainunderlying variables. This risk is commonly considered to be the risk of anadverse change, or, the risk that the value of a portfolio will decline. NBIMCfaces market risk in virtually all of its investment portfolios, although thefundamental drivers of this risk tend to be unique, depending on thecomposition of the portfolio.MeasuresThe Board approved Investment Policies are developed in the context ofproviding a diversified portfolio of assets that will provide protection against a significant adverse change to any specific asset class.Management monitors market risk through the weekly PAM CaR processmentioned earlier.Benchmark RiskThe risk that the benchmarks used to evaluate investment performance do not appropriately reflect the underlying portfolio.MeasuresThe Investment Policies set out by the Board approve the appropriatebenchmarks for each investment asset class. These benchmarks are typicallystandards set out by the institutional investment industry and correspondclosely to those used by peer organizations.Credit RiskCredit risk is defined as the risk that a specific counterparty will not meet itsfinancial obligations as set out in a previously agreed upon contract. Creditrisk arises from numerous activities including the holding of investments in aspecific entity that require a scheduled repayment as well as through enteringinto derivatives transactions with various counterparties (banks/investmentdealers). Credit risk can manifest itself through changes in the market value ofa security or obligation, and is generally measured through procedures thatattempt to model the probability of default and / or loss.MeasuresThe Investment Policies set out by the Board provide limits in terms ofpermissible investments and credit quality requirements for a number ofinvestment alternatives.Management monitors this exposure through a monthly Counterparty CreditExposure reporting process.Liquidity RiskLiquidity Risk is the risk that an investment position can not be unwound oroffset in the financial markets in a timely fashion without enduring significant losses. An occurrence of this type could lead to NBIMC not being able tomeet payment obligations as they become due because of an inability toliquidate assets.MeasuresThe Board approved Investment Policies are developed with a considerationto the near term periodic cash flow requirements of each pension fund. Credit risk mitigation also ensures that investments are made in higher quality assets that tend to be more liquid in terms of transaction availability. Liquidity risk is also mitigated through the actions of a Trade Management OversightCommittee which is composed of senior NBIMC investment staff.Category C: Operational RiskOperational risk is generally considered to include all risks not arising out of investment or business strategy decisions of the firm. It concerns the risks arising from the loss of effectiveness or efficiency in the corporation from reliance on specialized internal processes.NBIMC has subdivided operational risk as follows:Legal, regulatory, and policy compliance riskThe risk of loss from illegal or inappropriate business practices or activities by the Corporation or its employees.ResponsibilityThe Board of Directors, or a Board Committee, is responsible for monitoring the Corporation’s compliance with legal, regulatory, and policy compliance.The Governance Committee of the Board is responsible for the oversight of theNBIMC Code of Ethics and Business Conduct. The Audit Committee isresponsible for the oversight of the Corporation’s financial reporting process.Senior management is responsible for the accurate preparation and completeness of the financial reporting prepared by the Corporation.MeasuresThe Board of Directors engage two independent accounting firms to act asexternal and internal auditors of NBIMC’s financial reporting and activities.Senior management reports to the Board quarterly with respect to InvestmentPolicy Compliance. They also present quarterly financial statements to the Audit Committee and Board for review.Management in conjunction with the Investment Finance and Corporate Services team also monitor and report on NBIMC’s compliance with both InvestmentPolicy and Investment Procedures Manual guidelines on a weekly basis.Operational riskThe risk of either direct or indirect loss resulting from inadequate or failed internal operational processes.ResponsibilityManagement is responsible to ensure operational efficiency.MeasuresThe corporation has developed both a comprehensive Administration Manual anda Business Continuity Plan in order to standardize operational processes and toenable an efficient continuity plan in the case of adverse events.Management has delineated a clear segregation of duties with respect totransaction initiation, authorization, and recording activities. Banking authorities and limits are also clearly set out.Each employee position has a specific job description, and cross training is usedextensively to provide back-up support. The corporation also has a mandatoryvacation policy.The Internal Auditor for the corporation also performs ad-hoc audit work in thisarea.Technology RiskNBIMC relies significantly on management information systems and communication technology. It is therefore exposed to the potential for material risk of direct or indirect loss resulting from inadequate or failed information technology.ResponsibilityManagement is responsible to ensure technological operational efficiency.MeasuresAs noted above, the corporation has developed both a comprehensiveAdministration Manual and a Business Continuity Plan. Management utilizes an Information Technology Risk Management Committee to help oversee anddevelop related initiatives throughout the corporation.Human Resources RiskThe risk of loss resulting from inadequate or failed internal human resource