Certified in Risk and Information Systems Control (CRISC) — Question 1020

An organization is considering the adoption of an aggressive business strategy to achieve desired growth. From a risk management perspective, what should the risk practitioner do NEXT?

Answer options

• A. Update risk awareness training to reflect current levels of risk appetite and tolerance.
• B. Identify new threats resulting from the new business strategy.
• C. Increase the scale for measuring impact due to threat materialization.
• D. Inform the board of potential risk scenarios associated with aggressive business strategies.

Correct answer: B

Explanation

The correct answer is B because identifying new threats is essential when adopting a new business strategy, as it allows the organization to proactively manage potential risks. Options A and C focus on adjusting current measures rather than addressing new threats, while D, although important, does not directly address the immediate need to identify risks stemming from the newly adopted strategy.