Certified in Risk and Information Systems Control (CRISC) — Question 100

Which of the following is the BEST way to identify changes in the risk profile of an organization?

Answer options

• A. Monitor key risk indicators (KRIs)
• B. Monitor key performance indicators (KPIs)
• C. Conduct a gap analysis
• D. Interview the risk owner

Correct answer: A

Explanation

Monitoring key risk indicators (KRIs) is the most effective way to identify changes in the risk profile, as these indicators specifically focus on potential risks. In contrast, key performance indicators (KPIs) measure performance outcomes, a gap analysis assesses discrepancies, and interviewing the risk owner may provide insights but lacks the systematic approach needed for ongoing monitoring.