performance and from business practices that are inconsistent with generally accepted HR laws and practices.ResponsibilityThe Human Resources and Compensation Committee of the Board is responsible for oversight of the Corporation’s Human Resource policies.Senior Management is responsible for effective human resource activities with the help of a Human Resources Coordinator position. This includes the development of job descriptions for each employee, training and development activities, andannual performance reviews.MeasuresThe Human Resources and Compensation Committee has developed aCompensation Philosophy for the corporation. They annually review thecompetitive compensation landscape versus a group of peer institutional pensionfund managers, and periodically retain the services of an external consultant toprovide advice in this regard. The Committee also annually reviews and adviseson Management’s annual succession plan for key staff positions.Management maintains all human resource policies and procedures in thecorporation’s Administration Manual.V. ConclusionThis document presented a summary of NBIMC’s philosophy on the management of risk, discussed the risks that the Corporation is exposed to in the normal course of operations, and provided a brief overview of the investment risk management procedures that are currently employed by the corporation to aid in managerial decision making.NBIMC attempts to take an integrative point of view on the management of risk, and uses tools and processes available to it in various situations, such as quantitative tools for objective investment risks, and qualitative assessments for other risks such as operational risks.Risk management is, as mentioned, a circular process. The undertaking of risk management procedures often leads to the identification of previously unidentified sources of risk. For this reason, this document is expected to be a living document, and will be continually updated as NBIMC updates its risk management beliefs, objectives, and processes.Appendix A:Risk Governance StructureBoard of Directors and its CommitteesManagement and its CommitteesPlan Sponsor RelationshipsExternal Service ProvidersEnterprise Risk Management Framework Appendix B: Risk Management OutlineCore Risk Detailed Risk NBIMC Process and ReponsibilitySTRATEGICGovernance *NBIMC Act, By-Laws, Board Policy, Management Procedures, Annual Crown CorporationCommittee Appearance, Quarterly Board Governance CommitteeBusiness Strategy *Strategic Plan - 5 year cycle, Annual Business Planning Process, Regular Board MeetingsFiduciary Administration Manual, Procedures Manual, Code of Ethics (Annual Acknowledgement)Business Environment Senior Management Monitor, Industry Association InvolvementReputational *PNB Actuary Interaction, PNB Auditor General Interaction, External and Internal Audit RelationshipsExternal Communications *Centralized with President, Audit Committee Approves Ad-Hoc Press ReleasesAnnual Report, PSSA Consultation Committee Involvement, NBTA Pension Committee Involvement,Annual Crown Corporations Committee Appearance, Annual PNB Board of Management BudgetDiscussion, Quarterly PNB Board of Management Performance DiscussionINVESTMENTInvestment *Asset-Liability Studies (as per receipt of Actuarial analysis), Investment Policies (Board Approved),Investment Risk Management Committee, Weekly Relative & Nominal Risk Reports (CaR, PAM CaR),Monthly Counterparty Credit Exposure Report , Key Vendor Selection Policy (Board Approved),Trade Management Oversight Committee (TMOC)OPERATIONALLegal, Regulatory, and Policy Regular Board Meetings - President Report, Quarterly Board Audit Committee, Weekly InternalCompliance *Compliance Reports (Independent Team), Annual External Audit, Internal Audit Projects (external co.)Operational Administration Manual, Business Resumption Plan (external consultant)Technology *IT Risk Management Committee, Business Continuity Plan (external consultant)Human Resources *Board Human Resources & Compensation Committee, Annual Succession Plan, Administration Manual, CompensationPhilosophy, Peer Institutional Manager Compensation Survey participation and external consultant reviews.- Page 21 of 21 -。

内控合规管理英语Internal Control and Compliance Management.Internal control and compliance management are integral components of any successful organization, ensuring that operations run smoothly, risks are minimized, andregulations are adhered to. This article explores the concept of internal control and compliance management,their importance, and the strategies for effective implementation.Internal Control:Internal control refers to the system of procedures and policies adopted by an organization to safeguard its assets, ensure accurate financial reporting, promote operational efficiency, and comply with applicable laws and regulations. It is a proactive measure designed to prevent and detect errors, fraud, and mismanagement.The key elements of internal control are:1. Control Environment: It sets the tone for the organization, influencing the control consciousness of its people. It includes the board of directors' oversight, management's philosophy and operating style, and the allocation of authority and responsibility.2. Risk Assessment: It involves identifying, analyzing, and managing risks that could impact the organization's ability to achieve its objectives.3. Control Activities: These are the specific policies and procedures implemented to ensure that management directives are carried out and that necessary actions are taken to address identified risks.4. Information and Communication: Effective communication of relevant information throughout the organization is crucial for internal control. This includes both internal and external communication, such as reports, financial statements, and other regulatory filings.5. Monitoring: