Certified in Risk and Information Systems Control (CRISC) — Question 1071

The PRIMARY reason to implement a formalized risk taxonomy is to:

Answer options

• A. reduce subjectivity in risk management
• B. comply with regulatory requirements
• C. demonstrate best industry practice
• D. improve visibility of overall risk exposure

Correct answer: A

Explanation

The correct answer, A, highlights that a formalized risk taxonomy helps to standardize the assessment and categorization of risks, reducing variability in interpretations. While options B, C, and D may be benefits of having a risk taxonomy, they are not the primary reason for its implementation, which focuses on minimizing subjectivity.