Certified in Risk and Information Systems Control (CRISC) — Question 1104

Which of the following should be the PRIMARY basis for deciding whether to disclose information related to risk events that impact external stakeholders?

Answer options

• A. Management assertions
• B. Contractual requirements
• C. Regulatory requirements
• D. Stakeholder preferences

Correct answer: C

Explanation

The correct answer is C, as regulatory requirements often dictate the disclosure of information to external stakeholders for compliance and legal reasons. Management assertions, contractual requirements, and stakeholder preferences can be important but do not have the same level of obligation as regulatory requirements in ensuring transparency and protection for all parties involved.