Ongoing monitoring of internal control systems ensures their effectiveness and identifies any necessary adjustments or improvements.Compliance Management:Compliance management refers to the processes and strategies used by organizations to ensure that they adhere to all applicable laws, regulations, and internal policies. Compliance management involves monitoring and enforcing compliance with these requirements, and taking corrective actions when necessary.Effective compliance management requires:1. Clear Policies and Procedures: Organizations must have clearly defined policies and procedures that guide employees' behavior and ensure compliance with external requirements.2. Training and Awareness: Regular training sessionsand awareness campaigns help employees understand the importance of compliance and their role in ensuring it.3. Monitoring and Enforcement: Regular monitoring of compliance with policies and regulations, coupled with enforcement mechanisms, ensures that violations are identified and addressed promptly.4. Audit and Review: Periodic audits and reviews of compliance management systems help identify any gaps or weaknesses and provide an opportunity for improvement.Strategies for Effective Implementation:Implementing effective internal control and compliance management systems requires a multi-faceted approach:1. Top-Down Commitment: Leadership commitment is crucial for the success of any internal control and compliance management initiative. Senior management should set the tone by demonstrating a strong commitment to compliance and fostering a culture of integrity andaccountability throughout the organization.2. Integration with Organizational Strategy: Internal control and compliance management should be integrated into the organization's overall strategy, ensuring that they are aligned with its objectives and goals.3. Ongoing Training and Development: Regular training sessions should be conducted to keep employees up-to-date on changes in laws, regulations, and internal policies. This helps ensure that they have the necessary knowledge and skills to comply with these requirements effectively.4. Use of Technology: Leveraging technology tools such as automated compliance monitoring systems and data analytics can significantly enhance the effectiveness of internal control and compliance management systems. These tools help identify patterns and trends that may indicate potential compliance issues, enabling proactive management of risks.5. Regular Reviews and Updates: Internal control andcompliance management systems should be reviewed regularlyto ensure their relevance and effectiveness. Updates should be made promptly to address any identified gaps or weaknesses.6. Encouraging a Speak-Up Culture: Organizations should create a culture that encourages employees to report any instances of non-compliance or unethical behavior. This can be achieved by providing anonymous reporting channels and ensuring that whistleblowers are protected from retaliation.In conclusion, internal control and compliance management are fundamental to the success of any organization. By implementing effective systems that promote integrity, accountability, and continuous improvement, organizations can safeguard their assets, ensure accurate financial reporting, and comply with applicable laws and regulations. By following thestrategies outlined in this article, organizations can establish robust internal control and compliance management frameworks that support their long-term sustainability and growth.。

1. Project: A project is a temporary endeavor with a defined beginning and end, undertaken to create a unique product, service, or result.2. Project Manager: The project manager is responsible for the planning, execution, and monitoring of the project to ensure its successful completion.3. Scope: The scope defines the work that is included in the project. It includes the deliverables, tasks, and resources required to complete the project.4. Schedule: The schedule is a timeline that outlines the start and end dates for each task in the project. It helps in tracking the progress of the project and ensures that it is completed on time.5. Budget: The budget is the financial plan for the project, including the costs of resources, labor, and materials required to complete the project.6. Risk: Risk is an uncertain event or condition that, if it occurs, hasa positive or negative impact on the project. Identifying and managing risks is an essential part of project management.7. Quality: Quality refers to the degree of excellence of the project deliverables. Ensuring quality throughout the project lifecycle is critical to project success.8. Stakeholder: A stakeholder is any individual, group, or organization that has an interest in or is affected by the project. Identifying and managing stakeholders is essential for project success.9. Communication: Communication is the process of sharing information between project stakeholders. Effective communication ensures that everyone is on the same page and helps in resolving conflicts.10. Change Management: Change management involves managing changes to the project scope, schedule, and budget. It ensures that any changes are properly documented and implemented.11. Quality Assurance: Quality assurance is the process of ensuring that the project deliverables meet the specified requirements and standards.12. Quality Control: Quality control is the process of monitoring and controlling the project deliverables to ensure that they meet the required quality standards.13. Project Life Cycle: The project life cycle is the sequence of phases that a project goes through from initiation to closure. It includes the following phases:a. Initiation: Defining the project scope, objectives, and stakeholders.b. Planning: Developing a detailed plan for the