Certified in Risk and Information Systems Control (CRISC) — Question 1084

Which of the following scenarios is MOST important to communicate to senior management?

Answer options

• A. Risk scenarios that have been shared with vendors and third parties
• B. Accepted risk scenarios with detailed plans for monitoring
• C. Risk scenarios that have been identified, assessed, and responded to by the risk owners
• D. Accepted risk scenarios with impact exceeding the risk tolerance

Correct answer: D

Explanation

The correct answer is D because these scenarios indicate a level of risk that is unacceptable and requires immediate attention from senior management. Options A, B, and C, while important, do not highlight risks that could potentially have severe consequences on the organization's operations.