Which of the following statements are true regarding the use of heat maps as risk assessment tools?
1. They focus primarily on known risks, limiting the ability to identify new risks.
2. They rely heavily on objective assessments and related risk tolerances.
3. They are too complex to provide an easily understandable view of key risks.
4. They are helpful but limited in value in a rapidly changing environment.
Which of the following are typical responsibilities for operational management within a risk management program?
1. Implementing corrective actions to address process deficiencies.
2. Identifying shifts in the organization's risk management environment.
3. Providing guidance and training on risk management processes.
4. Assessing the impact of mitigation strategies and activities.