project, including the schedule, budget, and resources.c. Execution: Implementing the project plan and managing the project activities.d. Monitoring and Controlling: Tracking the project progress and ensuring that it is on schedule and within budget.e. Closing: Completing the project, documenting lessons learned, and celebrating the success.14. Critical Path Method (CPM): CPM is a project management technique used to determine the sequence of activities and the time required to complete a project.15. Program Management: Program management involves managing multiple related projects to achieve strategic business objectives.In conclusion, engineering project management is a dynamic and complex field that requires a comprehensive understanding of various concepts, techniques, and tools. The terms and words mentioned above are just a few examples of the many terms used in engineering project management. By familiarizing yourself with these terms, you will be better equipped to manage projects effectively and efficiently.。

计划管理学题目## Project Management.Project management is the process of planning, organizing, and managing resources to achieve a specific goal. It involves a wide range of activities, including:Defining the project scope and objectives.Creating a project plan.Identifying and managing risks.Managing resources.Communicating with stakeholders.Monitoring and evaluating project progress.Project management is a complex and challenging process,but it is essential for ensuring that projects are completed on time, within budget, and to the requiredquality standards.## The Importance of Project Management.Project management is important for a number of reasons. First, it helps to ensure that projects are completed on time and within budget. By creating a detailed project plan and identifying potential risks, project managers can helpto avoid delays and cost overruns.Second, project management helps to ensure thatprojects are completed to the required quality standards.By setting clear goals and objectives, and by monitoringand evaluating project progress, project managers can helpto ensure that projects meet the needs of stakeholders.Third, project management helps to improve communication and coordination among project team members. By creating a clear project plan and by holding regular meetings, project managers can help to ensure that everyoneis working towards the same goals.Finally, project management helps to reduce risk. By identifying and managing risks, project managers can help to mitigate the impact of potential problems. This can help to prevent delays, cost overruns, and quality problems.## The Project Management Process.The project management process typically involves the following steps:1. Initiation: This step involves defining the project scope and objectives, and creating a project plan.2. Planning: This step involves identifying and managing risks, and developing a detailed project schedule.3. Execution: This step involves implementing the project plan and managing project resources.4. Monitoring and Control: This step involves trackingproject progress and making necessary adjustments.5. Closure: This step involves completing the project and evaluating its success.## Project Management Tools and Techniques.There are a number of tools and techniques that can be used to help with project management. These include:Gantt charts: Gantt charts are a type of bar chartthat shows the schedule of a project.Critical path analysis: Critical path analysis is a technique for identifying the critical tasks in a project.PERT charts: PERT charts are a type of network diagram that shows the relationships between tasks in a project.Earned value management: Earned value management is a technique for measuring project progress.Risk management software: Risk management software can help project managers to identify and manage risks.## 中文回答：项目管理。

人力资源管理的英语英文回答：Human resource management (HRM) is the process of managing people in an organization to achieve its goals. It involves a wide range of activities, including:Recruitment and selection: Identifying and hiring the best candidates for open positions.Compensation and benefits: Determining and managing employees' pay and benefits.Training and development: Providing employees with the skills and knowledge they need to perform their jobs effectively.Performance management: Assessing and evaluating employees' performance.Employee relations: Managing relationships between employees and the organization.HRM is an essential function in any organization. It helps to ensure that the organization has the right people in place to achieve its goals, and that those people are motivated and engaged.中文回答：人力资源管理是为达到组织目标而管理组织中员工的过程。

QUESTION 1 Which of the following models would be most useful in helping to define an organizational structure?A.Service ModelB.Continual Service Improvement (CSI) ModelC.RACI ModelD.Plan, Do, Check, Act (PDCA) ModelAnswer: CQUESTION 2 Which of the following BEST describes a Service Desk?A.A process within Service Operation providing a single point of contactB.A dedicated number of staff answering questions from usersC.A dedicated number of staff handling Incidents and service requestsD.A dedicated number of staff handling service requestsAnswer: CQUESTION 3 Governance is concerned with:A.Measuring and improving the efficiency and effectiveness of processesB.Ensuring that agreed Service Level Requirements are metC.Ensuring that processes and procedures are correctly followedD.Reducing the total cost of providing servicesAnswer: CQUESTION 4 Which of these activities would you expect to be performed by a Service Desk? 1. Logging details of Incidents and service requests 2. Providing first line investigation and diagnosis 3.Restoring service 4. Diagnosing the root cause of problemsA.2, 3 and 4 onlyB.1, 2 and 4 