Certified Governance Risk and Compliance (CGRC) Practice Exam

The correct choice is the risk register, which is specifically designed for documenting all identified risks associated with a project. It serves as a comprehensive record that includes proposed responses, current status, assigned owners, and other relevant details about each risk. The risk register is a living document that is updated throughout the project lifecycle, ensuring that all stakeholders have access to the most current risk information and can make informed decisions.

The risk management plan, while important for outlining the overall approach to managing risks, does not serve as the detailed log of each specific risk and its status. The stakeholder management strategy focuses on identifying and managing the relationships and requirements of stakeholders rather than risks, while lessons learned documentation is used to capture insights and experiences from the project after its completion, rather than tracking current risks and issues.