Certified in Risk and Information Systems Control (CRISC) — Question 1079

Which of the following is the MOST effective way to help ensure senior management is informed about the organization's risk environment?

Answer options

• A. Recommend risk treatments to senior management to address risk.
• B. Implement a top-down approach to control implementation.
• C. Create a risk program that includes a bottom-up approach.
• D. Provide guidance to senior management on risk acceptance.

Correct answer: D

Explanation

Providing guidance to senior management on risk acceptance ensures they are aware of the risks the organization faces and how to manage them. While recommending treatments, adopting control strategies, and establishing programs are important, they do not directly inform management about risk acceptance, which is crucial for effective risk management.