onlyC.All of the other alternatives apply.D.1, 2 and 3 onlyAnswer: DQUESTION 5 Which of the following statements is CORRECT?A.Service Transition contains guidance on transferring services from strategy into the design phase of the Service LifecycleB.Service Design provides guidance for the development of services and service management processesC.Continual Service Improvement contains guidance on supporting IT operations through models such as shared servicesD.Service Operation ensures that organizations are in a position to handle the costs and risks associated with their service portfoliosAnswer: BQUESTION 6 Which of the following delivery strategies is described as, "Formal arrangements between two or more organizations to work together to design, develop, transition, maintain, operate and/or support IT services"?A.InsourcingB.MultisourcingC.Knowledge Process OutsourcingD.Application Service ProvisionAnswer: BQUESTION 7 How is the Service Catalogue used to add value to the service provider organization?A.Providing a central source of information on the IT services deliveredB.Showing the business impact of a changeC.Displaying the relationships between configuration itemsD.To predict the root cause of issues in the IT infrastructureAnswer: AQUESTION 8 The Service Catalogue can be BEST described as:A.A document used by Service Operations to identify activities that they must performB.A list of all business requirements that have not yet become servicesC.The part of the Service Portfolio that is visible to customersD.A list of all Service Level AgreementsAnswer: CQUESTION 9 What is the Service V Model used for?A.The day to day management of servicesB.Monitoring and measuring services as part of Continual Service Improvement (CSI)C.Identifying different levels of validation and testing that can be carried outD.Managing the five aspects of Service DesignAnswer: CQUESTION 10 Which of the following are valid examples of business value measures?1. Customer retention2. Time to market3. Service Architecture4. Market shareA.All of the alternatives applyB.1, 2 and 4 onlyC.1 and 2 onlyD.2 and 4 onlyAnswer: BQUESTION 11 Which stages of the Service Lifecycle does the 7 Step Improvement Process apply to?A.Service Design, Service Transition and Service OperationB.Service OperationC.Service Transition and Service OperationD.Service Strategy, Service Design, Service Transition, Service Operation and Continual Service ImprovementAnswer: DQUESTION 12 The three subprocesses of Capacity Management are:A.Business Capacity Management, Service Capacity Management and Component Capacity ManagementB.Business Capacity Management, Technology Capacity Management and Component Capacity ManagementC.Supplier Capacity Management, Service Capacity Management and Technology Capacity ManagementD.Supplier Capacity Management, Service Capacity Management and Component Capacity ManagementAnswer: AQUESTION 13 Which of the following statements is INCORRECTLY assigned to its book?A.contains guidance on transferring the control of services between customers and service providers: SERVICE TRANSITIONB.ensures that organization are in a position to handle the costs and risks associated with their service portfolios: SERVICE STRATEGYC.provides guidance for the development of services and service management processes: SERVICE DESIGND.contains guidance on supporting operations through new models and architectures, such as shares services: CONTINUAL SERVICE IMPROVEMENTAnswer: DQUESTION 14 How many numbered steps are in the continual service improvement (CSI) process?A.11B.4C.7D.6Answer: CQUESTION 15 Which process is responsible for recording the current details, status, interfaces and dependencies of all the services that are being run or being prepared to run in the live environment?A.service level managementB.service catalogue managementC.demand managementD.service transitionAnswer: BQUESTION 16 Which of the following is NOT a function?A.Technical ManagementB.Incident ManagementC.Service DeskD.Application ManagementAnswer: BQUESTION 17 Which of the following is NOT a responsibility of the Service design manager?A.Design and maintain all necessary service transition packagesB.take the overall service strategies and ensure they are reflected in the service design process and the service designs that are producedC.measuring the effectiveness and efficiency of service design and the supporting processesD.produce quality, secure and resilient designs for new or improved services, technology architecture, processes or measurement systems that meet all the agreed current and future IT requirements of the organization Answer: AQUESTION 18 Exhibit:Order the following continual service improvement (CSI) implementation steps into the CORRECT sequence in alignment with the plan, do check, act (PDCA) model. Please refer to the exhibit.A.2-3-4-1B.1-3-2-4C.3-4-2-1D.3-1-2-4Answer: DQUESTION 19 Which of the following is a valid role in the RACI Authority Matrix?A.ControlledB.ConfigurationC.ConsultedplexAnswer: CQUESTION 20 What does a service always have to deliver to its customers?A.infrastructureB.applicationsC.resourcesD.valueAnswer: DQUESTION 21 The two main parts of the service catalogue are:A.the business service catalogue and the technical service catalogueB.service levels and service costsC.the service portfolio and retired servicesD.service attributes and service capabilitiesAnswer: AQUESTION 22 RACI is an acronym for four roles. Which of the following is NOT one of the RACI roles?A.consultedB.ReliablermedD.accountableAnswer: BQUESTION 23 Which of the following is the CORRECT description of the Seven R's of Change Management?A.A set of questions that should be asked to help understand the impact of ChangesB.A definition of the roles and responsibilities required for Change ManagementC.A set of questions that should be asked