Certified in Risk and Information Systems Control (CRISC) — Question 1111

Which of the following should be the PRIMARY area of focus when reporting changes to an organization’s risk profile to executive management?

Answer options

• A. Risk tolerance
• B. Risk management resources
• C. Risk trends
• D. Cyberattack threats

Correct answer: C

Explanation

The correct answer is C, as understanding risk trends provides valuable insights into how risks are evolving, which is crucial for informed decision-making by executive management. Options A, B, and D are important but do not directly reflect the changing nature of risk that executives need to be aware of in order to manage the organization's overall risk effectively.