Certified in Risk and Information Systems Control (CRISC) — Question 1012
The PRIMARY objective of collecting information and reviewing documentation when performing periodic risk analyses should be to:
Answer options
- A. survey and analyze historical risk data
- B. identify new or emerging risk issues
- C. understand internal and external threat agents
- D. satisfy audit requirements
Correct answer: B
Explanation
The primary goal of collecting information during periodic risk analyses is to identify new or emerging risk issues, which allows organizations to proactively address potential threats. While surveying historical data and understanding threat agents are important, they are secondary to recognizing new risks. Satisfying audit requirements is also necessary, but it is not the main objective of this process.