when reviewing the success of recent changeD.A seven step process for releasing Changes into productionAnswer: AQUESTION 24 IT operations management have been asked by a customer to carry out non-standard activity that will cause them to miss an agreed service level target. How should they respond?A.they should escalate this decision to service strategyB.accept the request as they must support customer business outcomesC.make a decision based on balancing stability and responsivenessD.refuse the request because they must operate the service to meet the agreed service levelsAnswer: CQUESTION 25 The left-hand side of the service V model represents requirements and specifications. What does the right-hand side of the service V model represent?A.Performance and capacity requirements of services and IT infrastructureB.The business value that can be expected from a given serviceC.Validation and TestingD.roles and responsibilities for an effective service management implementationAnswer: CQUESTION 26 Which of the following processes are performed by the service desk? 1. capacity management 2. request management 3. demand management 4. incident managementA.2 and 4 onlyB.all of the alternatives applyC.2 onlyD.2, 3 and 4 onlyAnswer: AQUESTION 27 Which of the following BEST describes 'partners' in the phrase "people, processes, products and partners"?A.internal departmentsB.customersC.the facilities managerD.suppliers, manufacturers and vendorsAnswer: DQUESTION 28 Which of the following are the MAIN objectives of incident management? 1. to automatically detect service affecting events 2. to restore normal service operation as quickly as possible 3. to minimize the adverse impacts on business operationsA.all of the alternatives applyB.1 and 2 onlyC.2 and 3 onlyD.1 and 3 onlyAnswer: CQUESTION 29 One organization provides and manages an entire business or function for another organization. This is known as:A.business process outsourcingB.business function outsourcingC.business process managementD.knowledge process outsourcingAnswer: AQUESTION 30 The ITIL CORE publications are structured around the service lifecycle. Which of the following statements about ITIL complementary guidance is CORRECT?A.it consists of five publicationsB.it provides guidance to specific industry sectors and types of organizationC.it is also structured around the service lifecycleD.It provides the guidance necessary for an integrated approach as required by ISO/IEC 20000Answer: BQUESTION 31 Exhibit:Which of the following areas would technology help support during the service operation phase of the lifecycle? Please refer to the exhibit.A.2, 3 and 4 onlyB.All of the alternatives applyC.1, 2 and 3 onlyD.1, 3 and 4 only Answer: BQUESTION 32 Exhibit:Which of the following questions does guidance in service strategy help answer? Please refer to the exhibit.A.2 onlyB.3 onlyC.1 onlyD.all of the alternatives applyAnswer: DQUESTION 33 Which of the following is a sub-process of capacity management?ponent capacity managementB.process capacity managementC.technology capacity managementD.capability capacity managementAnswer: AQUESTION 34 Which of the following is a good metric for measuring the effectiveness of Service Level management?A.Customer satisfaction scoreB.number of services deployed within agreed termsC.average number of daily incidents managed by each service agentD.number of services in the service portfolioAnswer: AQUESTION 35 Which process is responsible for recording relationships between service components?A.service portfolio managementB.service asset and configuration managementC.incident managementD.service level managementAnswer: CQUESTION 36 Exhibit:Which of the following should be supported by technology? Please refer to the exhibit.A.1, 3 and 4 onlyB.1, 2 and 3 onlyC.2, 3 and 4 onlyD.all of the alternatives applyAnswer: DQUESTION 37 Which of the following activities is carried out in the "where do we want to be" step of the continual service improvement model?A.aligning the business and IT strategiesB.defining measurable targetsC.implementing service and process improvementsD.creating a baselineAnswer: BQUESTION 38 The ITIL CORE publications are structures around the Service Lifecycle. Which of the following statements about ITIL complementary guidance is CORRECT?A.It provides the guidance necessary for an integrated approach as required by ISO/IEC 20000B.It is also structured around the Service LifecycleC.It consists of five publicationsD.It provides guidance to specific industry sectors and types of organizationAnswer: DQUESTION 39 A service is not very reliable, but when it works it is of great value to the customer. This combination could be described as:A.high utility and low warrantyB.low utility and high warrantyC.low utility and low warrantyD.high utility and high warrantyAnswer: AQUESTION 40 . With which of the following processes is Problem Management least likely to interface on a regular basis?A.IT Financial ManagementB.Change ManagementC.Incident ManagementD.Availability ManagementAnswer: AQUESTION 41 . Which of the following places Problem Management activities in the correct order:A.Identify and record, classify, investigate and diagnose, raise an RFC, review the changeB.Investigate and diagnose, raise an RFC, classify, identify and recordC.Identify and record, investigate and diagnose, raise an RFC, classify, review the changeD.Review a change, classify, identify and record, investigate and diagnose, raise another RFCAnswer: AQUESTION 42 .Which of the following activities may, exceptionally, be omitted for an urgent change:1. Recording that the change has been made2. Testing the change3.Holding a CAB meeting4. Establishing a back-out planA.All of themB.2 and 4C.2 and 3D.3 and 4Answer: CQUESTION 43 . Why is Service Management so important to IT service providers?A.The success of many