Certified in Risk and Information Systems Control (CRISC) — Question 1114

Which of the following should be done FIRST to enable consistent understanding of risk across the organization?

Answer options

• A. Prepare relevant risk scenarios for use across the organization.
• B. Develop risk awareness communications for the organization.
• C. Establish a common risk taxonomy for the organization.
• D. Embed risk management practices throughout the organization.

Correct answer: C

Explanation

Establishing a common risk taxonomy is crucial as it provides a shared language and framework for all stakeholders, ensuring that everyone understands risk in the same way. Without a common taxonomy, the risk scenarios and communications may vary in interpretation, leading to inconsistencies. The other options, while important, should follow after a clear taxonomy is in place.