businesses depends upon the quality of their ITB.It's the only way to manage IT in the Internet ageC.It's contained within the IT Infrastructure LibraryD.It's the first non-proprietary initiative for the management of IT systemsAnswer: AQUESTION 44 . Which of the following is NOT the responsibility of the Release Management process?A.The physical aspects of software controlB.Ensuring that the accuracy of CMDB entries concerning software CIs is maintainedC.Helping to determine the software release policyD.Distributing softwareAnswer: BQUESTION 45 . A service-based (rather than a customer-based) SLA:A.Covers all services for a particular customerB.Covers a set of similar services, for a single customerC.Covers all servicesD.Covers a single service, for all of the customers of that serviceAnswer: DQUESTION 46 . Possible problems with Change Management include:A.Greater ability to absorb a large volume of changeB.Increased visibility and communication of changesck of ownership of impacted servicesD.Better alignment of IT services to actual business needsAnswer: CQUESTION 47 . Which of these is/are TRUE? 1. Functional escalation is an essential part of the Incident Management process 2. All calls to the Service Desk should be treated as incidents 3. Service Requests can be handled by Service Desk StaffA.1 and 3B.All three of themC.Only 1D.1 and 2Answer: AQUESTION 48 . Who must always authorize a Request for Change before the change is built and tested?A.The Configuration ManagerB.The Change InitiatorC.The Change ManagerD.Release ManagementAnswer: CQUESTION 49 . Why is there sometimes conflict between the goals of Incident Management and those of Problem Management?A.Because specialist support staff do not properly document the work-arounds they identify which consequently prevents the 1st line support staff from applying them the next time the incident occursB.Because Problem Management is often carried out by technical staff who also have operations responsibilities and who cannot allocate enough resources to problem solvingC.Because Problem Management is focusing on identifying permanent solutions and therefore the speed with which these solutions are found is of secondary importanceD.Because Problem Management staff rarely give feedback spontaneously, forcing the 1st line support staff to chase themAnswer: CQUESTION 50 . Which one of the following is NOT the responsibility of a Service Level Manager?A.Analyzing and reviewing agreed service levelsB.Maintaining the service catalogueC.Negotiating requests for serviceD.Assessing the full impact of proposed changes to services Answer: DQUESTION 51 . Which of the following statements is INCORRECT?A.Urgent and non-urgent changes follow the same Change Management processB.High risk, urgent changes should be considered by the CAB Emergency CommitteeC.Urgent changes need not necessarily be reviewed, unless there is time to do soD.The justification for urgent changes should always be based on sound business reasonsAnswer: CQUESTION 52 . In Availability Management, Confidentiality and Integrity are elements of:A.ReliabilityB.ServiceabilityC.SecurityD.MaintainabilityAnswer: CQUESTION 53 . At what point should capacity requirements of a proposed system be first considered?A.Leave it until the system is implemented and see if the system works O.K.B.As early as possibleC.When the Development Manager has completed testing and passes the system to Operations for operational testingD.Just before the system goes liveAnswer: BQUESTION 54 . Which of the following is NOT a valid attribute of a hardware CI?A.A supplier's part numberB.The cost of the itemC.A manufacturer's serial numberD.The number of items heldAnswer: DQUESTION 55 . Which of the following activities are NOT part of IT Accounting?A.Calculation of the costs of IT servicesC.Identification of costs by customer, service or activityD.Performing cost-benefit analyses to support decision makingAnswer: BQUESTION 56 . The major difference between a CMDB and an asset register is that CMDB holds information on:A.DocumentationB.SoftwareC.The IT environmentD.RelationshipsAnswer: DQUESTION 57 .Which of the following is least likely to be a direct benefit of implementing a formal Incident Management processA.Improved user satisfactionB.Incident volume reductionC.Elimination of lost incidentsD.Less disruption to both IT support staff and usersAnswer: BQUESTION 58 . Which of the following definitions best describes the IT Infrastructure Library (ITIL)?A.A documented framework of proven best practices in Service ManagementB.A prescriptive process for managing Service Improvement ProjectsC.A methodology for supporting and delivering IT servicesD.A quality standard in managing customer relationshipsAnswer: AQUESTION 59 . The stages in the Incident Management process are:A.Logging, allocation, classification, initial support, communication, resolutionB.Logging, initial support, detection, recording, classification, investigation, recovery and closureC.Detection, classification, investigation, recording, recovery, resolution and closureD.Detection, recording, classification, initial support, investigation, diagnosis, resolution, recovery and closureAnswer: DQUESTION 60 . Which of the following terms or phrases are associated with resilience?1. Redundancy2. Fault tolerance3. On-site spares4. DuplexingA.2, 3 and 4B.All of themC.1 and 4D.1, 2 and 4QUESTION 61 . If the IT Service Continuity plan had to be invoked during a crisis, what would be the role of the organization's senior managers?A.Progress reportingB.Leading the recovery teamsC.Co-ordinating and directing activities, arbitrating and allocating resourcesD.Executing recovery instructionsAnswer: CQUESTION 62 . Capacity Management is responsible for ensuring the capacity of the IT Infrastructure matches the evolvingdemands of the business in the most cost effective and timely manner. Which of the following is NOT part of this responsibility?A.Monitoring performance and throughput of individual IT componentsB.Tuning systems to make most effective use of IT resourcesC.Purchasing resources for the IT InfrastructureD.Influencing customer behaviour to optimise the use of IT resourcesAnswer: CQUESTION 63 . Which of the following are NOT operational costs?A.StaffB.ConsultancyC.A mainframe purchaseD.Accommodation rentalAnswer: CQUESTION 64 . Which of the following statements is FALSE?A.If the root cause and a temporary work-around have been identified for a problem it becomes a known errorB.All known errors need to be resolved to user satisfactionC.A known error can be kept open when a work-around is being usedD.Incidentsare not the only source of known errorsAnswer: BQUESTION 65 . The Requirements and Strategy phase of the Business Continuity Life-cycle comprises:A.Initial testing, Education and Awareness and Assurancecation and Awareness, Review and Auditanization and Implementation Planning and Risk Reduction MeasuresD.Business Impact Analysis, Risk Assessment and Business Continuity StrategyAnswer: DQUESTION 66 . Which of these statements reflect the activities of IT Financial Management?1. IT Financial Management may calculate the prices to be charged for IT services2. IT Financial Management ensures that the IT department charges those who benefit from ITA.Only 1B.Only 2C.NeitherD.1 and 2Answer: AQUESTION 67 . During the release planning stage you identify that the changes you are about to make to a service will necessitate changes in related software systems. Once all the changes have been fully tested, which type of release will be used to deliver them into the live environment?A.Full ReleaseB.Package ReleaseC.EmergencyD.Delta ReleaseAnswer: BQUESTION 68 . Typically the decision on what should be the lowest level of CI recorded is influenced mostly by:A.The reliability of the CIsB.The level at which components will be independently changedC.The suitability of the available software to hold the informationD.The availability of spares for CIsAnswer: BQUESTION 69 . As part of your IT Continuity Planning you have been asked to undertake a comprehensive Risk Analysis. Which of the following is most likely to be of use to you in drawing up your plan?A.The Forward Schedule of Change, produced by Change ManagementB.A Service Catalogue plus an understanding of the business criticality of each of the servicesC.A list of Services and Operational Level AgreementsD.A report produced by Incident Management detailing the incidents affecting IT Services over the last monthAnswer: BQUESTION 70 . An overhead would normally be regarded as which of the following?A.A discounted chargeB.The market priceC.An indirect costD.A direct costAnswer: CQUESTION 71 . Consider the following activities:1. The analysis of raw data2. The identification of trends3. The definition of Service Management processes4. The implementation of preventive measures Which of the above should be easier after implementing a good IT Service Management software tool?A.All of themB.2 and 3C.None of themD.1, 2 and 4Answer: DQUESTION 72 . The CMDB:A.Must be available for update 7 x 24 if any of the services supported by the IT supplier are available 7 x 24B.Is updated by Configuration Management staff at the end of each working dayC.Holds information that will be useful to the majority of IT Service Management processesD.Must be verified for accuracy monthly with trend reports on errors distributed to management quarterlyAnswer: CQUESTION 73 . Which of the following is NOT a valid method of tuning?A.Balancing disc trafficB.Making more efficient use of processing capacityC.Installing a new serverD.Balancing workloadsAnswer: CQUESTION 74 . For an organization implementing the ITIL IT Service Management processes which of the following statements is most accurate?A.The full benefits will only be realized if all IT staff are fully qualified in IT Service Management.B.The full benefits will only be realized if Incident & Problem Management processes are implemented first.C.The full benefits will only be realized if the business requirements are first ascertained and then the processes are implemented in an integrated way.D.The full benefits will only be realized if regular reviews are undertaken with customers.Answer: CQUESTION 75 . Which of the following would NOT be a performance measurement for the Service Level Management function?A.Whatpercentage of services are covered by SLAs?B.Are service review meetings held on time and correctly minute?C.Are customer perceptions of service improving?D.How many services are included within the CMDB?Answer: DQUESTION 76 . Which of the following is NOT an element of Availability Management?A.VerificationB.SecurityC.ReliabilityD.MaintainabilityAnswer: AQUESTION 77 . Which of the following statements is TRUE?A.Physical copies of all CIs are stored in the DSLB.Release Management is responsible for managing the organization's rights and obligations regarding softwareC.The DSL contains source code onlyD.A change may only be developed from non-definitive versions of software in the case of an urgent release Answer: BQUESTION 78 . Which of the following metrics would you most associate with the Service Desk?A.The number of high priority incidents occurringB.The support team which resolves the greatest number of problemsC.The number of problems solved in a dayD.The mean time between failureAnswer: AQUESTION 79 .Potential benefits from managing IT Service Continuity are:1. Lower insurance premiums2. Fulfillment of mandatory or regulatory requirements3. Reduced business disruption in the event of a disaster4. Better management of risk and the consequent reduction of the impact of failureA.2 and 4B.2, 3 and 4C.All of themD.1, 2 and 4Answer: C。